Ilia Dafchev idafchev

## ioctl_translator.py
import argparse
import sys

def auto_int(x):
    return int(x, 0)


# Modded by Matteo 'uf0' Malvica - 2021
# The following code is taken from
# https://github.com/mwrlabs/win_driver_plugin/blob/master/win_driver_plugin/ioctl_decoder.py

## log4j_rce_detection.md

      
              1 file
            
          
              72 forks
            
          
              70 comments
            
          
              512 stars
            
          
                Neo23x0
                / log4j_rce_detection.md
            
            
              Last active
              January 28, 2024 08:19
            
              
                Log4j RCE CVE-2021-44228 Exploitation Detection
              
          
    log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
	import argparse
	import sys

	def auto_int(x):
	return int(x, 0)


	# Modded by Matteo 'uf0' Malvica - 2021
	# The following code is taken from
	# https://github.com/mwrlabs/win_driver_plugin/blob/master/win_driver_plugin/ioctl_decoder.py