Resources related to Log4j Vulnerability in 2021

CVE Timeline

• 2021 11 26 CVE-2021-44228
• 2021 12 14 CVE-2021-45046
• 2021 12 16 CVE-2021-45105

General information

• NCSC-NL/log4shell Operational information regarding the Log4shell vulnerability in the Log4j logging library.
• News 1 2 by The Verge
• News 1 by The Record
• Blog posts by Cloudflare
• Summary by BleepingComputer
• Overview and remediation by Datadog
• Summery by GovCERT.ch

Playbooks

• Center for Internet Security (CIS)
• TrustedSec

Affected softwares

• cisagov/log4j-affected-db CISA Log4j (CVE-2021-44228) Vulnerability Guidance
• SwitHak/20211210-TLP-WHITE_LOG4J.md Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Scanners

• cisagov/log4j-scanner
• CERTCC/CVE-2021-44228_scanner
• fullhunt/log4j-scan
• logpresso/CVE-2021-44228-Scanner
• Using GitHub’s security features to help identify Log4j exposure in your codebase

Others

• aalex954/Log4PowerShell A Proof-Of-Concept for the CVE-2021-44228 vulnerability written in PowerShell.
• pimps/JNDI-Exploit-Kit by marcioalm
• cloudera/cloudera-scripts-for-log4j
• Github response
• Newest Vulnerability in Log4j 2.17.0 more hype than substance
• Related memes 1

Thai version ข้อมูลภาษาไทย

• Facebook: Hacking & Security 1 2 3
• Facebook: Incognito Lab 1