Update to Log4shell Detection With Falco
In a prior post I described how to detection potential Log4shell (CVE-2021-44228) exploitation by looking for patterns in a Java process’ write() or sendto() buffer in LDAP and RMI connections. One limitation of this is that it matches on text in the buffer. The good news is that as of version 0.32.0, Falco now supports matching on raw bytes expressed as hexadecimal strings! This means that we can now match on any pattern in the buffer, not just “human-readable” text. ...