diff --git a/Log4JShell/1_Log4JShell_Attack.pptx b/Log4JShell/1_Log4JShell_Attack.pptx new file mode 100644 index 0000000..e556d63 Binary files /dev/null and b/Log4JShell/1_Log4JShell_Attack.pptx differ diff --git a/Log4JShell/JNDIExploit.v1.2.zip.gpg b/Log4JShell/JNDIExploit.v1.2.zip.gpg new file mode 100644 index 0000000..1454704 Binary files /dev/null and b/Log4JShell/JNDIExploit.v1.2.zip.gpg differ diff --git a/Log4JShell/Log3shell_state_digram.svg b/Log4JShell/Log3shell_state_digram.svg new file mode 100644 index 0000000..cddb93c --- /dev/null +++ b/Log4JShell/Log3shell_state_digram.svg @@ -0,0 +1,173 @@ + + +StateDiagram + + +cluster_attacker + +Attacker States + + +cluster_victim + +Victim States + + + +Attacker + +Attacker + + + +Identifying + +Identifying + + + +Attacker->Identifying + + + + + +Victim + +Victim + + + +Vulnerable + +Vulnerable + + + +Victim->Vulnerable + + + + + +Idle + +Idle + + + +Exploiting + +Exploiting + + + +Identifying->Exploiting + + + + + +Control + +Control + + + +Exploiting->Control + + + + + +PrivilegeEscalation + +PrivilegeEscalation + + + +Control->PrivilegeEscalation + + + + + +Exfiltrating + +Exfiltrating + + + +PrivilegeEscalation->Exfiltrating + + + + + +CoveringTracks + +CoveringTracks + + + +Exfiltrating->CoveringTracks + + + + + +NormalOperation + +NormalOperation + + + +Compromised + +Compromised + + + +Vulnerable->Compromised + + + + + +ControlLoss + +ControlLoss + + + +Compromised->ControlLoss + + + + + +Alert + +Alert + + + +ControlLoss->Alert + + + + + +Recovery + +Recovery + + + +Alert->Recovery + + + + + \ No newline at end of file diff --git a/Log4JShell/attack_steps.svg b/Log4JShell/attack_steps.svg new file mode 100644 index 0000000..6045a68 --- /dev/null +++ b/Log4JShell/attack_steps.svg @@ -0,0 +1,98 @@ + + +Log4ShellAttack + + +cluster_steps + +Log4Shell Attack Steps + + + +VulnerableSystem + +1. Identify +Vulnerable System + + + +ExploitVulnerability + +2. Exploit +Vulnerability + + + +VulnerableSystem->ExploitVulnerability + + + + + +ProcessPayload + +3. Process +Malicious Payload + + + +ExploitVulnerability->ProcessPayload + + + + + +RemoteCodeExecution + +4. Remote Code +Execution + + + +ProcessPayload->RemoteCodeExecution + + + + + +PrivilegeEscalation + +5. Privilege +Escalation + + + +RemoteCodeExecution->PrivilegeEscalation + + + + + +ExfiltrationOrExploitation + +6. Data +Exfiltration or +Further Exploitation + + + +PrivilegeEscalation->ExfiltrationOrExploitation + + + + + +CoveringTracks + +7. Covering +Tracks + + + +ExfiltrationOrExploitation->CoveringTracks + + + + + \ No newline at end of file