Skip to content

Instantly share code, notes, and snippets.

View SteveHH72's full-sized avatar

Stephan SteveHH72

4 followers · 21 following
  • Hamburg
  • 14:03 (UTC +01:00)
View GitHub Profile
@SteveHH72
SteveHH72 / log4j_rce_detection.md
Created December 13, 2021 06:58 — forked from Neo23x0/log4j_rce_detection.md
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log