Discover and read the best of Twitter Threads about #CVE202144228

Most recents (1)

If you're looking for network indicators of #log4j exploitation - this thread is for you. Every detection in this thread is freely available for use RIGHT NOW.
#snort #suricata #CVE202144228
We have tons of inbound rules that'll hit on scanners and we've tried to cover ITW obfuscation methods, but let's be real, there are more ways to obfuscate these attacks than we can cover.
For outbound traffic (generated by a successful "landing" of the attack strings) there are some good rules now.
1) 2014474 and 2014475
These existing sigs alert on java (as determined by the UA) downloading a class file. Today we tweaked flowbits (2013035) for better coverage.
Read 7 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!