Skip to content

A simple bash script to check for evidence of compromise related to CVE-2024-3400

Notifications You must be signed in to change notification settings

MurrayR0123/CVE-2024-3400-Compromise-Checker

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 

Repository files navigation

CVE-2024-3400 Compromise Checker

A very simple bash script to check for evidence of compromise related to CVE-2024-3400 on Palo Alto Firewalls.

Designed to provide a quick initial triage of potentially impacted devices by checking for the existence of artefacts outlined in the Volexity writeup and deFroggy's blog post.

Usage: ./cve-2024-3400_checker.sh

For more detailed information regarding the vulnerability itself and the IOCs this script checks for, please check out the respective publications below:

Disclaimer: As public exploits become availabe, the scope of activity is likely to increase and TTPs will almost certainly change. This script may not provide complete detection for all malicious activity and was made with best intentions to allow first responders to perform an initial triage of potentially impacted devices. Further investigation is highly recommended with reference to the technical blog posts above. Please test before running on production systems. The scripts provided here are offered as-is, without warranty of any kind, express or implied. The author assumes no responsibility or liability for any damages or problems resulting from the use of these scripts. Use these scripts at your own risk. By using these scripts, you agree to these terms and conditions.

About

A simple bash script to check for evidence of compromise related to CVE-2024-3400

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages