Skip to content

Instantly share code, notes, and snippets.

View ch40s's full-sized avatar

CS ch40s

15 followers · 18 following
  • Earth
View GitHub Profile
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active May 10, 2025 10:16
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@superducktoes
superducktoes / Callback Domains log4j
Last active March 5, 2025 13:05
Callback Domains log4j
ldap://e2216d7a9a31.bingsearchlib.com:39356/a
ldap://612877d3a59b.bingsearchlib.com:39356/a
ldap://205.185.115.217:47324/a
ldap://ab3419ba1f45.bingsearchlib.com:39356/a
ldap://193.3.19.159:53/c
ldap://ea62856c5fc3.bingsearchlib.com:39356/a
ldap://43065f484327.bingsearchlib.com:39356/a
ldap://5486b6edd688.bingsearchlib.com:39356/a
ldap://92d27039ede4.bingsearchlib.com:39356/a
ldap://45cecd2f38ca.bingsearchlib.com:39356/a
@gnremy
gnremy / CVE-2021-44228_IPs.csv
Last active April 26, 2023 07:01
CVE-2021-44228 Apache Log4j RCE Attempts Dec 20th 9:27PM ET
ip tag_name
162.155.56.106 Apache Log4j RCE Attempt
223.111.180.119 Apache Log4j RCE Attempt
213.142.150.93 Apache Log4j RCE Attempt
211.154.194.21 Apache Log4j RCE Attempt
210.6.176.90 Apache Log4j RCE Attempt
199.244.51.112 Apache Log4j RCE Attempt
199.101.171.39 Apache Log4j RCE Attempt
197.246.175.186 Apache Log4j RCE Attempt
196.196.150.38 Apache Log4j RCE Attempt
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active April 11, 2025 22:49
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@byt3bl33d3r
byt3bl33d3r / log4j_rce_check.py
Created December 10, 2021 06:02
Python script to detect if an HTTP server is potentially vulnerable to the log4j 0day RCE (https://www.lunasec.io/docs/blog/log4j-zero-day/)
#! /usr/bin/env python3
'''
Needs Requests (pip3 install requests)
Author: Marcello Salvati, Twitter: @byt3bl33d3r
License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License)
This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021.
@atcuno
atcuno / gist:3425484ac5cce5298932
Last active May 13, 2025 07:11
HowTo: Privacy & Security Conscious Browsing

The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.

I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.

Table of Contents