DNSSEC has had a rough ride so far. I usually say that the mistake made with DNSSEC was that security came first in the design, ahead of usability. The result is that the implementation of DNSSEC is usually compliance driven and not widespread. There are two parts to implementing DNSSEC: DNSSEC Validation: This is done […]

Now that we understand the vulnerability and exploit, as well as having performed packet analysis using TShark and automated using Snort3, time to use Zeek against this pcap. Looking at Zeek from 3 different perspectives. First we will be running Zeek against the pcap to see what shows up. Second will be a Zeek signature […]

Now that we have a better understanding of the vulnerability, how it is being exploited, as well as how we can use packet analysis to understand the activities seen on the network, let’s now use Snort3 to  automate our future detections, thus reducing that dwell time. First up, I will create my own Snort configuration […]

Note: If you wish to follow along, the PCAP is on GitHub. Now that I have a better understanding of the Log4j vulnerability and exploitation from a practical perspective, it is time to detect this activity via packet analysis. Any attack that leaves one host and interacts with another, will leave traces of packets on […]

Now that I have an understanding of the vulnerability, time to look at its exploitation. First up, unzip the vulnerable app. ┌──(root💀securitynik)-[~/log4j] └─# unzip log4shell-vulnerable-app-main.zip Archive: log4shell-vulnerable-app-main.zip 561f11d5d934725d48028ac04db4fd0b6c18eea0 creating: log4shell-vulnerable-app-main/ extracting: log4shell-vulnerable-app-main/.gitignore inflating: log4shell-vulnerable-app-main/Dockerfile inflating: log4shell-vulnerable-app-main/LICENSE inflating: log4shell-vulnerable-app-main/README.md inflating: log4shell-vulnerable-app-main/build.gradle creating: log4shell-vulnerable-app-main/gradle/ creating: log4shell-vulnerable-app-main/gradle/wrapper/ inflating: log4shell-vulnerable-app-main/gradle/wrapper/gradle-wrapper.jar inflating: log4shell-vulnerable-app-main/gradle/wrapper/gradle-wrapper.properties inflating: log4shell-vulnerable-app-main/gradlew inflating: log4shell-vulnerable-app-main/gradlew.bat inflating: log4shell-vulnerable-app-main/screenshot.png extracting: […]