Our New Log4j Scanner to Combat Log4Shell

  • On the web, you can find the types of affected software. But what if the services within your own organization are using Log4j?
  • Scanning external service hosts will not provide a clear picture. This is because Log4Shell can manifest itself regardless of what is being logged, a User-Agent header or user entries in a form at any moment after authentication. There is no guarantee that a scanner will detect the vulnerable library, but adversaries could easily come across it.

--

--

--

BI.ZONE: an expert in digital risks management. We help organizations around the world to develop their businesses safely in the digital age

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
BI.ZONE

BI.ZONE

BI.ZONE: an expert in digital risks management. We help organizations around the world to develop their businesses safely in the digital age

More from Medium

Log4Shell Vulnerability Part 1: Minecraft POC

Decrypting WinRM traffic from AD hashes — HTB Uni Quals 2021 “Keep the Steam Activated” Writeup

log4shell 0-day Exploit in log4j v2 — What it is?

log4shell 0-day Exploit in log4j v2 - What it is? How to Identify and Mitigate the Vulnerability (CVE-2021-44228)

TCAPT: DLL Hijacking