A curated list of awesome links related to the Log4Shell vulnerability.
- Explanation
- Videos
- Vulnerable Software
- Detection & Remediation
- Twitter Discussions
- Examples & Proofs of Concept
- Contribute
- MITRE CVE - Official CVE page from MITRE.
- Snyk Blog Writeup - Java Champion Brian Vermeer's in depth explanation of the Log4Shell vuln.
- SANS - Initiall analysis and follow up.
- Fastly Blog - Impact, how it works, and timeline.
- Luna Sec - Good tips for detection and remediation.
- Tech Solvency - List of affected vendors and writeups.
- Cado Security - Analysis of the attacks in the wild.
- Rapid7 - Analysis, remediation, and detection.
- Cloudflare - Cloudflare analysis of payloafds in the wild.
- Exploiting JNDI injections in Java - Previous article on JNDI injection exploits.
- SLF4J - Comments from SLF4J project.
- CVE-2021-44228 - Log4j - MINECRAFT VULNERABLE! (and SO MUCH MORE) - John Hammond, Cybersecurity Researcher @HuntressLabs.
- Blackhat2016 - JNDI manipulation to RCE Dream Land - Blackhat talk from 2016 describing the exploit path.
- NCSC-NL repository - National Cyber Security Centrum list of vulnerable/non-vulnerable software.
- Swithak - List of vendor advisories related to log4shell.
- Elastic - Deep dive into which versions of Elastic are vulnerable and how to fix.
- CISA - CISA list of vulnerable software.
- Snyk Detection and Remediation - Find and fix using Snyk.
- Remediation cheat sheet - Remediation cheat sheet from Snyk.
- Log4Shell Tester from Trendmicro - Tool to determine vulnerability.
- Curated Intelligence Trust Group - Aggregated list of indicators of compromise feeds and threat reports.
- Community Sourced Log4J Attack Surface - List of Log4j attack vectors in popular manufacturers' products.
- MSSP Alert - Good mitigation practices.
- log4shell-detector - Checks logs for exploitation attempts.
- Huntress vulnerability tester - Web based tester.
- Container scanners - How to detect using container scanners.
- Bash IOC scanner - Latest Fenrir supports checking for log4shell compromise and vulnerability.
- Burp Plugin detector - Burp plugin to detect vulnerable hosts.
- Threatview IP list - List of IP addresses currently exploiting log4shell.
- LizardLabs query tool - Search for vulnerable jar files using MS Log Parser.
- Canary tokens - Use a canary token to test for vulnerable systems.
- Exploit Strings data - JNDI exploit strings seen in the wild by Rapid7.
- Log4Shell spreadsheet - Spreadsheet for defenders listing vendors and products.
Contributions welcome! Read the contribution guidelines first.