P68951 Disposable VM's leave traces on your HDD/SSD even after disposal link reply
>I USe DIsposABle Vm'S i'M sAFe bRUh!
>DiSp VM's nOt AnTI FoRENsiC By DeFAuLT!

https://github.com/unman/notes/blob/master/Really_Disposable_Qubes.md

>inb4 w*gger unix
>inb4 Disposable VM's really are Disposable VM's
P68956 link reply
Qubes = bloat
Why don't they use KVM instead of Xen hypervisor?

Isn't KVM more secure then Xen?
P68957 link reply
>MASSIVE sudo *****, even after my warning
>using rm instead of shred

Should have made an OpenVMS virtual machine with its disks on an encrypted LUKS container.
P68960 link reply
P68957
GUIDE FOR ANTi FORENSIC DISP VM's WHEN?!
>with its disks on an encrypted LUKS container.
like encrypted swap or you mean no swap?
P68961 link reply
Just use modified Tails ISO as a VM case closed no?
P68962 link reply
P68961
chroot into it and change:
the tails homepage to about:config
the tca to not check for updates
the torrc to have:
https://wiki.gentoo.org/wiki/Tor

StrictNodes 1
NodeFamily {au}, {ca}, {gb}, {nz}, {us}, {dk}, {fr}, {nl}, {no}, {be}, {de}, {it}, {es}, {se}, {jp}
# Japan is a honeypot for anime lovers
ExcludeExitNodes {jp}
P68971 link reply
P68951
Qubes sux ass and haz no GPU support last time i checked

Unless you can enable GPU in qubes i would use it as a daily driver
P68974 link reply
P68960
Don't use a swap unless you really need it, and then you'd have to worry about it too.

>>>>>>admin add code tags>>>>>>>>>>
dd if=/dev/zero of=container.img count=40000
40000+0 records in
40000+0 records out
20480000 bytes (20 MB, 20 MiB) copied, 0.0551829 s, 371 MB/s

losetup -f container.img

cryptsetup --type luks2 --verify-passphrase luksFormat /dev/loop4

WARNING!
========
This will overwrite data on /dev/loop4 irrevocably.

Are you sure? (Type 'yes' in capital letters): YES
Enter passphrase for /home/user/container.img:
Verify passphrase:

cryptsetup luksOpen /dev/loop4 ctexample
Enter passphrase for /home/user/container.img:

mkfs.ext2 /dev/mapper/ctexample
mke2fs 1.47.0 (5-Feb-2023)
Creating filesystem with 3616 1k blocks and 904 inodes

Allocating group tables: done
Writing inode tables: done
Writing superblocks and filesystem accounting information: done

mount /dev/mapper/ctexample /mnt/hd

ls /mnt/hd
lost+found/

....

umount /dev/mapper/ctexample
cryptsetup luksClose ctexample
losetup -d /dev/loop4
>>>>>>>>>>>>>>>admin add code tags>>>>>>>>>>

Stay away from journaling filesystems. Bonus points for renaming your container so it looks like something innocent (/usr/bin/gifcrop ?).

shred -u -v -z container.img and the chance of anyone getting what's inside is approaching zero.

P68977 link reply
P68974
>dd if=/dev/zero
your just overwriting it that doesn't make it anti forensic
encrypted swap might as /dev/urandom looks no different then luks if you delete the luks header. depending on the system aka flash memory i think it would just hurt you in the long run and shorten your drives lifespan instead of just having it running in ram.

P68951
Why doesn't qubes come with a template for anti foresic vms?
all i see them say is just use muh tails as a vm inside qubes
P68978 link reply
P68974
>shred -u -v -z container.img and the chance of anyone getting what's inside is approaching zero.
>uses ssd

ITS OVER!
P68995 link reply
P68956
>Qubes = bloat
Qubes is dogwater w*gger un*x shit made by israeli boomers
P68999 link reply
>shred
>CAUTION: shred assumes the file system and hardware overwrite data in place.

wiggers cannot read
P69010 link reply
i remember the literal day qubes came out and the moment i read "disposable vms" i cringed and imagined some fag doing that gay limp wrist thing as he says it
imagine even thinking linux desktop can be secured, you cant even secure linux if it was only on the built in VT. even if 99% of the shit is in sandbox it wont help. yes it really is that bad.
P69012 link reply
>VM's
h*pa tier
P68956
>Qubes = bloat
>Why don't they use KVM instead of Xen hypervisor?

KVM is unbelievably more bloat than Xen.
P69014 link reply
>when Feds try to plant evidence on your hard drives

Just don't use hard drives. Boot to ram.
P69096 link reply
P68951
>blank page with javabloat enabled

P69012
This, so much this.
P69105 link reply
P68999
shred is ok but why would you want to do that when you could just mount something to tmpfs
ackually shred is gay and requires 6 gorillion writes to even be safe and effective on a flash memory aka SSD
P69318 link reply
P69105
If you want to get rid of the container at some point. It's locked anyway so shred is kind of overkill but that's the idea.
P69612 link reply
Trace this.
P69618 link reply
>using qubes
>leaving traces

not even once thanks you
P69627 link reply
>https://github.com/unman/notes/blob/master/Really_Disposable_Qubes.md
Is this really the best implementation for disposable antiforensic vms in qubes?
P69646 link reply
>Disposable VM's leave traces on your HDD/SSD
They aren't called anti-forensic VMs. *shrug*

Is it not possible to mount them in tmpfs or do they leave traces on / anyway?
P69660 link reply
P69646
people think they are tho

P69646
why not?
P69665 link reply
P69660
>people think they are tho
Who? No one I've ever seen.
P69666 link reply
P69665
***** i have seen *****s saying they use temp vms they safe
safe from malware but noit from forensics
P69820 link reply
>tmpfs
Will swap. Actually you want ramfs. Actually you don't want to use virtualization for this at all.
P70061 link reply
P69820
ramfs is outdated chuddy lit tmpfs is ramfs now if you look it up just have no swap partition like a real happa
P76682 bump link reply
P68951
So....admin spoilers this post but doesn't spoiler the soyjak spammer bait posts?

P69820
Will it swap if you have no swap partition?
P76711 link reply
Just set up ZRAM zstd swap and increase the minimum free memory sysctl to around 80MB, else the VM hangs when Qubes steals too much memory from it.
Do this for all templates and dom0.
P76770 link reply
P68956
>Qubes = bloat
>Why don't they use KVM instead of Xen hypervisor?

It's actually the opposite, KVM is bloat because it drags the entire linux kernel into your trusted computing base.
>In short: we believe the Xen architecture allows for the creation of more secure systems (i.e. with a much smaller TCB, which translates to a smaller attack surface). We discuss this in much greater depth in our Architecture Specification document.
https://www.qubes-os.org/faq/#why-does-qubes-use-xen-instead-of-kvm-or-some-other-hypervisor

P76682
>Will it swap if you have no swap partition?
Will a boat sink if there is no water?
P76850 link reply
its disposable like a condom
you cant just leave the condom at your neighbours daughters house after the act
just clean up after yourself and youll be fine
P77943 link reply
Qubes is BLOAT and there is no point of using it other then trying to be a w*gger hipster or wipster
Same could be achieved with a live cd that has different grub entries to boot into to different enviroments or operating systems
like next people will be saying gentoo is the most secure operating system or something else a low iq wh*toid would say
P77944 link reply
P77943
>people will be saying gentoo is the most secure operating system
Gentoo can be more secure than other distros.

You need to compile the whole system from source which means you can enable extra compiler flags which makes any vulnerabilities in the code harder to exploit (but also makes it slower which is why they are not enabled by default in other distros). Gentoo also lets you disable features inside packages which you don't need to reduce attach surface (for example disable all code relating to ipv6 or dbus). And no two gentoo systems are identical so that's another thing that makes it harder to write exploits. All debian 12 systems have exactly the same kernel and binaries so one exploit can pwn all debian installs without worrying about some ROP gadget being at a different address because the user disabled a USE flag or something. If somebody told you that gentoo is more secure then that is the kind of stuff they were talking about.

>Qubes is BLOAT
Bloat is subjective. Bloat means stuff [bold: you] don't need. But you are not me. Qubes also has some unique features you can't really implement any other way like driver domains. You can split up hardware drivers and run them in different unprivileged vms so a rootkit or firmware bug in your network card can't pwn the entire system. It's not really possible to do that without xen + vt-d.
P77946 link reply
P77944
>You need to compile the whole system from source
That includes the kernel. Since you know your own hardware you can compile out all the shit you don't need to minimize attack surface and then add extra hardening features like zeroing all memory before it enter/leaves kernel space and denying buffers spanning multiple page allocations and other stuff that makes low level exploitation harder.
P77947 link reply
P77944
>Gentoo can be more secure than other distros.
Can it be more secure than Qubes though? Qubes is a "meta distro", you can run Gentoo within it. There are templates available.
P77948 link reply
P77947
I don't know if qubes supports running gentoo as dom0. I expect that at the very least you'll have to figure out how to compile the various management tools from source. You can always try and report back.

Also a sufficiently de-bloated and security optimized gentoo system inevitably starts looking a lot like alpine so you can save some time and just use alpine without losing too much.
P77950 link reply
P77944
>for example disable all code relating to ipv6
why not just disable it system wide it is GAE
my biggest thing is i dont want to wait a whole year for it to compile or else i would use gentoo

>All debian 12 systems have exactly the same kernel and binaries so one exploit can pwn all debian installs without worrying about some ROP gadget being at a different address because the user disabled a USE flag or something
Yeah so use whonix or kicksecure that has hardened defaults

P77951 sage link reply
>inevitably starts looking a lot like alpine so you can save some time and just use alpine without losing too much.
>>alpine
> the system with no packages
> the system with bugs out the wa*****o
> crashing on you when u need it not to
> not crashing on you when u need it to
P82109 amnesia@amnesia:~$ link reply
P68951
Just use tails in VM on qubes thats what i'm doing right now to test the new version 6.0
P82112 link reply
P82109
I would suggest only allowing a nordvpn qube to connect to tails qube
so it nordvpn -> tails -> arpanet
glowies seeth at this usage
what makes then seeth more is using discord this way
whonix gateway -> fedora -> discord
P82115 link reply
correction fedora would have nordvpn on it with a subscription u never connected to without the gateway
P82126 link reply
Hard isolation is better than soft isolation.

>Qubes
chipset backdoor gets order to download and run malware in the background, then starts sending all your ram data to attacker.

>hardware isolation
attacker sees you download and upload encrypted files, then move them to another machine they can't reach because you've isolated it from the internet, removed the wifi chip, no speaker/microphone.

There is a kind of USB hub/HDMI with a switch that allows you to rapidly switch between machines without removing the flash drive or whatever. So whatever you save to the flash drive and the screen and peripherals is transferred between machines with the press of a button, which allows you to use it like a second workspace, but with HARD isolation (assuming there's no kikery in the hub switch).

Does it scramble your external drives bad? If you're doing an operation on that drive at the time it surely can. You'll have to experiment.

And again, you can't do this on windows (and probably Apple) because it saves hidden mystery files on each drive.
P82129 sage link reply
P82126
>attacker sees you download and upload encrypted files, then move them to another machine they can't reach because you've isolated it from the internet, removed the wifi chip, no speaker/microphone.
>implying they can't pwn your other machine through malicious firmware on the device you use to transfer the files

nah, it's totally realistic that you'll be targeted with totally real chipset backdoors, but nothing like the latter exist, eh?
P82131 link reply
>chipset backdoor gets order to download and run malware in the background, then starts sending all your ram data to attacker.
what do you mean "chipset backdoor"? like *****U, drivers, or BIOS firmware?

>(assuming there's no kikery in the hub switch).
Can you buy these in stores if not assume kikery via chinese supplychain attacks or modified via kikery considering amazon = DoD

P82129
im really confused about where this post came from and what they mean exactly
I read some kind of POC rececntly but it was using a hardware switch
P82139 link reply
P68951
Why is OP's pic spoilered?
P82349 link reply
P82126
>kikery
u dont sound like u have to worry about hardware backdoors
also yes kvm switches are an insecure way of isolating
P82391 link reply
P82126
You mean something like this?

>Building an Affordable Data Diode to Protect Journalists
> https://pep23.com/assets/pdf/pep23-paper7.pdf
P82422 link reply
P82391
YES.
P82461 link reply
>>P82131

>Can you buy these in stores if not assume kikery via chinese supplychain attacks or modified via kikery considering amazon = DoD

You could probably make one yourself by just dissecting the cords and creating a switch for the wires to either connect to one machine or another without the wear and tear of unplugging stuff. But yeah, they are sold in stores, but probably mostly online.

>what do you mean "chipset backdoor"? like *****U, drivers, or BIOS firmware?

I meant chip. Sorry.

P82491 link reply
P82461
(YOU) w*\gger *****up
P87005 link reply
Why do you need GPU?
P87176 link reply
>>P87005

for 4 inches of graphics pixels fr
P87677 link reply
P87176
GPU cold be supported after GUI-vm implementation, which would contain graphics drivers and all their possible exploits.

P82126
Hardware isolation (actually, hardware+software isolation) would be desirable if there was some way to share clipboard contents including files between devices. Airgapped clipboard share is possible with generating on-screen QRs and scanning them, scanning a series of QRs if we need to transfer a lot of data. And there is such software.
Also I would prefer to isolate my whonix gateway on separate machine, obviously connected by eth so no airgap but still better then having actual clearnet connection to pc, one virtualization-escape and your IP is leaked.

I personally worry more about IntelME and same thing from AMD. Disabling and dismembering it is not enough.
Also yea chip backdoors.

P87732 link reply
>Airgapped clipboard share is possible with generating on-screen QRs and scanning them, scanning a series of QRs if we need to transfer a lot of data.

If you needed small text copy and pasting from one machine to another, maybe you could set up a one way video data (HDMI VGA, etc are two way and could carry data from one computer to another, you'd want to convert that to an analog video cord) from the computer you need to copy from to the one you need to copy to and have some text reading plugin for the stream player?

It's not that hard to just copy and paste text into a txt file, hit save to flash drive, and then switch to the other computer and open the file. It's probably easier and more reliable than some cam text reading program anyway.
P94076 link reply
P93972 brought me here and I have never used Qubes before.
How do you set up [bold: actually disposable Qubes-VMs?
P95855 link reply
P95927 link reply
>Gooba gooba goo shred
>Unga bunga woopa gop VMs files leftover bix nood

Shred does almost nothing useful on a SSD except waste some extra writes. On a HDD it's filesystem dependent and still worse than just encrypting a file irrecoverably then deleting it.
Encrypt your drive fully so that people don't find "leftover files" when you throw it away someday. Other than that I don't see your use case, if it's a shared computer you should be be running that VM bloatware in a container/jail setup to wipe itself at the end, or in RAM. I guess you could set up a gocryptfs directory to be the root of where the jail is, then close it at the end and delete it if this runs on a disk, most directory level encryption solutions are a bit shit so there's some metadata leftover. RAM encryption is some pricey hardware feature somewhere, good luck with that, but it is real.
P97914 https://github.com/aforensics/HiddenVM link reply
P98538 link reply
P97914
Looks like Tails with VirtualBox preinstalled. It's a nice idea but I wouldn't trust Oracle with anything security related. https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=virtualbox
x