The BSI has issued the highest warning level for the security hole discovered a few days ago in the widely used Java library log4j. Mandiant provides free tools for creating rules for the systematic search for deserialization exploits.
Mandiant released free tools on GitHub today that companies can use to create rules for systematically searching for deserialization exploits and other types of zero-day exploits. This also includes rules for finding the JNDI Code Injection Zero-Day, which was published for log4j last week.
Rules against deserialization exploits
In a new blog post, Mandiant describes the prevalence and impact of deserialization vulnerabilities on a wide variety of services, including Exchange and Jira. Hacker groups like APT41 have been exploiting these for years. They use the vulnerabilities to upload files, access unauthorized resources, and execute malicious code on the target servers.
The new tools with the names "HeySerial.py" and "CheckYoself.py" help companies quickly and extensively to test future search and recognition rules. However, the experts at Mandiant insist that companies should test these rules thoroughly before using them. Mandiant has also uploaded simulations of some of the sample exploits featured in the blog post to its Mandiant Security Validation Platform to help its customers accelerate testing.
About Mandiant Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response. With decades of experience on the cyber frontline, Mandiant helps organizations confidently and proactively defend against cyber threats and respond to attacks. Mandiant is now part of Google Cloud.