Blog
Enabling VPN connections for Qubes OS firewall
Services like Tailscale and reverse shells won’t work until you relax the firewall to allow them… …
Creating reasonably secure remote administration for Qubes OS
This guide will help you create an authenticated service for managing Qubes OS remotely
By design it will be:
- Encrypted
- Authenticated (with a key)
- Over Tor
- Works behind NAT/CGNAT
- No open ports required
- Accessible from any computer with a Tor Browser / Tails / Whonix
Boardlight writeup
Boardlight is a Linux box featuring a Dolibarr CMS instance vulnerable to CVE‑2023‑30253, leading to remote code execution. We will exploit this vulnerability, reuse extracted credentials to gain user access, and escalate privileges via an outdated binary vulnerable to CVE‑2022‑37706.
…Editorial writeup
Editorial is a Linux box that involves SSRF exploitation, internal port enumeration, git credential extraction, and privilege escalation via a GitPython vulnerability (CVE‑2023‑41040). We will discover an SSRF vulnerability in a book cover upload feature, use it to scan internal ports, retrieve API credentials, access a git repository to find production user credentials, and exploit a vulnerable sudo‑allowed Python script to gain root access.
…Cicada writeup
Cicada is a Windows Active Directory box that involves SMB share enumeration, password spraying, and exploitation of SeBackupPrivilege. We will discover default credentials in an HR notice, perform RID brute‑forcing to enumerate users, spray passwords to gain initial access, then leverage backup operator privileges to dump and crack password hashes for domain administrator access.
…- ← Prev
- 1 of 6
- Next →