Our great sponsors
-
Apache Log4j 2
Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
log4shelldetect
Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files
-
log4shell_ioc_ips
log4j / log4shell IoCs from multiple sources put together in one big file (IPs) more coming soon (CVE-2021-44228)
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
This binaries are trustwhorthy?https://github.com/logpresso/CVE-2021-44228-Scanner
Update: https://github.com/apache/logging-log4j2/releases/tag/log4j-2.15.0-rc1
Exploit: https://github.com/tangxiaofeng7/apache-log4j-poc
While most people that need to know probably already know enough to do what they need to do AND the information from the OP is way more complete than mine, I have not seen anyone create a Windows script that can remove the JndiLookup.class file from log4j-core JARs easily the way the zip command is able to on linux. So I thought I would post this here if anyone needs to do that... https://github.com/CrazyKidJack/Windowslog4jClassRemover