Hunting for Log4j RCE (CVE-2021-44228) using RSA Netwitness
zam So, if you read my previous article; Hunting for Log4j RCE (CVE-2021-44228) using Splunk & Excel, last time we leveraging Splunk as our platform to hunt event/logs related to this…
hunting
Hunting for Log4j RCE (CVE-2021-44228) using Splunk & Excel
As you are aware, there are new Log4j vuln (CVE-2021-44228) vuln been disclosed and exploited in the wild currently. So, I’m using Splunk query as below; based from Splunk blog…
Carbon Black query searching for malicious NPM library – coa & rc
Based on GitHub Advisory Database:https://github.com/advisories/GHSA-g2q5-5433-rhrf – Embedded malware in rchttps://github.com/advisories/GHSA-73qr-pfmq-6rp8 – Embedded malware in coa rc affected versions:= 1.2.9= 1.3.9= 2.3.9 coa affected versions:= 2.0.3= 2.0.4= 2.1.1= 2.1.3= 3.0.1= 3.1.3…
Carbon Black query for Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444)
Carbon Black query that can be use to detect if any MSHTML RCE happened (probably need to be refined more): Search if any assets making connections towards IOCs (known IOCs…