Skip to content

Instantly share code, notes, and snippets.

View blueteam0ps's full-sized avatar

BlueTeamOps blueteam0ps

  • Sydney
View GitHub Profile
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active September 11, 2024 21:41
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@deeso
deeso / soup-to-nuts-creating-plaso-parser-deployingtimesketch.md
Created June 21, 2019 20:30
writeup describing how to create a plaso parser and deploy it with timesketch

Soup to Nuts: Creating a Plaso Parser and Deploying Timesketch to Docker

Acknowledgements, etc.

Thank you to the Log2timeline and Timesketch teams for putting out some solid work. I am thankful that I have the opportunity to create this write up, which comes on the back of their hard work. While there may be holes in their documentation and descriptions, the code is well written and fairly easy to understand. Any criticism should not be interpretted as a reflection of the quality of their work.

@404NetworkError
404NetworkError / Windows_Functions_in_Malware.md
Last active October 22, 2024 05:40
Concise Windows Functions in Malware Analysis List