Added more content to `anotherguide.md along with relocating it. Created tools.md`, updated the blog.

This commit is contained in:
deathrow 2022-05-02 18:51:14 -04:00
parent 62382e4d34
commit 735b858ca4
No known key found for this signature in database
GPG Key ID: FF39D67A22069F73
7 changed files with 541 additions and 233 deletions

View File

@ -19,9 +19,17 @@ avatar: off # Show avatar (on | off)
highlighter_theme: monokai # Theme of the syntax_highlighter [base16 |
# colorful | github | gruvbox | molokai |
# monokai | pastie | thankful_eyes | tulip ]
toolbar_priority: # Order of the items in the toolbar (except for blog and home)
# Order of the items in the toolbar (except for blog and home)
toolbar_priority:
- Guides
- dropdown1
- dropdown2
- blog
# Collections
collections:
guide:
output: true
dropdown:
output: true
items:

202
_items/Another guide.md Normal file
View File

@ -0,0 +1,202 @@
---
layout: page
description: Just... a guide
title: <div style="text-align:center;"> Another Guide :/ </div>
---
<div style="text-align:center;">
<p><i>“You never appreciate your anonymity until you don't have it anymore"</i></p>
</div>
<!--
<div style="text-align:center;">
<h1>Another Guide</h1>
<p><i>“You never appreciate your anonymity until you don't have it anymore"</i></p>
<br>
<l> <a href="https://github.com/AnonyPla-ng/thgtoa">Please consider supporting this guide.</a></l>
<br>
<br>
<l><a href="/">Home</a></l>
<l> | </l>
<l> <a href="./blog.html">Blogs</a></l>
<l> | </l>
<l> <a href="./anotherguide.html">Another Guide :/</a></l>
<br>
<br>
<p><b>Coming Soon:</b></p>
<l><a href="./tools.html">Tools</a></l>
<l> - </l>
<l><a href="">Mastadon Instance</a></l>
<l> - </l>
<l> <a href="">RSS Feed</a></l>
<l> - </l>
<l> <a href="">Forum</a></l>
<li></li>
<l> <a href="">About</a></l>
<l> - </l>
<l> <a href="">Contact</a></l>
<l> - </l>
<l> <a href="">Donate</a></l>
</div>
-->
The Guide
---------
<div class="alert alert-info" role="alert">
<strong>Note:</strong> This is still a work in progress!
</div>
Well... I never thought i'd be making a guide so, here we go.... I guess....
Let's define a few important things here:
`Adversary: Your threat.`
`Privacy: The act of your personal activities being hidden from public.`
`Security: The act of protecting yourself and online content such as files from either known and / or unknown adversary.`
`Anonymity: The act of hiding yourself to become indistinguishable from everyone else. (blending in)`
### Getting Started
_Disclaimer: This is for education / research._
##### Table of contents:
\>> [Important Concepts](#important-concepts) <br>
\>> [Proper Mindset](#proper-mindset) <br>
\>> [Knowing Your Adversary](#knowing-your-adversary) <br>
\>> [Setting Goals](#setting-goals) <br>
\>> [Creating Your Threat model](#creating-your-threat-model) <br>
\>> [Knowing Resources](#knowing-resources) <br>
\>> [Getting Ready to "clean up"](#getting-ready-to-"clean-up") <br>
\>> [Setting Your Foundation](#setting-your-foundation) <br>
#### __Important Concepts__
This guide requires you to understand various important concepts in order to truly be anonymous - The following below is to be ASSUMED.
* Understanding of TOR and Its threats<!--(put link here) -->
* Understanding benefits and downfalls of a VPN <!--(PUT LINK HERE) -->
* Understanding important privacy concepts <!--(PUT LINK HERE) -->
* Understanding important security concepts <!--(PUT LINK HERE or make a section) -->
* Understanding the principles of thread modeling <!--(PUT LINK HERE) -->
* Understanding how the internet functions
#### __Proper Mindset__
Having the proper mindset when starting a process like this, is critical for success. You must be both willing and determined.
Here is a general thought process...
* Always always always know what you are doing. You don't want to compromise yourself because you _thought_ you knew what you were doing. Make sure 100%. Do research **before**.
* Have a strong mind. Most flaws are user error, meaning YOU. Having a strong mind is critical. You must be in a clear state of mind, and almost be "talking to yourself" mentally. Ask yourself before you do something "is this right". A good memory is CRITICAL. You are going to need to remember almost **EVERYTHING** you do on the internet if you want to do this _"properly"._ Don't be compromised because you forgot something. Let's eliminate user error. More on this subject will be later in this _guide._
* Take over-procedures. Don't "skimp" out on encryption because you don't feel like entering in a password. Don't be lazy.
* Do not compromise your security for a friend. If they are your friend, they will respect your new-founded love for being secure.
* Do not reveal more than you need to. MMJ doesn't need to know what you had for lunch.
(things to keep in mind)* Reveal as little about yourself and origin as possible.
* Remember - you can be identified by more ways than you can imagine.
* Do not trust anyone.
* Your life will change drastically.
* Do not be lazy
#### __Setting Goals__
We need to understand what we are trying to accomplish.
Think - what are you trying to do?
You need to properly identify a *threat model*, an *adversary* along with performing a self-analysis. You need to understand your own flaws.
#### __Creating your threat model__
The most important part of your setup.
Threat modeling can become an advanced topic, you will need to learn how to balance security, privacy and anonymity. You'll need to properly layout and identify what you are protecting yourself from. Everyone has something to protect, whether it is passwords, location, internet activity, confidential documents, etc. The items you are trying to protect will be referred here as "assets".
Ask yourself these basic questions:
- What am I trying to protect?
- Who am I trying to protect this from?
- What happens if I fail to protect this?
These are some basic questions to ask yourself when creating your threat model. Based upon your answers to these questions, will determine the route you must go. Example - You don't want your neighbor Joe to see you sleeping, so you close your blinds.
Developing a threat model will require a lot of time and effort. You will need to think of every possibility for your "assets". Using your resources. you will need to start documenting various tools and services will be a benefit to you, such as ProtonMail, TOR, Matrix, etc. The tools and services will all depend on your threat model.
Examples:
- If you are trying to hide internet activity, then you would likely use a proxy, TOR, or a VPN.
- If you want to encrypt your emails, you would likely use a secure email provider and PGP.
- If you want to encrypt your communications, you would likely use an encrypted messenger.
Listed below are some useful resources for getting started.
- [Techlore Threat Modeling](https://tube.cthd.icu/watch?v=DHZRhboZhfI)
- [EFF Threat Modeling](https://ssd.eff.org/en/module/your-security-plan)
#### __Knowing Resources__
Along your journey, you'll need to have the proper resources at hand to deal with any sort of situation you will be facing. Get yourself accustomed to these resources to better understand various conceptions and prepare yourself.
##### Common Tools:
- [PrivacyGuides](https://privacyguides.org)
- [PrivacyTools](https://privacytools.io)
- [PRISM Break](https://prism-break.org/)
- [Techlore - YouTube](https://invidious-us.kavin.rocks/channel/UCs6KfncB4OV6Vug4o_bzijg)
- [The Hated One - YouTube](https://invidio.xamh.de/channel/UCjr2bPAyPV7t35MvcgT3W8Q)
##### More:
- [Tor Project](https://torproject.org)
#### __Getting Ready to "clean up"__
What is _"cleaning up"?_
Simply put, cleaning up is the process of deleting your various traces on the internet. For the average person, this will be a long and arduous process. You'll have to go through every single online account, email, activity, forum, message, game, etc. and literally delete *everything*. This may seem extremely tedious - but remember, your adversary can easily find these data points and exploit them.
How to do this efficiently? Well... there is no "efficient" method, you just have to brute force this all of your data points have somewhat been eliminated.
You can first start by going to various apps that you are already signed into, start to delete all of your activities, message, posts and friends. You'll have to do this for all of your "currently-known" services. After you've done this, make sure everything is deleted including your PfP, and change your username, anonymize as much data as possible such as changing username, email and other s. After you've done this, you are now ready to delete this account.
As for finding services you may have forgotten, look through your entire email and find services you may have signed up for and start to do the same process. Try to search up your commonly-used usernames to help you with this process. Do this for every single account, just to ensure there is not anything that you may have missed.
There are some services which exist that can help expedite this process, though be aware of the risks involved in doing this.
#### __Setting your foundation__
Our foundation will be the core of our setup. Everything done here will impact the level of security, privacy and anonymity that we have.
##### Choosing an Operating System
Choosing our operating system is one of the most important pieces for this setup. This guide will be focused around [QubesOS](https://qubes-os.org), but any type of linux/unix OS should be suitable as long as it is properly configured & hardened for our needs.
###### QubesOS
For our setup with Qubes, we are going to be heavily utilizing virtualization. Ensure your PC has enough RAM. Make sure you verify the ISO and such. During installation, ensure to encrypt the disk along with a secure password as an insecure one could easily comprise the entire system. Ensure that Whonix will be installed along with updates over TOR. After installation, ensure everything is updated. Let's startup by creating some basic VMs. To start, clone ``vault`` and create ``pgp-keys`` and ``ssh-keys`` to store our keys securely. Both should have __no internet access__. We will need to properly setup [split-pgp](https://qubes-os.org/doc/split-gpg) and split-ssh.
As for networking, if you have a VPN service such as ProtonVPN, you are able to utilize ``qtunnel`` and setup multiple VPNs. For each of our VPN VMs, we will need a ``sys-firewall``. If you wanted a dedicated ``sys-dns``, you would be able to do this as well. Make sure to read the proper documentation on how to achieve this.
``sys-net`` -> ``sys-firewall`` -> ``sys-vpn`` -> ``sys-firewall-vpn``
##### Creating our aliases
For setting our foundation, we are going to be creating a variety of aliases and each of these aliases are going to each need an "arsenal". For step 1 we are going to need a password manager.
Upon creating our aliases we will have several different approaches:
1. Each username, email, and other will be completely random
2. Each alias will have its own email, username, etc.

235
_items/tools.md Normal file
View File

@ -0,0 +1,235 @@
---
layout: default
description: Tools to use for your benefit
title: <div style="text-align:center;"> Tools </div>
---
<div style="text-align:center;">
<p><i>“If you stay here, you become lost. And no one can find you."</i></p>
</div>
<div class="alert alert-info" role="alert">
<strong>Heads up!</strong> This is still a work in progress!
</div>
<!--<h1>Tools.</h1>
<br>
<l> <a href="https://github.com/AnonyPla-ng/thgtoa">Please consider supporting this guide.</a></l>
<br>
<br>
<l><a href="/">Home</a></l>
<l> | </l>
<l> <a href="./blog.html">Blogs</a></l>
<l> | </l>
<l> <a href="./anotherguide.html">Another Guide :/</a></l>
<br>
<br>
<p><b>Coming Soon:</b></p>
<l><a href="./tools.html">Tools</a></l>
<l> - <> </l>
<l><a href="">Mastadon Instance</a></l>
<l> - </l>
<l> <a href="">RSS Feed</a></l>
<l> - </l>
<l> <a href="">Forum</a></l>
<li></li>
<l> <a href="">About</a></l>
<l> - </l>
<l> <a href="">Contact</a></l>
<l> - </l>
<l> <a href="">Donate</a></l>
</div>
-->
### Getting Started
_Disclaimer: This is for education / research._
##### Table of contents:
\>> [2FA](#2fa) <br>
\>> [Books](#books) <br>
\>> [Browser](#browser) <br>
\>> [Crypto](#crypto) <br>
\>> [Developer Tools](#developer-tools) <br>
\>> [DNS](#dns) <br>
\>> [Domain Registrar](#domain-registrar) <br>
\>> [Encryption](#encryption) <br>
\>> [Frontends & Social Media](#frontends--social-media) <br>
\>> [Mail Providers](#mail-providers) <br>
\>> [Messengers](#messengers) <br>
\>> [Operating System](#operating-system) <br>
\>> [Password Managers](#password-managers) <br>
\>> [Search Engine](#search-engine) <br>
\>> [Upcoming](#upcoming) <br>
<br>
#### __2FA__
- [Aegis](https://github.com/beemdevelopment/Aegis) (Mobile)
- [andOTP](https://github.com/andOTP/andOTP) (Mobile)
#### __Books__
#### __Browser__
- [TOR Browser](https://torproject.org) <!--Add Tor site-->
- [Firefox](https://mozilla.org)
- [Vanadium](https://vanadium.app) (Mobile)
- [Bromite](https://bromite.org) (Mobile)
##### Browser Extensions
- [ClearURL](https://github.com/ClearURLs/Addon)
<img class="app" src="https://www.privacytools.io/img/apps/ublock-origin.svg">
- [UBlock Origin](https://github.com/gorhill/uBlock)
- [NoScript](https://github.com/hackademix/noscript)
- [LocalCDN](https://codeberg.org/nobody/LocalCDN)
- [CanvasBlocker](https://github.com/kkapsner/CanvasBlocker)
- [Libredirect](https://github.com/libredirect/libredirect)
#### __Crypto__
#### Currencies
- [Monero](https://getmonero.org) <!--Add Tor site-->
- [ZCash](https://z.cash)
#### Wallets
- [Exodus](https://exodus.com)
#### __Developer Tools__
- [hCaptcha](https://hcaptcha.com)
- [Supabase](https://supabase.io)
- [VSCodium](https://vscodium.com)
#### __DNS__
#### __Domain Registrar__
- [Njalla](https://njal.la) <!--Add Tor site-->
- [1984](https://1984hsoting.com)
#### __Encryption__
- [VeraCrypt](https://veracrypt.fr)
- [Syncthing](https://syncthing.net)
- [Photok](https://github.com/leonlatsch/Photok) (Mobile)
#### __Frontends & Social Media__
#### Redirect
- [LibRedirect](https://github.com/libredirect/libredirect)
- [UntrackMe](https://framagit.org/tom79/nitterizeme) (Mobile)
#### Medium
##### Frontends
- [Scribe](https://sr.ht/~edwardloveall/scribe/)
#### Reddit
##### Alternatives
- [Aether](https://getaether.net)
##### Clients
- [Slide](https://github.com/ccrama/Slide) (Mobile)
##### Frontends
- [Libreddit](https://libredd.it)
#### Twitter
##### Alternatives
- [Mastadon](https://joinmastadon.org)
##### Frontends
- [Nitter](https://github.com/zedeus/nitter)
#### Wikipedia
##### Alternatives
- [Wikiless](https://wikiless.org)
#### Frontends
- []
#### YouTube
##### Alternatives
- [Peertube](https://joinpeertube.org)
- [Odysee](https://odysee.com)
##### Clients
- [NewPipe](https://netpipe.net) (Mobile)
##### Frontends
- [Invidious](https://invidious.io)
- [ViewTube](https://github.com/viewtube/viewtube-vue)
#### __Mail Providers__
- [ProtonMail](https://protonmail.com) <button type="button" class="btn btn-xs btn-info"><a href="https://mail.protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/">TOR</a></button>
#### __Messengers__
##### Decentralized
- [Matrix](https://matrix.org)
- [XMPP](https://xmpp.org)
- [Session](https://getsession.org)
#### Centralized
- [Signal](https://signal.org)
- [Molly](https://github.com/mollyim/mollyim-android) (Mobile)
#### P2P
- [Briar](https://briarproject.org) (Mobile)
#### __Operating System__
- [Tails](https://tails.boum.org)
- [Whonix](https://whonixproject.org) <button type="button" class="btn btn-xs btn-info"><a href="http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/">TOR</a></button>
- [QubesOS](https://qubes-os.org) <button type="button" class="btn btn-xs btn-info"><a href="http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/">TOR</a></button>
- [GrapheneOS](https://grapheneos.org) (Mobile)
#### __Password Managers__
- [KeePassXC](https://keepassxc.org)
#### __Search Engine__
- [DuckDuckGo](https://duckduckgo.com) <button type="button" class="btn btn-xs btn-info"><a href="https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/">TOR</a></button>
- [SearX](https://searx.me)
- [Brave Search](https://search.brave.com)
#### __Upcoming__
The following are currently being researched:
- [Whoami](https://github.com/owerdogan/whoami-project)

View File

@ -0,0 +1,89 @@
---
layout: post
title: "VM Isolation Guide"
date: 2022-04-23
categories: blog
layout: post
---
### 4/23/22
##### Credits: 0xTheFather
VM Isolation Guide
VM Isolation Guide
------------------
As an alternate to using QubesOS, here is how one can properly setup isolation. This setup will provide proper isolation utilizing VMs and a secure host OS. This will provide increased security via isolation along with increased privacy with compartmentalization.
Things needed for this setup:
* Large external SSD (preferably thunderbolt)
* Enough RAM for your VMs
* VPN(s) (based upon your threat model)
### Step 1: Choose the host OS
Choosing the host OS is by far the most critical part of this setup. This host OS will need to have proper security updates and have the ability for increased hardening. Here are a few that would be recommended.
* [Fedora](https://getfedora.org/)
* [Void Linux](https://voidlinux.org/)
* [Arch](https://archlinux.org/)
* [PlagueOS](https://git.arrr.cloud/whichdoc/plagueos) (Hardened by default which makes it perfect for this setup)
### Step 2: Install the OS
After choosing your host OS, ensure to download, verify, and then boot to your live OS. During the installation process, make sure you encrypt everything including `/boot` using LUKS. Set a strong root/admin password then create a guest account that we'll be using. Make sure to install the OS on your internal drive, we are saving the external SSD for later.
Note: If you've chosen PlagueOS, many of these things will automatically be applied for you due to the nature of the OS.
### Step 3: Host OS hardening
After the host OS has been installed, it's now time to harden it. Depending on your distro, there will be slightly different techniques on hardening. General hardening ideas that apply to all distros are listed here:
* UFW/IPTables
* Fail2Ban
* Disable / tighten default SSH
* Kernel hardening
* Sandboxing
* User & Root
and of course there are plenty of guides on how to do this as well
* [Madaidans-Insecurities](https://madaidans-insecurities.github.io/guides/linux-hardening.html)
* [The Practical Linux Hardening Guide](https://github.com/trimstray/the-practical-linux-hardening-guide)
* [Awesome Security Hardening](https://github.com/decalage2/awesome-security-hardening)
along with using tools such as [lynis](https://cisofy.com/lynis/) for security auditing.
### Step 4: Setting up the external SSD
We are going to be storing all of our VMs on the external SSD, with this being said- we must now encrypt the entire SSD. Use a very strong password and the strongest encryption for this as this is where all of our files will be stored. There are multiple different ways to encrypt this SSD such as LUKS or Veracrypt, use whatever is best suited for yourself. Veracrypt can create hidden containers which you can utilize. Ensure you use full disk encryption.
### Step 5: Setting up VMs
After you've successfully hardened your distro, you are now ready to prepare your VMs. All of your activities will happen in your VMs rather than in your host. This provides excellent security along with compartmentalization. **Nothing at all will happen on your host.** Make sure you've setup QEMU/KVM for your proper distribution and we can get ready.
We are now going to be using the external SSD that we setup previously. Now based upon what kind of setup you are going for, this process may be different. You could potentially setup template VMs and harden those and simply clone them based upon your activities.
Example - You setup a fedora-based VM which you've somewhat hardened. You can now clone this VM for your work and school use without having to setup fedora twice.
You can know combine this VM technique with your other activities such as personal browsing, work, school, messing around, matrix, telegram, etc, and separate each one into its own VM without having to worry about malware, tracking / "cross contamination" etc.
![](https://i.imgur.com/HD3FIK4.png)
The benefit of doing this over Qubes is compatibility. Qubes runs on very specific hardware which locks it down to a select group of people. Another benefit this provides, is that because all of our VMs are on an external SSD, this provides you with the option of simply just moving PCs easily, wiping your host OS for several reasons including paranoia, suspect of malware / unwanted program, or just general housekeeping. Your able to just wipe your entire host OS as much time as you want if you fear you misconfigured something or you feel something isn't right.
### Step 6: More thoughts
The possibilities with this system are endless. You do what you want based upon your threat model. Here are some general thoughts that are just going to be put here
* If on a laptop, you can tape your SSD to the back of the screen as a storage mechanism
* Have another SSD as a backup for your VMs
* Setup a script to automatically harden your system
* Utilize VPNs to better compartmentalize your system
* Using [PlagueOS](https://git.arrr.cloud/whichdoc/plagueos) as the host OS can provide many benefits because of the highly-hardened system, almost no additional hardening would be required and setup is easy.
In the end, it is all up to the user based upon their needs.

View File

@ -1,123 +0,0 @@
---
layout: default
description: Just... a guide...
---
<div style="text-align:center;">
<h1>Another Guide</h1>
<p><i>“You never appriciate your anonymity until you don't have it anymore"</i></p>
<br>
<l> <a href="https://github.com/AnonyPla-ng/thgtoa">Please consider supporting this guide.</a></l>
<br>
<br>
<l><a href="/">Home</a></l>
<l> | </l>
<l> <a href="./blog.html">Blogs</a></l>
<l> | </l>
<l> <a href="./anotherguide.html">Another Guide :/</a></l>
<br>
<br>
<p><b>Coming Soon:</b></p>
<l><a href="">Mastadon Instance</a></l>
<l> - </l>
<l> <a href="">RSS Feed</a></l>
<l> - </l>
<l> <a href="">Forum</a></l>
<li></li>
<l> <a href="">About</a></l>
<l> - </l>
<l> <a href="">Contact</a></l>
<l> - </l>
<l> <a href="">Donate</a></l>
</div>
The Guide
---------
*Note: This is a work in progress!*
Well... I never thought i'd be making a guide so, here we go.... I guess....
Let's define a few important things here:
`Adversary: Your threat.`
`Privacy: The act of your personal activities being hidden from public.`
`Security: The act of protecting yourself and online content such as files from either known and / or unknown adversary.`
`Anonymity: The act of hiding yourself to become indistinguishable from everyone else. (blending in)`
### Getting Started
_Disclaimer: This is for education / research._
##### Table of contents:
\>> [Important Concepts](#important-concepts)
\>> [Proper Mindset](#proper-mindset)
\>> [Knowing Your Adversary](#knowing-your-adversary)
\>> [Setting Goals](#setting-goals)
\>> [Acquiring Resources](#acquiring-resources)
<!---
#Note to self: Have more sections in here before >> [Getting Ready to "clean up"](#getting-ready-to-clean)
--->
#### Important Conceptsc
This guide requires you to understand various important concepts in order to truly be anonymous - The following below is to be ASSUMED.
* Understanding of TOR and Its threats<!--(put link here)
* Understanding benefits and downfalls of a VPN <!--(PUT LINK HERE)
* Understanding important privacy concepts <!--(PUT LINK HERE)
* Understanding important secuirty concepts <!--(PUT LINK HERE or make a section)
* Understanding the principles of threadmodeling <!--(PUT LINK HERE)
* Understanding how the internet functions
#### Proper Mindset
Having the proper mindset when starting a proccess like this, is critical for success. You must be both willing and determined.
Here is a general thought process...
* Always always always know what you are doing. You don't want to compromise yourself because you _thought_ you knew what you were doing. Make sure 100%. Do research **before**.
* Have a strong mind. Most flaws are user error, meaning YOU. Having a strong mind is critical. You must be in a clear state of mind, and almost be "talking to yourself" mentally. Ask yourself before you do something "is this right". A good memory is CRITICAL. You are going to need to remember almost **EVERYTHING** you do on the internet if you want to do this _"properly"._ Don't be compromised because you forgot something. Let's eliminate user error. More on this subject will be later in this _guide._
* Take over-procedures. Don't "skimp" out on encryption because you don't feel like entering in a password. Don't be lazy.
* Do not compromise your security for a friend. If they are your friend, they will respect your new-founded love for being secure.
* Do not reveal more than you need to. MMJ doesn't need to know what you had for lunch.
(things to keep in mind)* Reveal as little about yourself and origin as possible.
* Remember - you can be identified by more ways than you can imagine.
* Do not trust anyone.
* Your life will change drastically.
* Do not be lazy
#### Setting Goals
We need to understand what we are trying to accomplish.
Think - what are you trying to do?
You need to properly identify a *threat model*, an *adversary* along with performing a self-analysis. You need to understand your own flaws.
#### Acquiring Resources
Along your journey, you'll need to have the proper resources at hand to deal with any sort of situation you will be facing. Get yourself accustomed to these resources to better understand various conceptions and prepare yourself.
##### Guides
- [PrivacyGuides](https://privacyguides.org)
- [PrivacyTools](https://privacytools.io)
##### Organizations
- [EFF](https://eff.org)
#### Getting Ready to "clean up"
What is _"cleaning up"?_
Simply put, cleaning up is the process of deleting your various traces on the internet. For the average person, this will be a long and arduous process.

113
blog.md
View File

@ -1,110 +1,5 @@
---
layout: default
description: A fun blog /
---
<div style="text-align:center">
<h1>Blogs</h1>
<l> <a href="https://github.com/AnonyPla-ng/thgtoa">Please consider supporting this guide.</a></l>
<br>
<br>
<l><a href="/">Home</a></l>
<l> | </l>
<l> <a href="./blog.html">Blogs</a></l>
<l> | </l>
<l> <a href="./anotherguide.html">Another Guide :/</a></l>
<br>
<br>
<p><b>Coming Soon:</b></p>
<l><a href="">Mastadon Instance</a></l>
<l> - </l>
<l> <a href="">RSS Feed</a></l>
<l> - </l>
<l> <a href="">Forum</a></l>
<li></li>
<l> <a href="">About</a></l>
<l> - </l>
<l> <a href="">Contact</a></l>
<l> - </l>
<l> <a href="">Donate</a></l>
</div>
### 4/23/22
##### Credits: 0xTheFather
VM Isolation Guide
VM Isolation Guide
------------------
As an alternate to using QubesOS, here is how one can properly setup isolation. This setup will provide proper isolation utilizing VMs and a secure host OS. This will provide increased security via isolation along with increased privacy with compartmentalization.
Things needed for this setup:
* Large external SSD (preferably thunderbolt)
* Enough RAM for your VMs
* VPN(s) (based upon your threat model)
### Step 1: Choose the host OS
Choosing the host OS is by far the most critical part of this setup. This host OS will need to have proper security updates and have the ability for increased hardening. Here are a few that would be recommended.
* [Fedora](https://getfedora.org/)
* [Void Linux](https://voidlinux.org/)
* [Arch](https://archlinux.org/)
* [PlagueOS](https://git.arrr.cloud/whichdoc/plagueos) (Hardened by default which makes it perfect for this setup)
### Step 2: Install the OS
After choosing your host OS, ensure to download, verify, and then boot to your live OS. During the installation process, make sure you encrypt everything including `/boot` using LUKS. Set a strong root/admin password then create a guest account that we'll be using. Make sure to install the OS on your internal drive, we are saving the external SSD for later.
Note: If you've chosen PlagueOS, many of these things will automatically be applied for you due to the nature of the OS.
### Step 3: Host OS hardening
After the host OS has been installed, it's now time to harden it. Depending on your distro, there will be slightly different techniques on hardening. General hardening ideas that apply to all distros are listed here:
* UFW/IPTables
* Fail2Ban
* Disable / tighten default SSH
* Kernel hardening
* Sandboxing
* User & Root
and of course there are plenty of guides on how to do this as well
* [Madaidans-Insecurities](https://madaidans-insecurities.github.io/guides/linux-hardening.html)
* [The Practical Linux Hardening Guide](https://github.com/trimstray/the-practical-linux-hardening-guide)
* [Awesome Security Hardening](https://github.com/decalage2/awesome-security-hardening)
along with using tools such as [lynis](https://cisofy.com/lynis/) for security auditing.
### Step 4: Setting up the external SSD
We are going to be storing all of our VMs on the external SSD, with this being said- we must now encrypt the entire SSD. Use a very strong password and the strongest encryption for this as this is where all of our files will be stored. There are multiple different ways to encrypt this SSD such as LUKS or Veracrypt, use whatever is best suited for yourself. Veracrypt can create hidden containers which you can utilize. Ensure you use full disk encryption.
### Step 5: Setting up VMs
After you've successfully hardened your distro, you are now ready to prepare your VMs. All of your activities will happen in your VMs rather than in your host. This provides excellent security along with compartmentalization. **Nothing at all will happen on your host.** Make sure you've setup QEMU/KVM for your proper distribution and we can get ready.
We are now going to be using the external SSD that we setup previously. Now based upon what kind of setup you are going for, this process may be different. You could potentially setup template VMs and harden those and simply clone them based upon your activities.
Example - You setup a fedora-based VM which you've somewhat hardened. You can now clone this VM for your work and school use without having to setup fedora twice.
You can know combine this VM technique with your other activities such as personal browsing, work, school, messing around, matrix, telegram, etc, and separate each one into its own VM without having to worry about malware, tracking / "cross contamination" etc.
![](https://i.imgur.com/HD3FIK4.png)
The benefit of doing this over Qubes is compatibility. Qubes runs on very specific hardware which locks it down to a select group of people. Another benefit this provides, is that because all of our VMs are on an external SSD, this provides you with the option of simply just moving PCs easily, wiping your host OS for several reasons including paranoia, suspect of malware / unwanted program, or just general housekeeping. Your able to just wipe your entire host OS as much time as you want if you fear you misconfigured something or you feel something isn't right.
### Step 6: More thoughts
The possibilities with this system are endless. You do what you want based upon your threat model. Here are some general thoughts that are just going to be put here
* If on a laptop, you can tape your SSD to the back of the screen as a storage mechanism
* Have another SSD as a backup for your VMs
* Setup a script to automatically harden your system
* Utilize VPNs to better compartmentalize your system
* Using [PlagueOS](https://git.arrr.cloud/whichdoc/plagueos) as the host OS can provide many benefits because of the highly-hardened system, almost no additional hardening would be required and setup is easy.
In the end, it is all up to the user based upon their needs.
layout: blog-index
title: Blog
description: test
---

View File

@ -29,6 +29,8 @@ description: A fun happy place.
<br>
<p><b>Coming Soon:</b></p>
<l><a href="./tools.html">Tools</a></l>
<l> - </l>
<l><a href="">Mastadon Instance</a></l>
<l> - </l>
<l> <a href="">RSS Feed</a></l>