This morning I noticed a tweet stating four exploits for Metasploit targeting Shellshock has been released. So instead of going into details I would rather collect some useful links on Shellshock.

  1. Everything you need to know about the Shellshock Bash bug“, By Troy Hunt. Maybe the best resource I’ve seen on the subject.
  2. Hackers Are Already Using the Shellshock Bug to Launch Botnet Attacks
    By Andy Greenberg, Wired.
  3. Shellshock: All you need to know about the Bash Bug vulnerability
    By Symantec
  4. ‘Shellshock’ Bug Spells Trouble for Web Security
    By KrebsOnSecurity
  5. Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169)
    By Redhat, Customer Portal