Not only does the blue team need to be careful with Log4shell, the red team also needs to be careful.
Some burp suite plugins also using the vulnerable Log4j. Of course, this is not all. @PortSwigger
I just spent over a month crafting the ultimate guide to Fuff. It is such an incredibly powerful tool, and I bet you're not using all of the features to full advantage! Video: https://t.co/qSncuODB5i Written guide: https://t.co/sH23qxjy2L #bugbountytips
when you type systeminfo in your cmd, wbem\tzres.dll which doesn't actually exist has been loaded by wmiprvse.exe . Then you can use that as a filewrite eop weapon or persistence technique via dll hijacking. Then you can escalate to SYSTEM via token impersonation.