├── LICENSE
├── README.md
└── assets
└── log4shell_explained.png
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2021 Mitiga
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # **log4shell-everything** – One place for all valuable things about Log4Shell.
2 | ### A continually updated page for valuable Log4Shell resources and useful links.
3 | Last update: Monday, 15 December 2021, 02:17 ET
4 |
5 | ## Background
6 | Security teams all over the world are rushing to deal with the new critical zero-day vulnerability dubbed Log4Shell.
7 |
8 | This vulnerability in Apache Log4j, a popular open-source Java logging library, has the potential to enable threat actors to compromise systems at scale.
9 |
10 | Read more about this in our [blog post](https://www.mitiga.io/blog/log4shell-everything-in-one-place).
11 |
12 | Here is a curated list of everything that you should know, and everything you should do.
13 |
14 |
15 | ## Detection
16 |
17 | Name|Description|Source|Link|
18 | :---|:---|:---|:---|
19 | Logout4Shell|Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell|GitHub/Cybereason|[Link](https://github.com/Cybereason/Logout4Shell)|
20 | log4shell-detector|Detector for Log4Shell exploitation attempts|GitHub/Neo23x0|[Link](https://github.com/Neo23x0/log4shell-detector)|
21 | Log4ShellScanner|Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers|GitHub/mwarnerblu|[Link](https://github.com/mwarnerblu/Log4ShellScanner)|
22 | burp-log4shell|Log4Shell scanner for Burp Suite|GitHub/silentsignal|[Link](https://github.com/silentsignal/burp-log4shell)|
23 | nse-log4shell|Nmap NSE scripts to check against Log4Shell vulnerabilities|Githuib/Diverto|[Link](https://github.com/Diverto/nse-log4shell)|
24 | Log4jScanner|Scans only internal subnets for vulnerable log4j|Githuib/proferosec|[Link](https://github.com/proferosec/log4jScanner)|
25 |
26 |
27 | ## Remediation
28 |
29 | Name|Description|Source|Link|
30 | :---|:---|:---|:---|
31 | Malicious domains|List of callback servers, used by attackers|Greynoise|[Link](https://gist.github.com/superducktoes/9b742f7b44c71b4a0d19790228ce85d8)|
32 | Malicious IPs|List of scanning IP addresses|Greynoise|[Link](https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217)|
33 | Hashes for vulnerable Log4J version|A list created to help organizations find vulnerable versions|GitHub/mubix|[Link](https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes)|
34 | Log4Shell sample vulnerable application |A vulnerable Spring Boot web application|GitHub/christophetd|[Link](https://github.com/christophetd/log4shell-vulnerable-app)|
35 | Log4j Hotpatch|Tool that hotpatches a running JVM process|Amazon/Corretto|[Link](https://github.com/corretto/hotpatch-for-apache-log4j2)|
36 |
37 |
38 | ## Vendor Advisories and Affected Componenets
39 |
40 | Name|Description|Source|Link|
41 | :---|:---|:---|:---|
42 | Log4jAttackSurface|List of manufacturers and components affected by the Log4j vulnerability|YfryTchsGD|[Link](https://github.com/YfryTchsGD/Log4jAttackSurface)|
43 | AWS - Security Bulletins|Update for Apache Log4j2 Issue |AWS|[Link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/)|
44 | Google Cloud|Google Cloud’s security advisory|Google Cloud|[Link](https://cloud.google.com/log4j2-security-advisory)|
45 | Apache Logging Services|Apache Log4j security vulnerabilities|Apache|[Link](https://logging.apache.org/log4j/2.x/security.html)|
46 | Microsoft Security blog|Guidance for preventing, detecting, and hunting for Apache Log4j2 Issue |Microsoft|[Link](https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/)|
47 | Salesforce|Update for Apache Log4j2 Issue |Salesforce|[Link](https://status.salesforce.com/generalmessages/826)|
48 | Cisco|Log4j Developer Response|Cisco|[Link](https://blogs.cisco.com/developer/log4jdevresponse01?ccid=appdynamics-page&dtid=linkedin&oid=michaelchenetz-fy22-q2-0000-log4jdevresponse01-ww)|
49 | Log4Shell log4j vulnerability (CVE-2021-44228) - cheat-sheet reference guide|List of vendors' responses|Tech Solvency / Royce Williams|[Link](https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/)|
50 | Security Advisories / Bulletins linked to Log4Shell |List of vendors' responses|GitHub/SwitHak|[Link](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592)|
51 | log4j-log4shell-affected|Lists of affected components and affected apps/vendors|GitHub/authomize|[Link](https://github.com/authomize/log4j-log4shell-affected)|
52 |
53 |
54 | ## Indicators of Compromise
55 |
56 | Name|Description|Source|Link|
57 | :---|:---|:---|:---|
58 | Indicators-of-Compromise|List of IoC to detect exploits of Log4Sell|Blumira|[Link](https://github.com/Blumira/Indicators-of-Compromise/tree/main/CVE-2021-44228)|
59 | Log4Shell(CVE-2021-44228) related attacks IOCs|List of Indicators of compromise related Log4Sell attack|GitHub/RedDrip7|[Link](https://github.com/RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs)|
60 | Exploitation-of-Log4j2|List of Indicators of compromise identified by Threatview.io|GitHub/Malwar3Ninja|[Link](https://github.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-44228/blob/main/Threatview.io-log4j2-IOC-list)|
61 | List of IP and Domains|Domains and IP’s that have been observed to listen for incoming connections|nccgroup|[Link](https://research.nccgroup.com/2021/12/12/log4shell-reconnaissance-and-post-exploitation-network-detection/)|
62 | Log4Shell-IOCs|A list of IOC feeds and threat reports focused on the recent Log4Shell exploit |GitHub/curated-intel|[Link](https://github.com/curated-intel/Log4Shell-IOCs)|
63 |
64 |
65 |
66 | ## Notable Blog Posts and Tweets
67 | Communities, lists, discussion boards, newsletters, channels, chats, etc.
68 |
69 | Name|Description|Source|Link|
70 | :---|:---|:---|:---|
71 | Aggregated Log4j Help Guide|List of dozens of open source resources including: Update/Patch, Vendor Advisories, Vulnerability/Exploitation Detections, and much more.|NCC Group|[Link](https://www.reddit.com/r/blueteamsec/comments/rd38z9/log4j_0day_being_exploited/)|
72 | Video - Log4j Industry Impact|Video discussing Log4j and it’s potential impacts across the ecosystem|Youtube|[Link](https://www.youtube.com/watch?v=5-GkpxbZ9Zw)|
73 | Log4Shell Vulnerability Tester|Free tool to test whether your applications are vulnerable|Huntress|[Link](https://log4shell.huntress.com)|
74 | Non-Technical Log4j Breakdown|Explaining Log4j for non-technical people|Twitter/@Emy|[Link](https://twitter.com/entropyqueen_/status/1469606438632833027)|
75 | Log4Shell Report|Booklet including Vulnerability Assessment & Mitigation w/ dozens of additional resources.|The Cyber Security Hub (1.3 Million Followers)|[Link](https://www.linkedin.com/posts/the-cyber-security-hub_log4shell-exploit-report-activity-6875729462323945472-6y6n)|
76 | Detecting Log4j in Your Applications|How to detect Log4j Vulnerability in your applications|InfoWorld|[Link](https://www.infoworld.com/article/3644492/how-to-detect-the-log4j-vulnerability-in-your-applications.html)|
77 | Govcert Log4j Update|Log4j in a nutshell. From attack to prevention.|Swiss Govcert|[Link](https://www.govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/)|
78 | Video - Log4j Detection|Exactly what you need to know about log4j , how to demo it, detect it, & how to respond.|Youtube|[Link](https://www.youtube.com/watch?v=GvS-V27kFps)|
79 | Check Point Log4j Inforgraphic|Inforgraphics and statistics|Check Point|[Link](https://www.checkpoint.com/wp-content/uploads/log4j-pandemic-visualization.jpg)|
80 | Second log4j Vulnerability 🆕 |Details about CVE-2021-45046|LunaSec|[Link](https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/)|
81 |
82 |
83 |
84 | ## Log4Shell Explained
85 | 
86 |
87 |
88 |
89 | ## Contact us
90 | In order to add items to the list, email us at [contact@mitiga.io](mailto:contact@mitiga.io) or [contact as directly](https://www.linkedin.com/in/ormatt).
--------------------------------------------------------------------------------
/assets/log4shell_explained.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitiga/log4shell-everything/01f7531c3469a845e70686b7aeb8a47202acaad2/assets/log4shell_explained.png
--------------------------------------------------------------------------------