Log4j

Security strategy for the next Log4Shell

Last week I had the privilege to be in Washington, DC talking to a group of defenders. I heard a clear pattern of words: “data-driven,” “telemetry-first,” and “visibility”. The defenders were focused on having the right telemetry to investigate both... Read more »

Detecting Log4j exploits via Zeek when Java downloads Java

Detecting Log4j exploits via Zeek when Java downloads Java

We have published an initial blog on the Log4j exploit and a followup blog with a second detection method for detecting the first stage of exploits occurring over LDAP.  Today, we will discuss a third detection method, this one focused on the... Read more »

Detecting Log4j via Zeek & LDAP traffic

We recently discussed some methods for detecting the Log4j exploit, and we’ve now developed another method that everyone running Zeek® or a Corelight sensor can use. Our new approach is based on the rarity of legitimate downloads of Java via LDAP.... Read more »

Simplifying detection of Log4Shell

Simplifying detection of Log4Shell

Security workers across the world have been busy since last Friday dealing with CVE-2021-44228, the log4j 0-day known as Log4Shell, that is already being heavily exploited across the Internet. Given the huge number of systems that embed the... Read more »

Search

    Recent Posts