Tag: SIEM

Log4Shell Defense

Log4Shell exploitation and hunting on VMware Horizon (CVE-2021-44228)

TLDR

Go and run this on the connection servers:

https://github.com/mr-r3b00t/CVE-2021-44228

It’s crude so also look for the modified timestamps, recent unexpected blast service restarts and if you have process logging go and check for suspicious child processes over the period. Once you have checked, run a backup, then if they aren’t patched, patch the servers! (i know patching isn’t as simple as just patch!)

Read more “Log4Shell exploitation and hunting on VMware Horizon (CVE-2021-44228)”
logging Defense

Fast Monitoring Deployment with Datadog

Imagine the scenario where you have an endpoint or server running and you don’t have centralised logging or visualisation of log data and you need to perform some rapid analysis without wanting to stand up a new set of VMs or services, well this is where cloud really can come into it’s own.

Very rapidly we can setup a Datadog account. (this blog will be updated as I deploy and configure) Read more “Fast Monitoring Deployment with Datadog”