- https://github.com/pimps/JNDI-Exploit-Kit
- https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf
- https://github.com/huntresslabs/log4shell-tester
- https://blog.cloudflare.com/inside-the-log4j2-vulnerability-cve-2021-44228/
- https://www.govcert.gov.hk/en/alerts_detail.php?id=700
- https://www.lunasec.io/docs/blog/log4j-zero-day/
- https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046
- https://news.sophos.com/en-us/2021/12/12/log4shell-hell-anatomy-of-an-exploit-outbreak/
- https://nvd.nist.gov/vuln/detail/CVE-2021-45046
- https://securityboulevard.com/2021/12/log4shell-jndi-injection-via-attackable-log4j/
- https://blog.sebastian-daschner.com/entries/log4shell-and-how-to-fix
- https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
- https://govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/#fn:2