/All/
|
index
catalog
recent
update
post
|
/math/
/tech/
/anime/
/misc/
/free/
/meta/
|
Guide
dark
mod
Log
P68951
Disposable VM's leave traces on your HDD/SSD even after disposal
Mon 2023-12-18 19:31:27
link
reply
8464b59d2ec51ffce2683ee5cd5967eb5dc4320c142f6761e8ba656df438a2d4.png
167 KiB 872x811 (Spoiler)
>I USe DIsposABle Vm'S i'M sAFe bRUh!
>DiSp VM's nOt AnTI FoRENsiC By DeFAuLT!
https://github.com/unman/notes/blob/master/Really_Disposable_Qubes.md
>inb4 w*gger unix
>inb4 Disposable VM's really are Disposable VM's
Referenced by:
P68971
P68977
P68986
P69096
P76682
P82109
P82139
P68956
Mon 2023-12-18 19:45:05
link
reply
Qubes = bloat
Why don't they use KVM instead of Xen hypervisor?
Isn't KVM more secure then Xen?
Referenced by:
P68995
P69012
P76770
P68957
Mon 2023-12-18 19:45:20
link
reply
>MASSIVE sudo *****, even after my warning
>using rm instead of shred
Should have made an OpenVMS virtual machine with its disks on an encrypted LUKS container.
Referenced by:
P68960
P68960
Mon 2023-12-18 19:58:02
link
reply
P68957
GUIDE FOR ANTi FORENSIC DISP VM's WHEN?!
>with its disks on an encrypted LUKS container.
like encrypted swap or you mean no swap?
Referenced by:
P68974
P68961
Mon 2023-12-18 19:59:30
link
reply
Just use modified Tails ISO as a VM case closed no?
Referenced by:
P68962
P68962
Mon 2023-12-18 20:07:56
link
reply
P68961
chroot into it and change:
the tails homepage to about:config
the tca to not check for updates
the torrc to have:
https://wiki.gentoo.org/wiki/Tor
StrictNodes 1
NodeFamily {au}, {ca}, {gb}, {nz}, {us}, {dk}, {fr}, {nl}, {no}, {be}, {de}, {it}, {es}, {se}, {jp}
# Japan is a honeypot for anime lovers
ExcludeExitNodes {jp}
P68971
Mon 2023-12-18 20:45:10
link
reply
P68951
Qubes sux ass and haz no GPU support last time i checked
Unless you can enable GPU in qubes i would use it as a daily driver
P68974
Mon 2023-12-18 20:59:53
link
reply
steph-shitpost-matrix.jpg
192 KiB 611x901
P68960
Don't use a swap unless you really need it, and then you'd have to worry about it too.
>>>>>>admin add code tags>>>>>>>>>>
dd if=/dev/zero of=container.img count=40000
40000+0 records in
40000+0 records out
20480000 bytes (20 MB, 20 MiB) copied, 0.0551829 s, 371 MB/s
losetup -f container.img
cryptsetup --type luks2 --verify-passphrase luksFormat /dev/loop4
WARNING!
========
This will overwrite data on /dev/loop4 irrevocably.
Are you sure? (Type 'yes' in capital letters): YES
Enter passphrase for /home/user/container.img:
Verify passphrase:
cryptsetup luksOpen /dev/loop4 ctexample
Enter passphrase for /home/user/container.img:
mkfs.ext2 /dev/mapper/ctexample
mke2fs 1.47.0 (5-Feb-2023)
Creating filesystem with 3616 1k blocks and 904 inodes
Allocating group tables: done
Writing inode tables: done
Writing superblocks and filesystem accounting information: done
mount /dev/mapper/ctexample /mnt/hd
ls /mnt/hd
lost+found/
....
umount /dev/mapper/ctexample
cryptsetup luksClose ctexample
losetup -d /dev/loop4
>>>>>>>>>>>>>>>admin add code tags>>>>>>>>>>
Stay away from journaling filesystems. Bonus points for renaming your container so it looks like something innocent (/usr/bin/gifcrop ?).
shred -u -v -z container.img and the chance of anyone getting what's inside is approaching zero.
Referenced by:
P68977
P68978
P68980
P68977
Mon 2023-12-18 21:09:15
link
reply
P68974
>dd if=/dev/zero
your just overwriting it that doesn't make it anti forensic
encrypted swap might as /dev/urandom looks no different then luks if you delete the luks header. depending on the system aka flash memory i think it would just hurt you in the long run and shorten your drives lifespan instead of just having it running in ram.
P68951
Why doesn't qubes come with a template for anti foresic vms?
all i see them say is just use muh tails as a vm inside qubes
P68978
Mon 2023-12-18 21:10:01
link
reply
P68974
>shred -u -v -z container.img and the chance of anyone getting what's inside is approaching zero.
>uses ssd
ITS OVER!
Referenced by:
P68985
P68995
Mon 2023-12-18 21:47:14
link
reply
P68956
>Qubes = bloat
Qubes is dogwater w*gger un*x shit made by israeli boomers
P68999
Mon 2023-12-18 22:08:43
link
reply
89841cdd660ae31f6883c28b3b35219c3a8ef21942b251cba921bbb663e2b099.png
1.83 MiB 1200x1600
>shred
>CAUTION: shred assumes the file system and hardware overwrite data in place.
wiggers cannot read
Referenced by:
P69105
P69010
Mon 2023-12-18 23:09:30
link
reply
i remember the literal day qubes came out and the moment i read "disposable vms" i cringed and imagined some fag doing that gay limp wrist thing as he says it
imagine even thinking linux desktop can be secured, you cant even secure linux if it was only on the built in VT. even if 99% of the shit is in sandbox it wont help. yes it really is that bad.
P69012
Mon 2023-12-18 23:35:59
link
reply
>VM's
h*pa tier
P68956
>Qubes = bloat
>Why don't they use KVM instead of Xen hypervisor?
KVM is unbelievably more bloat than Xen.
Referenced by:
P69096
P69014
Tue 2023-12-19 00:13:16
link
reply
e11090a172f246e29b0a5b2d54e5994a8bd1c5a40808961c142f4d3b31c71969.jpg
11.4 KiB 474x207
>when Feds try to plant evidence on your hard drives
Just don't use hard drives. Boot to ram.
Referenced by:
P69127
P69096
Tue 2023-12-19 23:53:17
link
reply
P68951
>blank page with javabloat enabled
P69012
This, so much this.
P69105
Wed 2023-12-20 01:31:19
link
reply
P68999
shred is ok but why would you want to do that when you could just mount something to tmpfs
ackually shred is gay and requires 6 gorillion writes to even be safe and effective on a flash memory aka SSD
Referenced by:
P69318
P69318
Thu 2023-12-21 00:20:58
link
reply
P69105
If you want to get rid of the container at some point. It's locked anyway so shred is kind of overkill but that's the idea.
P69612
Fri 2023-12-22 22:19:08
link
reply
7c389ff61a63a5e236a49aaeaac818bb6d133eeb0903c6b5463f500318fb805d.jpg
199 KiB 3000x3000
Trace this.
P69618
Fri 2023-12-22 23:04:35
link
reply
>using qubes
>leaving traces
not even once thanks you
P69627
Fri 2023-12-22 23:14:37
link
reply
>
https://github.com/unman/notes/blob/master/Really_Disposable_Qubes.md
Is this really the best implementation for disposable antiforensic vms in qubes?
P69646
Sat 2023-12-23 00:45:11
link
reply
>Disposable VM's leave traces on your HDD/SSD
They aren't called anti-forensic VMs. *shrug*
Is it not possible to mount them in tmpfs or do they leave traces on / anyway?
Referenced by:
P69660
P69660
Sat 2023-12-23 03:28:29
link
reply
P69646
people think they are tho
P69646
why not?
Referenced by:
P69665
P69665
Sat 2023-12-23 03:41:23
link
reply
P69660
>people think they are tho
Who? No one I've ever seen.
Referenced by:
P69666
P69666
Sat 2023-12-23 03:42:37
link
reply
P69665
***** i have seen *****s saying they use temp vms they safe
safe from malware but noit from forensics
P69820
Sun 2023-12-24 13:55:06
link
reply
>tmpfs
Will swap. Actually you want ramfs. Actually you don't want to use virtualization for this at all.
Referenced by:
P70061
P76682
P70061
Wed 2023-12-27 03:00:49
link
reply
P69820
ramfs is outdated chuddy lit tmpfs is ramfs now if you look it up just have no swap partition like a real happa
P76682
bump
Sat 2024-02-10 09:01:26
link
reply
P68951
So....admin spoilers this post but doesn't spoiler the soyjak spammer bait posts?
P69820
Will it swap if you have no swap partition?
Referenced by:
P76770
P76711
Sat 2024-02-10 15:09:26
link
reply
Just set up ZRAM zstd swap and increase the minimum free memory sysctl to around 80MB, else the VM hangs when Qubes steals too much memory from it.
Do this for all templates and dom0.
P76770
Sat 2024-02-10 18:47:51
link
reply
P68956
>Qubes = bloat
>Why don't they use KVM instead of Xen hypervisor?
It's actually the opposite, KVM is bloat because it drags the entire linux kernel into your trusted computing base.
>In short: we believe the Xen architecture allows for the creation of more secure systems (i.e. with a much smaller TCB, which translates to a smaller attack surface). We discuss this in much greater depth in our Architecture Specification document.
https://www.qubes-os.org/faq/#why-does-qubes-use-xen-instead-of-kvm-or-some-other-hypervisor
P76682
>Will it swap if you have no swap partition?
Will a boat sink if there is no water?
P76850
Sun 2024-02-11 01:42:26
link
reply
its disposable like a condom
you cant just leave the condom at your neighbours daughters house after the act
just clean up after yourself and youll be fine
Referenced by:
P76878
P77943
Fri 2024-02-16 19:23:25
link
reply
Qubes is BLOAT and there is no point of using it other then trying to be a w*gger hipster or wipster
Same could be achieved with a live cd that has different grub entries to boot into to different enviroments or operating systems
like next people will be saying gentoo is the most secure operating system or something else a low iq wh*toid would say
Referenced by:
P77944
P77944
Fri 2024-02-16 19:46:28
link
reply
20050117gentoo-377233453.jpg
29.8 KiB 250x320
P77943
>people will be saying gentoo is the most secure operating system
Gentoo can be more secure than other distros.
You need to compile the whole system from source which means you can enable extra compiler flags which makes any vulnerabilities in the code harder to exploit (but also makes it slower which is why they are not enabled by default in other distros). Gentoo also lets you disable features inside packages which you don't need to reduce attach surface (for example disable all code relating to ipv6 or dbus). And no two gentoo systems are identical so that's another thing that makes it harder to write exploits. All debian 12 systems have exactly the same kernel and binaries so one exploit can pwn all debian installs without worrying about some ROP gadget being at a different address because the user disabled a USE flag or something. If somebody told you that gentoo is more secure then that is the kind of stuff they were talking about.
>Qubes is BLOAT
Bloat is subjective. Bloat means stuff
[bold:
you
]
don't need. But you are not me. Qubes also has some unique features you can't really implement any other way like driver domains. You can split up hardware drivers and run them in different unprivileged vms so a rootkit or firmware bug in your network card can't pwn the entire system. It's not really possible to do that without xen + vt-d.
Referenced by:
P77946
P77947
P77950
P77946
Fri 2024-02-16 19:53:05
link
reply
P77944
>You need to compile the whole system from source
That includes the kernel. Since you know your own hardware you can compile out all the shit you don't need to minimize attack surface and then add extra hardening features like zeroing all memory before it enter/leaves kernel space and denying buffers spanning multiple page allocations and other stuff that makes low level exploitation harder.
P77947
Fri 2024-02-16 19:57:08
link
reply
P77944
>Gentoo can be more secure than other distros.
Can it be more secure than Qubes though? Qubes is a "meta distro", you can run Gentoo within it. There are templates available.
Referenced by:
P77948
P77948
Fri 2024-02-16 20:09:03
link
reply
P77947
I don't know if qubes supports running gentoo as dom0. I expect that at the very least you'll have to figure out how to compile the various management tools from source. You can always try and report back.
Also a sufficiently de-bloated and security optimized gentoo system inevitably starts looking a lot like alpine so you can save some time and just use alpine without losing too much.
P77950
Fri 2024-02-16 20:25:41
link
reply
P77944
>for example disable all code relating to ipv6
why not just disable it system wide it is GAE
my biggest thing is i dont want to wait a whole year for it to compile or else i would use gentoo
>All debian 12 systems have exactly the same kernel and binaries so one exploit can pwn all debian installs without worrying about some ROP gadget being at a different address because the user disabled a USE flag or something
Yeah so use whonix or kicksecure that has hardened defaults
P77951
sage
Fri 2024-02-16 20:31:11
link
reply
>inevitably starts looking a lot like alpine so you can save some time and just use alpine without losing too much.
>>alpine
> the system with no packages
> the system with bugs out the wa*****o
> crashing on you when u need it not to
> not crashing on you when u need it to
P82109
amnesia@amnesia:~$
Tue 2024-03-05 02:06:59
link
reply
P68951
Just use tails in VM on qubes thats what i'm doing right now to test the new version 6.0
Referenced by:
P82112
P82112
Tue 2024-03-05 02:27:02
link
reply
P82109
I would suggest only allowing a nordvpn qube to connect to tails qube
so it nordvpn -> tails -> arpanet
glowies seeth at this usage
what makes then seeth more is using discord this way
whonix gateway -> fedora -> discord
P82115
Tue 2024-03-05 02:39:11
link
reply
correction fedora would have nordvpn on it with a subscription u never connected to without the gateway
P82126
Tue 2024-03-05 03:25:51
link
reply
3fd1bca370bcdbf5385827005bdc52c8c9d69aa87beba4bfffcb537243b3ed8d.jpg
18.0 KiB 474x474
Hard isolation is better than soft isolation.
>Qubes
chipset backdoor gets order to download and run malware in the background, then starts sending all your ram data to attacker.
>hardware isolation
attacker sees you download and upload encrypted files, then move them to another machine they can't reach because you've isolated it from the internet, removed the wifi chip, no speaker/microphone.
There is a kind of USB hub/HDMI with a switch that allows you to rapidly switch between machines without removing the flash drive or whatever. So whatever you save to the flash drive and the screen and peripherals is transferred between machines with the press of a button, which allows you to use it like a second workspace, but with HARD isolation (assuming there's no kikery in the hub switch).
Does it scramble your external drives bad? If you're doing an operation on that drive at the time it surely can. You'll have to experiment.
And again, you can't do this on windows (and probably Apple) because it saves hidden mystery files on each drive.
Referenced by:
P82129
P82349
P82391
P87677
P82129
sage
Tue 2024-03-05 03:55:22
link
reply
P82126
>attacker sees you download and upload encrypted files, then move them to another machine they can't reach because you've isolated it from the internet, removed the wifi chip, no speaker/microphone.
>implying they can't pwn your other machine through malicious firmware on the device you use to transfer the files
nah, it's totally realistic that you'll be targeted with totally real chipset backdoors, but nothing like the latter exist, eh?
Referenced by:
P82131
P82131
Tue 2024-03-05 04:12:44
link
reply
>chipset backdoor gets order to download and run malware in the background, then starts sending all your ram data to attacker.
what do you mean "chipset backdoor"? like *****U, drivers, or BIOS firmware?
>(assuming there's no kikery in the hub switch).
Can you buy these in stores if not assume kikery via chinese supplychain attacks or modified via kikery considering amazon = DoD
P82129
im really confused about where this post came from and what they mean exactly
I read some kind of POC rececntly but it was using a hardware switch
Referenced by:
P82461
P82139
Tue 2024-03-05 04:32:43
link
reply
P68951
Why is OP's pic spoilered?
P82349
Wed 2024-03-06 13:40:50
link
reply
P82126
>kikery
u dont sound like u have to worry about hardware backdoors
also yes kvm switches are an insecure way of isolating
P82391
Wed 2024-03-06 19:49:09
link
reply
P82126
You mean something like this?
>Building an Affordable Data Diode to Protect Journalists
>
https://pep23.com/assets/pdf/pep23-paper7.pdf
Referenced by:
P82422
P82422
Wed 2024-03-06 21:13:52
link
reply
P82391
YES.
P82461
Thu 2024-03-07 01:10:36
link
reply
>>
P82131
>Can you buy these in stores if not assume kikery via chinese supplychain attacks or modified via kikery considering amazon = DoD
You could probably make one yourself by just dissecting the cords and creating a switch for the wires to either connect to one machine or another without the wear and tear of unplugging stuff. But yeah, they are sold in stores, but probably mostly online.
>what do you mean "chipset backdoor"? like *****U, drivers, or BIOS firmware?
I meant chip. Sorry.
Referenced by:
P82491
P82491
Thu 2024-03-07 03:20:21
link
reply
P82461
(YOU) w*\gger *****up
P87005
Sun 2024-03-31 09:39:29
link
reply
Why do you need GPU?
Referenced by:
P87176
P87176
Mon 2024-04-01 03:46:52
link
reply
>>
P87005
for 4 inches of graphics pixels fr
Referenced by:
P87677
P87677
Tue 2024-04-02 04:06:07
link
reply
P87176
GPU cold be supported after GUI-vm implementation, which would contain graphics drivers and all their possible exploits.
P82126
Hardware isolation (actually, hardware+software isolation) would be desirable if there was some way to share clipboard contents including files between devices. Airgapped clipboard share is possible with generating on-screen QRs and scanning them, scanning a series of QRs if we need to transfer a lot of data. And there is such software.
Also I would prefer to isolate my whonix gateway on separate machine, obviously connected by eth so no airgap but still better then having actual clearnet connection to pc, one virtualization-escape and your IP is leaked.
I personally worry more about IntelME and same thing from AMD. Disabling and dismembering it is not enough.
Also yea chip backdoors.
P87732
Tue 2024-04-02 07:49:23
link
reply
>Airgapped clipboard share is possible with generating on-screen QRs and scanning them, scanning a series of QRs if we need to transfer a lot of data.
If you needed small text copy and pasting from one machine to another, maybe you could set up a one way video data (HDMI VGA, etc are two way and could carry data from one computer to another, you'd want to convert that to an analog video cord) from the computer you need to copy from to the one you need to copy to and have some text reading plugin for the stream player?
It's not that hard to just copy and paste text into a txt file, hit save to flash drive, and then switch to the other computer and open the file. It's probably easier and more reliable than some cam text reading program anyway.
P94076
Sat 2024-05-18 03:03:03
link
reply
P93972
brought me here and I have never used Qubes before.
How do you set up
[bold:
actually disposable Qubes-VMs?
P95855
Sun 2024-06-02 00:34:28
link
reply
Does Qubes have
https://github.com/unman/notes/blob/master/Really_Disposable_Qubes.md
built in as a template now?
P95927
Sun 2024-06-02 14:33:37
link
reply
>Gooba gooba goo shred
>Unga bunga woopa gop VMs files leftover bix nood
Shred does almost nothing useful on a SSD except waste some extra writes. On a HDD it's filesystem dependent and still worse than just encrypting a file irrecoverably then deleting it.
Encrypt your drive fully so that people don't find "leftover files" when you throw it away someday. Other than that I don't see your use case, if it's a shared computer you should be be running that VM bloatware in a container/jail setup to wipe itself at the end, or in RAM. I guess you could set up a gocryptfs directory to be the root of where the jail is, then close it at the end and delete it if this runs on a disk, most directory level encryption solutions are a bit shit so there's some metadata leftover. RAM encryption is some pricey hardware feature somewhere, good luck with that, but it is real.
P97914
https://github.com/aforensics/HiddenVM
Wed 2024-06-19 05:03:17
link
reply
HAS ANYONE USED THIS?
https://github.com/aforensics/HiddenVM
Referenced by:
P98538
P98538
Sun 2024-06-23 16:35:50
link
reply
186987c95fcbdcca2d582b804d5a1e3ef48ecd2b133aa2703fe304fe43dc3d3f.jpg
300 KiB 1920x1080
P97914
Looks like Tails with VirtualBox preinstalled. It's a nice idea but I wouldn't trust Oracle with anything security related.
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=virtualbox
Mod Controls:
x
Reason: