This guide will walk you through using CanaryTokens.org to generate a token and how to use that token to determine if an application is vulnerable to Log4j. The generated token is a string of text that you will place in various user-controlled fields of the applications (such as search boxes, forms, and password fields). If the application is vulnerable, you will receive an email from CanaryTokens.org indicating that the application is vulnerable.
Recon's Guide to Testing for the Log4J Vulnerability using Canarytokens
Dec 14, 2021 2:10:00 PM / by Andrew Cook posted in SecOps, Security, log4j, Canaries, InfoSec, Thinkst
Recon's SOAR Playbook To Detect Log4J Exploitation
Dec 13, 2021 2:14:00 PM / by Andrew Cook posted in SecOps, Security, log4j, Canaries, InfoSec, Thinkst
The recent Log4j vulnerability (CVE-2021-44228) is unprecedented in its global scope and impact. This open source logging framework for Apache is found buried in everything from the Mars Helicopter to Minecraft. The exploit is as simple as getting the system to log a message containing a specific string, which can be done as easily as changing your iPhone’s name, sending a chat message, or visiting a website.