- The Log-Structured Merge-Tree (LSM-Tree)
- B-Tree vs Log-Structured Merge-Tree
- Modern B-tree techniques
- LSM-based Storage Techniques: A Survey
- B-tree Indexes and CPU Caches by Goetz Graefe and Per-Åke Larson
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log
and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
#! /usr/bin/env python3 | |
''' | |
Needs Requests (pip3 install requests) | |
Author: Marcello Salvati, Twitter: @byt3bl33d3r | |
License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License) | |
This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021. |
Hope you will find answers to these questions in this example-based article.
Edit Dockerfile to enable JMX server and change the hostname with the IP where the container will run:
FROM openjdk:8-jre-alpine
ADD ./target/app.jar app.jar
EXPOSE 8080
ENTRYPOINT java -Dcom.sun.management.jmxremote.rmi.port=9090 -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=9090 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.local.only=false -Djava.rmi.server.hostname=192.168.1.2 -jar app.jar
public class RepositoryImpl<T, ID extends Serializable> | |
extends SimpleJpaRepository<T, ID extends Serializable> { | |
ProjectionFactory projectionFactory; | |
public <P> List<P> findProjected(Specification<?> spec, Sort sort, Class<P> projectionClass) { | |
CriteriaBuilder criteriaBuilder = entityManager.getCriteriaBuilder(); | |
CriteriaQuery<Tuple> tupleQuery = criteriaBuilder.createTupleQuery(); | |
Root<?> root = tupleQuery.from(getDomainClass()); |
package test | |
import scala.concurrent.duration._ | |
import io.gatling.core.Predef._ | |
import io.gatling.http.Predef._ | |
import io.gatling.jdbc.Predef._ | |
class LoginTest extends Simulation { |
mkdir temp && cd temp | |
# for linux 'amd64' architecture install those packages: | |
sudo apt-get install libx11-6:i386 libpam0g:i386 libstdc++5:i386 lib32z1 lib32ncurses5 lib32bz2-1.0 | |
wget https://vpnportal.aktifbank.com.tr/SNX/INSTALL/snx_install.sh | |
sudo ./snx_install.sh | |
cd .. && rm -rf temp/ |