letsroot lsr00ter

## 20211210-TLP-WHITE_LOG4J.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                lsr00ter
                / 20211210-TLP-WHITE_LOG4J.md
            
            
              Created
              December 12, 2021 07:14
                — forked from SwitHak/20211210-TLP-WHITE_LOG4J.md
            
              
                BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-12 0023 UTC
              
          
    Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228)
Errors, typos, something to say ?


If you want to add a link, comment or send it to me
Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

A

Akamai : https://www.akamai.com/blog/news/CVE-2021-44228-Zero-Day-Vulnerability

Apache Druid : apache/druid#12051

Apache Flink : https://flink.apache.org/2021/12/10/log4j-cve.html


## gist:c406c3ba5bd252714c01b7c9c53caea5
From: http://redteams.net/bookshelf/
Techie

    Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
    Social Engineering: The Art of Human Hacking by Christopher Hadnagy
    Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
    The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
    Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
    Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
    The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors

## apk_params.txt
MD
TermUrl
a
adjust_campaign
alternatives
amount
app
app_id
appname
avoid

## centos_setup.sh
#!/bin/bash

# Base box setup steps

# Do the steps below as root user
sudo su

# The steps below are based on a clean install on
# CentOS 7 (build 1608)
# http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-1608.raw.tar.gz

## all.txt

.
..
........
@
*
*.*
*.*.*
ðŸŽ

## python-nmap_example.py
# http://xael.org/norman/python/python-nmap

# lets check for common ports using nmap
import nmap
nmScan = nmap.PortScanner()
nmScan.scan('127.0.0.1', '0-1023')
for port in nmScan['127.0.0.1']['tcp']:
    thisDict = nmScan['127.0.0.1']['tcp'][port]
    print 'Port ' + str(port) + ': ' + thisDict['product'] + ', v' + thisDict['version']
	From: http://redteams.net/bookshelf/
	Techie

	Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
	Social Engineering: The Art of Human Hacking by Christopher Hadnagy
	Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
	The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
	Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
	Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
	The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors
	MD
	TermUrl
	a
	adjust_campaign
	alternatives
	amount
	app
	app_id
	appname
	avoid
	#!/bin/bash

	# Base box setup steps

	# Do the steps below as root user
	sudo su

	# The steps below are based on a clean install on
	# CentOS 7 (build 1608)
	# http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-1608.raw.tar.gz
	# http://xael.org/norman/python/python-nmap

	# lets check for common ports using nmap
	import nmap
	nmScan = nmap.PortScanner()
	nmScan.scan('127.0.0.1', '0-1023')
	for port in nmScan['127.0.0.1']['tcp']:
	thisDict = nmScan['127.0.0.1']['tcp'][port]
	print 'Port ' + str(port) + ': ' + thisDict['product'] + ', v' + thisDict['version']