<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>bara</title>
    <description>offsec blog</description>
    <link>https://bara.xyz</link>
    <atom:link href="https://bara.xyz/feed.xml" rel="self" type="application/rss+xml"/>
    <language>en</language>
    
    <item>
      <title>Dusty Alleys - Web</title>
      <link>https://bara.xyz/posts/ctf/dusty-alleys</link>
      <guid isPermaLink="true">https://bara.xyz/posts/ctf/dusty-alleys</guid>
      <pubDate>Sun, 28 Sep 2025 00:00:00 +0000</pubDate>
      
      <description>In the dark, dusty underground labyrinth, the survivors feel lost and their resolve weakens. Just as despair sets in, they notice a faint light: a dilapidated, rusty robot emitting feeble sparks. Hoping for answers, they decide to engage with it.</description>
      
      
      <category>ctf</category>
      
    </item>
    
    <item>
      <title>WS-Todo - Web</title>
      <link>https://bara.xyz/posts/ctf/ws-todo</link>
      <guid isPermaLink="true">https://bara.xyz/posts/ctf/ws-todo</guid>
      <pubDate>Mon, 22 Sep 2025 00:00:00 +0000</pubDate>
      
      <description>This WebSockets-based Todo application features ✨millitary-grade encryption✨ and is extremely low-latency. Ideal for busy students and working professionals alike.</description>
      
      
      <category>ctf</category>
      
    </item>
    
    <item>
      <title>VulnCicada - Medium</title>
      <link>https://bara.xyz/posts/labs/vulncicada</link>
      <guid isPermaLink="true">https://bara.xyz/posts/labs/vulncicada</guid>
      <pubDate>Tue, 16 Sep 2025 00:00:00 +0000</pubDate>
      
      <description>VulnCicada is a Medium Windows Active Directory machine that involves discovering a password inside an image on a public share.</description>
      
      
      <category>labs</category>
      
    </item>
    
    <item>
      <title>Understanding SeTcbPrivilege: Inner Workings and Practical Abuse Scenarios</title>
      <link>https://bara.xyz/posts/misc/tcbelevation</link>
      <guid isPermaLink="true">https://bara.xyz/posts/misc/tcbelevation</guid>
      <pubDate>Sun, 14 Sep 2025 00:00:00 +0000</pubDate>
      
      
      <category>misc</category>
      
    </item>
    
    <item>
      <title>Data - Easy</title>
      <link>https://bara.xyz/posts/labs/data</link>
      <guid isPermaLink="true">https://bara.xyz/posts/labs/data</guid>
      <pubDate>Wed, 10 Sep 2025 00:00:00 +0000</pubDate>
      
      <description>Data is an Easy Linux machine that involves exploiting https://nvd.nist.gov/vuln/detail/CVE-2021-43798, an arbitrary file read via path traversal in Grafana.</description>
      
      
      <category>labs</category>
      
    </item>
    
    <item>
      <title>Retro - Easy</title>
      <link>https://bara.xyz/posts/labs/retro</link>
      <guid isPermaLink="true">https://bara.xyz/posts/labs/retro</guid>
      <pubDate>Sun, 07 Sep 2025 00:00:00 +0000</pubDate>
      
      <description>Retro is an Easy Windows machine that showcases an Active Directory Domain Controller.</description>
      
      
      <category>labs</category>
      
    </item>
    
    <item>
      <title>Down - Easy</title>
      <link>https://bara.xyz/posts/labs/down</link>
      <guid isPermaLink="true">https://bara.xyz/posts/labs/down</guid>
      <pubDate>Sun, 07 Sep 2025 00:00:00 +0000</pubDate>
      
      <description>Down is an easy-rated Linux machine that involves exploiting an arbitrary file read by bypassing a protocol-based filter to discover the source code of the running PHP web app, eventually, a remote code execution to gain an initial foothold.</description>
      
      
      <category>labs</category>
      
    </item>
    
    <item>
      <title>Hydroadmin - Secure Coding</title>
      <link>https://bara.xyz/posts/ctf/hydroadmin</link>
      <guid isPermaLink="true">https://bara.xyz/posts/ctf/hydroadmin</guid>
      <pubDate>Sun, 10 Aug 2025 00:00:00 +0000</pubDate>
      
      <description>With reservoirs sealed and cities teetering on thirst, our heroes storm the HydroAdmin control room to reopen valves and restore the flow of water.</description>
      
      
      <category>ctf</category>
      
    </item>
    
    <item>
      <title>Resourcehub Core - Secure Coding</title>
      <link>https://bara.xyz/posts/ctf/resourcehub-core</link>
      <guid isPermaLink="true">https://bara.xyz/posts/ctf/resourcehub-core</guid>
      <pubDate>Thu, 31 Jul 2025 00:00:00 +0000</pubDate>
      
      <description>The NecroNet unleashes its undead AI worm on the Global Resource Hub, cutting off water, food and power—and the Citadel Consortium calls in its elite white-hat operatives to reclaim the portal.</description>
      
      
      <category>ctf</category>
      
    </item>
    
    <item>
      <title>Commnet - Secure Coding</title>
      <link>https://bara.xyz/posts/ctf/commnet</link>
      <guid isPermaLink="true">https://bara.xyz/posts/ctf/commnet</guid>
      <pubDate>Sun, 27 Jul 2025 00:00:00 +0000</pubDate>
      
      <description>Cut off from each other and besieged by undead propaganda, humanity’s survivors rely on CommNet—until the white-hats break in to silence the broadcast and reconnect the enclaves.</description>
      
      
      <category>ctf</category>
      
    </item>
    
    <item>
      <title>wafwaf - Web</title>
      <link>https://bara.xyz/posts/ctf/wafwaf</link>
      <guid isPermaLink="true">https://bara.xyz/posts/ctf/wafwaf</guid>
      <pubDate>Wed, 09 Jul 2025 00:00:00 +0000</pubDate>
      
      <description>My classmate Jason made this small and super secure note taking application, check it out!</description>
      
      
      <category>ctf</category>
      
    </item>
    
    <item>
      <title>My First Bounty</title>
      <link>https://bara.xyz/posts/bugbounty/first-bounty</link>
      <guid isPermaLink="true">https://bara.xyz/posts/bugbounty/first-bounty</guid>
      <pubDate>Fri, 25 Oct 2024 00:00:00 +0000</pubDate>
      
      <description>How did I get my first bounty?</description>
      
      
      <category>bugbounty</category>
      
    </item>
    
  </channel>
</rss>
