Packets or it didn't happen!
  • Continuing Log4-Shell - Zeek - Detection - Securitynik
    Now that we understand the vulnerability and exploit, as well as having performed packet analysis using TShark and automated using Snort3, time to use Zeek against this pcap. Looking at Zeek from 3 different perspectives. First we will be running Zeek against the pcap to see what shows up. Second will be a Zeek signature […]
  • Continuing Log4-Shell - Snort3 Rule - Detection - Securitynik
    Now that we have a better understanding of the vulnerability, how it is being exploited, as well as how we can use packet analysis to understand the activities seen on the network, let’s now use Snort3 to  automate our future detections, thus reducing that dwell time. First up, I will create my own Snort configuration […]
  • Continuing Log4-Shell - Packet Analysis - Detection - Securitynik
    Note: If you wish to follow along, the PCAP is on GitHub. Now that I have a better understanding of the Log4j vulnerability and exploitation from a practical perspective, it is time to detect this activity via packet analysis. Any attack that leaves one host and interacts with another, will leave traces of packets on […]
  • Continuing Log4-Shell - Understanding/Testing The Exploit - Securitynik
    Now that I have an understanding of the vulnerability, time to look at its exploitation. First up, unzip the vulnerable app. ┌──(root💀securitynik)-[~/log4j] └─# unzip log4shell-vulnerable-app-main.zip Archive: log4shell-vulnerable-app-main.zip 561f11d5d934725d48028ac04db4fd0b6c18eea0 creating: log4shell-vulnerable-app-main/ extracting: log4shell-vulnerable-app-main/.gitignore inflating: log4shell-vulnerable-app-main/Dockerfile inflating: log4shell-vulnerable-app-main/LICENSE inflating: log4shell-vulnerable-app-main/README.md inflating: log4shell-vulnerable-app-main/build.gradle creating: log4shell-vulnerable-app-main/gradle/ creating: log4shell-vulnerable-app-main/gradle/wrapper/ inflating: log4shell-vulnerable-app-main/gradle/wrapper/gradle-wrapper.jar inflating: log4shell-vulnerable-app-main/gradle/wrapper/gradle-wrapper.properties inflating: log4shell-vulnerable-app-main/gradlew inflating: log4shell-vulnerable-app-main/gradlew.bat inflating: log4shell-vulnerable-app-main/screenshot.png extracting: […]
  • Beginning Log4-Shell - Understanding The Issue/Vulnerability - Securitynik
    In this five part series, I’m trying to understand more about the Log4J vulnerability and exploitation, as well as its detection from three different perspectives. These are packet analysis, Snort3 rule creation and Zeek signature and scripting. In this initial post, I am mostly following the write up from cybersecurityworldconference.com. After downloading a copy of […]

Upcoming Events