#Kicksecure
0 posts0 participants0 posts today
#Debian splash!
Fig 1. Neofetch can’t get past hypervisor to profile hardware in #Qubes
Fig 2. But even with permission hardener and and hide hw info from security misc in #Kicksecure,
admin can still get to #baremetal
How to block self-consciousness?
There are known unknowns, the unknown unknowns,
and the not to know in order to know unknowns . . .
Tips for latest Qubes: security-misc applied to #Whonix GW and WS, firejail dvm captive portal, onionize Dom0 sources and Whonix, remove xscreensaver
Fig 3. TB thinks https is a onionsite down ; )
Defenses for Sensitive .state (R/W)
#Rust memory safety
https://doc.rust-lang.org/book/ch04-01-what-is-ownership.html
https://yewtu.be/watch?v=VFIOSWy93H0
#Kicksecure & #Whonix – compare live to SUID controls
Permission Hardener
https://kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener
/wiki/Security-misc#SUID_Disabler_and_Permission_Hardener
User-SysMaint-Split
https://kicksecure.com/wiki/Dev/user-sysmaint-split
https://github.com/adrelanos #PatrickSchleizer
Flaws in #Cloud / #Virtualization (https://lemmy.world/post/24009127)
Ultravisor – can’t trust hyper anymore… (24:45) “protected memory areas”
https://media.ccc.de/v/36c3-107-the-challenges-of-protected-virtualization
https://www.kernel.org/doc/html/v5.9/virt/kvm/s390-pv.html
RPC and IRQ - #IBM
https://forum.osdev.org/viewtopic.php?t=23159
good/bad memory
https://en.wikipedia.org/wiki/Page_%28computer_memory%29
#Oracle Sovereign Cloud AI “Sentinel” – #LarryEllison tech profile and #technototalitarianism
https://www.youtube.com/watch?v=YHGztqtmlug
https://www.youtube.com/watch?v=5Hj-HtW-zRo
https://jbs.org/audio/analysis/the-collusion-against-your-freedom/ #ElonMusk
https://www.whiterabbitneo.com/
https://www.whonix.org/wiki/KVM#Why_Use_KVM_Over_VirtualBox?
VS. https://igniterefereeing.com.au/ 7GB for netinst!?
Mateusz Chrobok – #3mdeb #fightingforfreedom, State Considered Harmful, #OpenAI
https://3mdeb.com/why-fight-for-freedom/
https://www.youtube.com/watch?v=gke8WF6_UE4
https://blog.invisiblethings.org/papers/2015/state_harmful.pdf
doc.rust-lang.orgWhat is Ownership? - The Rust Programming Language
On Mobile Phone Security
https://www.kicksecure.com/wiki/Mobile_Phone_Security
#SS7 and #baseband #vulnerabilities
What about #mobian hardening on a #MechaComet with a cellular hat? Then there's only carrier protocol weaknesses...
If ISPs use microwave relays (the hated 'air' - remember Max Headroom) and NSA access points, is domestic broadband really secure either? But the cable or fiber doesn't have 'carrier' vulns.
https://www.kicksecure.com/wiki/Router_and_Local_Area_Network_Security
#kicksecure #whonix #docs #security-misc
Kicksecure · Mobile Devices Privacy and SecurityMobile devices security and data harvesting. Mobile security best practices and preventative measures against security breaches, data leaks, SIM Swapping Attacks, and more.
#ElSalvador #crypto #BTC #ETH #XMR
https://www.reuters.com/markets/currencies/el-salvadors-bitcoin-wallet-be-sold-or-discontinued-after-deal-with-imf-official-2024-12-19/
Developing secure crypto systems
https://www.kicksecure.com/wiki/Live_Mode
#Debian #Kicksecure #Whonix #Monero
https://forums.kicksecure.com/t/live-kicksecure-host-live-whonix-vm/779
Opt out of being robbed of sense to pay for your own oppression. No need to be complicit in the subjugation of yourself and others. Privacy and security for the people, transparency for the tyrrants! We need a confidential layer to enforce our Rights.
Encryption enforces Rights, the government violates them.
Tor subtleties:
stable Entry Guards makes it harder to detect using #TAILS
...but then taking additional steps like removing oniongrater from Whonix GW or adding Vanguards usually decreases the range of function for applications but also hardens and protects guards from deanonymization.
https://gitlab.tails.boum.org/tails/blueprints/-/wikis/persistent_Tor_state/
https://www.whonix.org/wiki/Tor_Entry_Guards
https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters/
GitLabpersistent_Tor_state · Wiki · tails / blueprints · GitLabIssues are tracked in https://gitlab.tails.boum.org/tails/tails/-/issues
@DukeDuke I use #QubesOS every day. Right now I am also trying #Kicksecure as a hardened template for QubesOS. You can run #whonix on top of QubesOS too.
You can read about the basic ideas here https://www.qubes-os.org/doc/how-to-organize-your-qubes/.
Make sure that you use disposables whenever possible. But know limitations too. While QubesOS provides strongest isolation right now probably, the damage from compromising even one compartment can be significant sometimes (e.g., messaging apps).
Qubes OS · How to organize your qubesWhen people first learn about Qubes OS, their initial reaction is often, “Wow, this looks really cool! But… what can I actually do with it?” It’s not always obvious which qubes you should create, what you should do in each one, and whether your organizational ideas makes sense from a se...
(plz hire me) @SoLSec i noticed the debian hashtag in your profile - have you checked out #kicksecure tho?
Kicksecure · Kicksecure - Secure by Default Operating SystemA secure by default operating system with the latest security research in place.
has anybody tried applying kicksecure's security-misc to proxmox?
GitHubGitHub - Kicksecure/security-misc: Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.com/wiki/Security-miscKernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure...
i shouldnt have any problems setting up ivpn on a kicksecure-based qube on qubes os, right?
Continued thread
if i go with proxmox, i'm gonna see if i can apply #kicksecure 's hardening to it (or at least as much as possible)
if xcp-ng, i'll probably just leave it mostly as-is tho i'd like to see if i could use a more recent base distro for dom0
Follow Along: Convert Debian To Hardened Kicksecure Linux + Whonix
https://tube.tchncs.de/videos/watch/4dc182e9-30e7-418e-8ec7-e586b87eb495
Kicksecure: Install Debian To Disk Of Choice (VIDEO 1)
https://tube.tchncs.de/videos/watch/70272cb8-cfcc-4d2e-98ed-5e5b3c32b15a
Lesetipps: Warum Discord, Reddit und WhatsApp infiltriert werden
#Lesetipps #Antiforensik #BlackBite #DarknetDiaries #Hardening #Kicksecure #Pentesting #WinRAR #ZeldaTotK https://tarnkappe.info/lesetipps/lesetipps-warum-discord-reddit-und-whatsapp-infiltriert-werden-275559.html
Tarnkappe.infoLesetipps: Warum Discord, Reddit und WhatsApp infiltriert werdenHeute geht es in unseren Lesetipps um raffinierte Spionage bei WhatsApp und Co. und hilfreiche Tools u.a. aus dem Bereich Antiforensik.
RightToPrivacy & Tech Tips Intro: Kicksecure Hardened Debian Linux Distribution With Kernel Changes / Upgrades Over Tor & Live Boot (Run On RAM / Forget) Options
(Whonix is based on Kicksecure)
#Linux #FOSS #Kicksecure #whonix #Debian #kernel #Tor #operatingsystems #infosec #Cybersecurity #privacy
INTRO: Kicksecure Hardened Debian Linux Distribution (VIDEO 1)
https://tube.tchncs.de/videos/watch/444295ba-57b5-4491-8e1e-e6aa266298cd
This week I’m gonna be playing with new #qubes templates using #kicksecure and #alpine (hopefully)
does anyone here have any experience with the #rockpro64? im planning on building a small home NAS, with #jellyfin for streaming.
the setup would be:
3x1tb drives in raid5
a rockpro64 with an IOcrest 4 port sata card
running #debian 
minimal install, with #kicksecure
all placed inside a pelican case (or any case like that)
would love you guys' input or any tips/advice:)
Replied in thread
@h3artbl33d
…a full system Mandatory Access Control is #Whonix / #Kicksecure (the hardened Debian on which Whonix is based - basically whonix workstation with all the tor stuff stripped out — https://www.whonix.org/wiki/Kicksecure )
They are using #AppArmor rather than #SELinux as its easier to do and its taken a couple of years to get things to a stage where its apparently getting reasonably usable.
https://github.com/Whonix/apparmor-profile-everything
https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339
@maryjane @zeh @rysiek @ted
www.whonix.orgKicksecure ™: A Security-hardened, Non-anonymous Linux DistributionKicksecure ™ is a security-hardened Debian based Linux distribution that provides better protection from malware.