Meetup OWASP Natal 2022 - SIDE EFFECT

     MEETUP OWASP NATAL 2022 - SIDE EFFECT


        ----------------------------------------------------------------
        offensive think :: artigo técnico em formato zine / nfo
        ----------------------------------------------------------------

        titulo : Meetup OWASP Natal 2022 - SIDE EFFECT
        autor  : offensive think
        data   : Fri, Mar 25, 2022
        tags   : techinique, talk

        ----------------------------------------------------------------
        --> https://www.offensivethink.com/posts/meetup-owasp-natal.html <--

---[ INDEX ]------------------------------------------------------------
0 - Vídeo
1 - PDF dos slides
2 - Referências úteis




---[ 0x00 - VÍDEO ]-----------------------------------------------------
A talk está publicada no meu canal do youtube onde esporadicamente publico algum vídeo.
[embed] https://www.youtube.com/embed/EGW_2nLG2Og?feature=oembed


---[ 0x01 - PDF DOS SLIDES ]--------------------------------------------
[arquivo] Meetup Natal - Slides.pdf: https://www.notion.so/signed/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F28b82aed-bc68-49f2-9219-18449321c8f0%2FMeetup_Natal_-_Slides.pdf?table=block&id=e8472a4d-c1ee-40f9-b88c-952dcdaac501


---[ 0x02 - REFERÊNCIAS ÚTEIS ]-----------------------------------------
Os links abaixo foram os que utilizei em algum momento, parcialmente ou em sua totalidade, para construir a talk, montar o lab.
- https://github.com/christophetd/log4shell-vulnerable-app
- https://github.com/kozmer/log4j-shell-poc
- https://tryhackme.com/room/solar
- http://mirrors.rootpei.com/jdk/ (Imagens antigas do jdk - vulneraveis)
- https://github.com/mbechler/marshalsec
- https://github.com/kozmer/log4j-shell-poc
- https://github.com/christophetd/log4shell-vulnerable-app
- https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-8-pt
- https://linuxize.com/post/how-to-stop-and-disable-firewalld-on-centos-7/
- https://serverfault.com/questions/683666/access-denied-trying-to-enable-or-unmask-firewalld
- https://www.tecmint.com/open-port-for-specific-ip-address-in-firewalld/
- http://www.freekb.net/Article?id=2639 ( *Firewalld - firewall-cmd - allow or deny ICMP* )
- https://www.vultr.com/docs/how-to-install-graylog-server-on-centos-7/
- https://community.graylog.org/t/send-apache-log-to-graylog/2300/8
- https://github.com/knyar/apache2gelf
- https://www.tecmint.com/disable-selinux-in-centos-rhel-fedora/ ( Disabling SE LINUX )
- https://www.graylog.org/post/how-to-use-graylog-as-a-syslog-server
- https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
- https://www.veracode.com/blog/research/exploiting-jndi-injections-java
- https://github.com/pimps/JNDI-Exploit-Kit
- https://www.youtube.com/watch?v=w2F67LbEtnk (Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228 - LIve Overflow)
- https://www.youtube.com/watch?v=iI9Dz3zN4d8 (Log4j Lookups in Depth - Live Overflow)
- https://github.com/snyk-labs/awesome-log4shell#memes

---[ EOF ]--------------------------------------------------------------

                    offensive think / 2026