
Using log4jscanwin to identify Log4j vulnerabilities on Windows machines
A step-by-step guide on how to identify Log4j vulnerabilities on Windows machines using log4jscanwin
Facebook/Meta Data Protection Assessment (DPA) plan for DigitalOcean Cloud. Start Here
A step-by-step guide on how to identify Log4j vulnerabilities on Windows machines using log4jscanwin
A guide to help you discover vulnerable Log4j packages across multiple Linux machines using scripting and the AWS SSM to run commands remotely.
Last week a vulnerability affecting the most common logging packages in Java, Log4j, was made public, complete with exploit code. The vulnerability is rated with a critical severity rating of 10. Successful exploitation allows for a very uncomplicated remote command execution without requiring any authentication over the Internet resulting in a complete compromise of data and system confidentiality, integrity and availability. This blogpost explains the detection methods, exploitation techniques and mitigation instructions of the vulnerability.
A post about how we performed an analysis of the Kafka connectors in use for a customer to detect if they were vulnerable to the recently discovered Log4j vulnerability - CVE-2021-44228 and CVE-2021-45046.