back2root

For this kind of attack to be carried out successful it is required, that Mallory seeds a solo key before Alice registers this key as an authenticator at a relying...

From my point of view, the idea suggested by @My1 is more an enhancement request for the FIDO2 standard, not a thing a single Authenticator should implement on it's own....

@nickray is there any progress in getting into the default azure ad whitelist, maybe also any eta.? I still don't see SoloKeys listed here: https://docs.microsoft.com/en-us/security/zero-trust/isv/fido2-hardware-vendor :(

> We'll revisit this, yes. Also need to get Solo 2 FIDO certified in the first place. What is the status on this @nickray? Looks like the key is still...

Not yet testen on egrep/cli in general. As it should be valid pcre, maybe a perl oneliner can bring us results. Maybe I can craft sth. later.

Hi I just now managed to test the regex on the CLI. The RegEx seem to work with `grep -P` against the test cases from this repo. Current limitations: -...

Since the RegEx has become a bit more complicated, I created a script that generates the RegEx and put it in its own repo [log4shell-rex](https://github.com/back2root/log4shell-rex) to make it easier to...

@karanlyons wondering if exploit is possible without any protocol given and without forward slash: e.g. `${ jndi\t: addr\n}`  Not yet sure about false positive rate

THX @karanlyons I did some improvements on my RegEx and already get quite good coverage. Maybe still not enough to be used in IPS but good starting point for SIEM...

Updated my regex