narendar-hub

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

narendar-hub / log4j_rce_detection.md

Created December 13, 2021 13:30 — forked from Neo23x0/log4j_rce_detection.md

Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log

narendar-hub / log4j-keywords

Created December 13, 2021 12:15 — forked from bugbountynights/log4j-keywords

	${ctx:loginId}
	${map:type}
	${filename}
	${date:MM-dd-yyyy}
	${docker:containerId}
	${docker:containerName}
	${docker:imageName}
	${env:USER}
	${event:Marker}
	${mdc:UserId}