# History

https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf

https://twitter.com/h113sdx/status/1469010902183661568?s=20

https://www.deepl.com/translator#zh/de/%E8%BF%99%E6%BC%8F%E6%B4%9E%E6%9C%89%E7%82%B9%E6%81%90%E6%80%96%EF%BC%8C%E8%BF%98%E5%9C%A8%E7%94%A8%E6%97%A7%E7%89%88JDK%E7%9A%84%E8%A6%81%E6%B3%A8%E6%84%8F%E4%BA%86

https://thehackernews.com/2021/12/china-suspends-deal-with-alibaba-for.html

https://www.lunasec.io/docs/blog/log4j-zero-day/

# Technical View

https://miro.medium.com/max/1400/1*ld4Sp8BDjFsDIBJ8i-92xw.png

https://imgs.xkcd.com/comics/exploits_of_a_mom.png

https://twitter.com/redteamwrangler/status/1469536603735412739

https://www.linuxadictos.com/en/jen-easterly-director-of-cisa-says-log4j-is-the-worst-she-has-seen-and-that-they-will-stretch-for-years.html (https://en.wikipedia.org/wiki/Jen_Easterly)

https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-549032-10F2.html

https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md

https://logging.apache.org/log4j/2.x/security.html

# Blue

https://log4j.kringlecon.com/?challenge=log4jblue

## Solution

https://secf00tprint.github.io/blog/hhc/2021/writeup/en#bonus-blue-log4jack

## Defender Stuff

https://github.com/google/log4jscanner

https://github.com/fullhunt/log4j-scan

https://github.com/Cybereason/Logout4Shell

https://github.com/Neo23x0/log4shell-detector

https://yekta-it.de/blog/ein-monat-log4j-was-haben-wir-gelernt

Better scan before doing lists

## Canaries

https://help.canary.tools/hc/en-gb/articles/4413465229201

# Red

https://log4j.kringlecon.com/?challenge=log4jred

## Solution

https://secf00tprint.github.io/blog/hhc/2021/writeup/en#bonus-red-log4jack