Nice Script and Story from Nick in <#C02C74UV293|c...
# general
g
Nice Script and Story from Nick in #community-sharing!
c
FYI, I commented on that Tweet, but this identifies patched versions of log4j as the fixed version (2.15.0) still contains the
JndiLookup
class. I built some other tooling using YARA to detect the class signature a few days ago, for anyone who is needing some extra tools to find their exposure: https://twitter.com/Darkarnium/status/1470387759743475727
g
Thanks @careful-state-77850, great to know.
c
Reference for completeness, and confirmation that the fixed versions are still flagged.