Collaborate Disseminate
Logging is enabled. Only allow rules are logged. The very last line of my firewall rules is:
Anywhere DENY Anywhere
No logging is asked for, however two IPs repeatedly show up in my firewall logs as blocked:
Dec… Continue reading ufw logs BLOCKS from 2 sites while BLOCK logging is completely disabled for ALL sites [migrated]
Just curious who and how just added RCE into logging library and successfully merged this joke into master.
Is there any links or archives to original:
commit that added jndi
issue where someone asked for jndi support in log4j
pull reques… Continue reading Original Log4j commit that added jndi support into it [closed]
Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular open-source Java-based logging utility that’s seemingly used by most enterpri… Continue reading Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation
A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, fortunately, primarily to deliver coin miners. Reported to the Apache Software Foundati… Continue reading Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)
I’ve been thinking a lot about private browsing recently. Here’s a scenario I’ve been thinking about:
Let’s say I have a browser installed on my Windows 10 PC called "ChromeFox" (made up, it’s just an example). ChromeFox is a &qu… Continue reading Does Windows 10 log network activity?
When we are trying to implement an ‘Event Tracking’ mechanism (recording/logging clicks, scrolls and other actions on the UI of the web application) on our web application.
Should ‘Event Tracking’ be tied to a session? I noticed that a lot… Continue reading Event Tracking integrity [migrated]
Slack is being released for internal collaboration in the enterprise. Slack gives a lot of API integration to monitor audit & activity logs.
Splunk can be used to just monitor activity logs because it’s out of the box. Please suggest h… Continue reading How to collect logs & do security monitoring from Slack APIs [closed]
I’m trying to edit my rsyslog.conf in order to set hex parts of my auditd logs in clear.
Does anyone know if it is possible to configure rsyslog in order to apply a parsing on the log received by a bash script ? (Or any other technique)
It… Continue reading Rsyslog & Auditd – Parsing audit.log / proctitle hexadecimal value to ascii [migrated]
Our RASP product At Imperva our team builds a product called RASP which stands for Runtime Application Self Protection. As indicated by the name, it is a security product which plugs directly into the runtime of an application in order to provide a sim… Continue reading Logging: A Deep Dive
If we plan to log script block logging, module logging and transcription logs in Active Directory using group policy, what/where is the best place to secure these logs so we can be assured of their integrity?