DEV Community

Cover image for log4j Hub - Everything related to log4j-CVE-2021-44228.
Anuvindh for AWS Community Builders

Posted on • Updated on

log4j Hub - Everything related to log4j-CVE-2021-44228.

Learn about Impacted devices or services,Free lab to replicate and learn the log4j vulnerability. Learn how exploit works , defend & protect. Patch your services running on cloud or Onprem.

Documentations from CISA, AWS, Microsoft, CrowdStrike etc.

i tried my best to build a hub that help to understand, defend and protect the log4j attacks.

This was originally posted and will be regularly updated on my GitHub page

What is log4j ?

LOG4J is a open-source Java-based Apache Software used for logging services.

What is log4j Vulnerability CVE-2021-44228 ?

The Log4j vulnerability allows remote code execution by simply typing a specific string into a textbox , works on every program using the Log4j library.

Attack Surfaces / Related Softwares

List of affected Related Links
Brands YfryTchsGD github link gives us a list of impacted services or components or manufacturers ( Apple, Tencent, Twitter, Cloudflare, Amazon, Tesla ...etc)
Softwares Publised by Nationaal Cyber Security Centrum , github link. (Adobe,EC2, AWS API gateway,DocumentDB, DynamoDB, Kafka, Kinesis, S3, SNS, SQS, AWS SSO, Apache Cisco, CYber ARk, Dell, FOrtinet,Fujitsu, IBM, JuniperNetworks, .......etc)

How to check your server is vulnerabe or not?

There are heaps of metrails avilable on internet by now am adding few here.
make sure you read the resources before you use it.

I have writted a simple code to scan for log4j Vulnerability

Quick Scan

wget -q -O -| bash

Source Related Links
portfolio_view Hotpatch for Apache Log4j AWS security services to protect against, detect, and respond to the Log4j vulnerability Mitigating the Apache log4j security issue for EKS, ECS, and Fargate customers
portfolio_view Cybersecurity and Infrastructure Security Agency’s Emergency Directive 22-02 Mitigate Apache Log4j Vulnerability Apache Log4j Vulnerability Guidance from CISA
portfolio_view Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
portfolio_view i have written a simple bash script to do a basic quick scan.
Inspect Code
Copy code
portfolio_view Check your Server for the Java Log4j Vulnerability ,
Blog link , Youtube Tutorial , github link
Website Link, It comes with a web based tool to identify the affected servers CVE-2021-44228
portfolio_view Performs two specific checks: HTTP headers and HTTP GET request, github link
portfolio_view log4j PowerShell Checker github Link
portfolio_view A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts, github link
ADIL SOYBALI Log4j-RCE-Scanner,scan for remote command execution vulnerability CVE-2021-44228 on Apache Log4j at multiple addresses.github link
portfolio_view Bytecode Detector,scans all running java processes for vulnerable log4j files. It is NOT invasive and DOES NOT require you to stop your application. It also check, if the program includes artifacts that re-bundled or re-compiled the vulnerable log4j JARs github link
portfolio_view Log4j Quick Reference Guide (QRG) Live Log4J Worldwide threat tracker Free Targeted Log4j Search Tool

Lab Environments

Created by Lab Environment
portfolio_view & JohnHammond Solar, exploiting log4j LabImage
portfolio_view Log4j RCE,This challenge covers the latest RCE in Log4j
INE Review the Log4J (also known as the Log4Shell) vulnerability, its use in networks currently, and demo the exploit in a sandboxed environment

Top comments (0)