I have a question about Whonix/Tor Browser exploits. I have played around a bit with Metasploit to see how browser exploits work.
They basically rig a web page with exploits, and then it does what's known as "arbitrary code execution", to open up a "remote shell". As far as I can tell.. the remote shell is running in the browser's RAM. They are essentially hi-jacking the browser's RAM, and using it to run their own remote shell. The hacker then usually loads a file from the remote shell, onto the computer's hard drive, in order to obtain persistence... As soon as the browser tab closes, the remote shell is gone, hence why they need persistence. So my question is about persistence. Is it possible to simply remove the hard drive altogether from Whonix, to prevent them achieving persistence...? I know that TAILS simply doesn't have a hard drive at all. Would this be useful to have in Whonix..? To remove the hard drive altogether, perhaps in VM Settings in QUBES...? Or is it possible to run a Xen exploit purely in the browser's RAM anyway...? Thus, they don't even need a hard drive because they can just run the exploit in RAM anyway...? So the main question is really whether they can run the Xen exploit in RAM anyway.... or not.... If not, then surely removing the hard drive itself would be useful...? Hopefully you understand my question. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6738a699-2afb-4a73-ade2-203608f142a8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
