Steve Henderson, Ph.D.

A condensed walkthrough of the 42Challenge boot-to-root box from VulnHub. The fun of this one isn’t a single CVE — it’s chaining a chain of small weaknesses: a client-side filter, a local file include, log poisoning, a backup file, and a little reverse engineering. The methodology generalizes well beyond this box.

Introduction

iSCSI (Internet Small Computer Systems Interface) is a powerful protocol that allows you to extend storage capabilities over a network. Whether you’re managing a home office setup or a full-fledged data center, iSCSI can help you integrate Network Attached Storage (NAS) devices with hypervisors like VMware ESXi. However, like any network device, iSCSI presents a number of security vulnerabilities and attack surfaces that must be considered. This guide will explore the iSCSI protocol, its applications, and various security considerations to ensure your data remains protected.

Secure Boot is a rather cryptic and opaque security setting on your computer. In most circumstances, it’s something you or your computer’s vendor will configure in your machine’s BIOS, and then forget about. Occasionally, you might be tempted to disable this setting to facilitate custom boot scenarios, install certain hardware, or perform boutique configurations to your machine. However, Secure Boot is an essential protection mechanism to help keep your computer safe from the most dangerous and sophisticated cyber security threats.

Here’s a great tutorial on DuckDB and parquet: Querying Parquet with Precision using DuckDB