VĂdeo
A talk estĂĄ publicada no meu canal do youtube onde esporadicamente publico algum vĂdeo.
PDF dos slides
Meetup Natal - Slides.pdf370.9KB
ReferĂȘncias Ășteis
Os links abaixo foram os que utilizei em algum momento, parcialmente ou em sua totalidade, para construir a talk, montar o lab.
- https://github.com/christophetd/log4shell-vulnerable-app
- https://github.com/kozmer/log4j-shell-poc
- https://tryhackme.com/room/solar
- http://mirrors.rootpei.com/jdk/ (Imagens antigas do jdk - vulneraveis)
- https://github.com/mbechler/marshalsec
- https://github.com/kozmer/log4j-shell-poc
- https://github.com/christophetd/log4shell-vulnerable-app
- https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-8-pt
- https://linuxize.com/post/how-to-stop-and-disable-firewalld-on-centos-7/
- https://serverfault.com/questions/683666/access-denied-trying-to-enable-or-unmask-firewalld
- https://www.tecmint.com/open-port-for-specific-ip-address-in-firewalld/
- http://www.freekb.net/Article?id=2639 ( Firewalld - firewall-cmd - allow or deny ICMP )
- https://www.vultr.com/docs/how-to-install-graylog-server-on-centos-7/
- https://community.graylog.org/t/send-apache-log-to-graylog/2300/8
- https://github.com/knyar/apache2gelf
- https://www.tecmint.com/disable-selinux-in-centos-rhel-fedora/ ( Disabling SE LINUX )
- https://www.graylog.org/post/how-to-use-graylog-as-a-syslog-server
- https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
- https://www.veracode.com/blog/research/exploiting-jndi-injections-java
- https://github.com/pimps/JNDI-Exploit-Kit
- https://www.youtube.com/watch?v=w2F67LbEtnk (Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228 - LIve Overflow)
- https://www.youtube.com/watch?v=iI9Dz3zN4d8 (Log4j Lookups in Depth - Live Overflow)
- https://github.com/snyk-labs/awesome-log4shell#memes