Compiling valuable links as I find them documenting CVE-2021-44228 or Log4J
- Existing Log4J 1.2 vulnerability CVE-2019-17571 is also potentially present
- Apache Log4J Version 2.x Security Information
- VMWare critical vulnerability advisory
- Cisco product vulnerability announcement
- Sophos products affected
- Microsoft’s response to CVE-2021-44228
- Microsoft mitigation strategy
- CISA Cyber Hygine Services
- Microsoft Azure Sentinel IoC list, YAML
- Where to look & what we’re looking for
- Huntress Log4Shell Vulnerability Tester
- Malware samples known to be exploiting Log4J
- Indicators of Compromise by IP Source
- Loghunt’s Log4j-scan scanner for finding vulnerable hosts
- Greynoise’s live list of known Apache Log4J Remote Code Execution Attempts
- File hashes for known vulnerable versions of Log4Shell
- Malicious LDAP server for proof-of-concept testing
- How to restrict LDAP access via JNDI at the code-level
- Understanding Log4Shell with Randori & Greynoise
- NCCGroup’s Reconnaissance and Post Exploit Detection guide
- Swiss Government Advisory & Attack Explanation
- Potentially affected vendors and projects
- Tech Solvency’s “Story so Far”
- List of Known Payloads, Threat Reports and IoC lists.
- Cloudflare hosting’s response to Log4j 2 vulnerability