black-hat-rust
CVE-2021-44228-PoC-log4j-bypass-words
Our great sponsors
black-hat-rust | CVE-2021-44228-PoC-log4j-bypass-words | |
---|---|---|
48 | 8 | |
3,044 | 924 | |
1.5% | - | |
4.3 | 0.0 | |
7 months ago | over 2 years ago | |
Rust | Java | |
MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
black-hat-rust
-
Cloudflare for Speed and Security
Bonuses: If you purchase Cloudflare for Speed and Security before November 4, 2023, you'll get my bestseller, Black Hat Rust, for free! Yes, you read it right, two books for less than the price of one!
-
Show HN: I'm writing a book β Cloudflare for Speed and Security
Hey HN,
I'm so excited to finally share with you what I've been working on recently.
One month ago I asked my audience what they wanted to learn about Websites, APIs and Servers security [0].
From the feedback, I've identified a few recurring pain points that I've started to address (and many more) in this new book.
From theory to practice, you will learn how low-level network and security protocols work. How to configure Cloudflare to secure and scale your web applications. How to create serverless applications and which database to chose with serverless functions. How to optimize your caching policies. How to distribute videos globally. And a lot of other things, all of that while significantly reducing your cloud bill.
Today, the book is far from ready, but I still wanted to release it as "Early Access". First, to enable you to start learning today and, secondly, to garner feedback and refine the book's content.
Between writing, editing, and technical reviewing, it can take some time to complete a book. That's why I release my books before they are fully completed - so you can commence learning before the book is 100% ready, provide feedback, and help shape the content. Rest assured, all future updates are free of charge.
The final publication date is set for mid-January 2024.
Bonuses: If you purchase Cloudflare for Speed and Security before November 4, 2023, you'll get my bestseller, Black Hat Rust [1], for free! Yes, you read it right, two books for less than the price of one!
Furthermore, all early-access supporters will receive the checklist I use to quickly set up a new domain on Cloudflare, ensuring the right balance between security, performance, and user experience.
Lastly, the price is likely to increase once the book transitions out of Early Access, so don't postpone getting your copy.
Sylvain
[0] https://kerkour.com/what-do-you-want-to-learn-about-web-and-...
[1] https://kerkour.com/black-hat-rust
- Black Hat Rust
-
The EU Suppressed a 300-Page Study That Found Piracy Doesnβt Harm Sales
The best way I have found to prevent the piracy of my book (https://kerkour.com/black-hat-rust) is to inundate pirate platforms with only the first chapter and with a discount inside for those who can't afford the original price.
So far it worked really well.
-
[Question] Does Rusts safety features make it less useful for pentesting?
Black Hat Rust
-
Offensive Rust
You mean like this? https://kerkour.com/black-hat-rust
-
Position Independent Shellcodes in Rust (PIC)
As usual, you can find the code on GitHub: github.com/skerkour/black-hat-rust (please don't forget to star the repo π).
-
How to Write and Compile a Shellcode in Rust
This post is an excerpt from my book Black Hat Rust
-
Learn Rust, Offensive Security and Applied Cryptography
This is why I dedicated the past months to write a book about the topic: Black Hat Rust - Applied offensive security with the Rust programming language.
-
Backdooring Rust crates for fun and profit
Want to learn more Rust, Offensive Security and Applied Cryptography? Take a look at my book Black Hat Rust Get 42% off until Friday, November 12 with the coupon 1311B892
CVE-2021-44228-PoC-log4j-bypass-words
-
Log4Shell Update: Severity Upgraded 3.7 -> 9.0 for Second log4j Vulnerability (CVE-2021-45046) | LunaSec - v2.15 of Log4j has an RCE
WAF is also playing whackamole given all the ways to bypass simple rules
-
A Blog about detection of Log4Shell
More specifically this section https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
- π±βπ» βοΈ π€¬ CVE-2021-44228 - LOG4J Java exploit - A trick to bypass words blocking patches
- JNDI Log4j exploit bypass word filters
- LOG4J bypass words
What are some alternatives?
sn0int - Semi-automatic OSINT framework and package manager
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
zero-to-production - Code for "Zero To Production In Rust", a book on API development using Rust.
CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera - π© π€π» [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337
yakuza-freecam - Yakuza Freecam Tool made in Rust
log4j-log4shell-affected - Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE). This list is meant as a resource for security responders to be able to find and address the vulnerability
dirble - Fast directory scanning and scraping tool
LAZYPARIAH - A tool for generating reverse shell payloads on the fly.
rust-windows-shellcode - Windows shellcode development in Rust
pocbrowser - Scrape websites to find PoCs for CVEs
log4j-shell-poc - A Proof-Of-Concept for the CVE-2021-44228 vulnerability.