Skip to content

Instantly share code, notes, and snippets.

View colin-morrell's full-sized avatar

Colin Morrell colin-morrell

3 followers · 5 following
  • Los Angeles, CA
View GitHub Profile
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active May 4, 2024 18:20
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active January 28, 2024 08:19
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@yassineaboukir
yassineaboukir / List of API endpoints & objects
Last active April 27, 2024 09:32
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@epixoip
epixoip / 8x1080.md
Last active March 20, 2024 17:14
8x Nvidia GTX 1080 Hashcat Benchmarks