Showing posts from 2017

H4X0R4G3 Project

Have been working on my old Netrunners project again for the last couple of weeks. Feels good, man.

Github-Repo can be found here:


PHP jobs with Gearman and Supervisor - Daredevel - Valerio Galano

Kali Linux VirtualBox Guest | Kali Linux

Qubes OS 3.2 - not ready for prime time

After a few days tinkering around with Qubes OS 3.2 I must say that I am very impressed. It is an awesome operating system and has a lot of interesting use cases. I will not be able to use it as my main operating system, though. There are several reasons for that:

Poor hardware support - I sometimes need hardware acceleration from my two graphic cards, and Qubes OS does not support this, unless you create a HVM and pass-through one of the cards. HVMs do not work like PVMs, though - and have given me trouble on all three instances that I used HVMs. This poor hardware support also causes xorg in dom0 to run at about 25% to 40% CPU usage at all times, with no VMs started. That's not good. This is on an i7, mind you.

The double-edged sword - while the security architecture is amazing, it also causes some issues when you want to do some penetration testing for instance. There is no easy way to quickly lower security on any VM, so you have to setup new net and proxy vms for all of your …

Converting a virtual disk image: VDI or VMDK to an ISO you can distribute | TurnKey GNU/Linux Blog

The Invisible Things Lab's blog: Playing with Qubes Networking for Fun and Profit

OpenSesame, a Hacked Toy, Can Open Your Garage Door | Digital Trends

Installing Kali 2 in HVM on Qubes 2.3

Did not go all too well. The machine would load into the boot menu, but if I would change focus from the Kali HVM window to any other window the keyboard input in the Kali HVM starts to go haywire and have several seconds of delay.

Currently trying one of the alternatives (installing Kali on top of a Debian 9 VM template). Will let you know if that works better.

P.S.: Might also have a go at installing Blackarch in a HVM, since Archlinux seems to work very well in a HVM.

A Unikernel Firewall for QubesOS - Thomas Leonard's blog

Evaluating Qubes OS as a Penetration Testing Platform – Medium

Setting up an Arch Linux VM in VirtualBox

Qubes OS 3.2 - Archlinux Template Issues

I have tried to install and use the Archlinux Template according to the official documentation, which completed fine, but left me with a system that can not be updated, because of dependency conflicts with Qubes-internal modules.

Like I said, everything was fine (and actually is fine if I do not want to update my Archlinux), but trying a system update shows dependency issues with pulseaudio and the xorg-server. I guess that's where the bleeding-edge aspect of Archlinux's rolling release method shows its head (leaving out the ugly on purpose). The maintainer of the Archlinux template for Qubes is already on the case from what I can tell by looking at the Qube repos on Github.

I have not tried compiling my own Qube, yet (the second part of the documentation) or to create a HVM for Archlinux. I might try that this coming weekend and will let you know how it goes.

Qubes OS 3.2 and i3 Window Manager

The installation from the Qubes 2.3 i3 installation documentation worked very well, no issues whatsoever. After logging in and back out I was greeted by my familiar desktop (or lack thereof) and was able to make some tweaks to the config file (an ~/.config/i3/config).

I noticed that the Qubes VM Manager was gone. After restarting the laptop and logging back into i3 the manager loaded, though.

Everything seems to be working very well, just have to get used to starting the vm's name when using the dmenu. One glitch that I have noticed, but wasn't able to reproduce, yet, is that some of the icons disappeared from the i3 status bar at random. I think it happened when I reloaded the i3 config, but I am not sure. Will add to the post if I am able to reproduce it.

My Public GPG Key

This is the public GPG key for Heiko Jacobs or gevrik [monkey] totalmadownage [monkey] com

You can also find it here:

-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2 mQENBFeo+6YBCADCEIHxHyWcn+M/XpQYvY0oQGnHRI6OX67+QGW54QlDOTtGIitD GdD+hNBKNAvyDdwI0CAx97MBVflPOfxmwdMS18rNEYSxD19b97+71r5MDFgcawjt FvgzVvPbyO0Xjrm2Bm9DZqKiaVR3nK4jdWV6yE2PlSb2i0jE0IqU10y477EGzaCy bMqbPdRObyKjMsn3+fTdUrEnUQbwYPJ17ndT6L6UZkmCUZwTYCwHRcshamzgp/dX sBGYSyETMvDQZTXS/JahDWd1YaDkZdOHJnDkT9952nInpstYby9LtJCFyCu821yt jSQhX9vEKitFeLPf5SIALwaLCQusXFuJsiIlABEBAAG0KEhlaWtvIEphY29icyA8 Z2V2cmlrQHRvdGFsbWFkb3duYWdlLmNvbT6JATkEEwEIACMFAleo+6YCGwMHCwkI BwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRA1mEdeOdLAHxGXB/0crjNVK9Q6KflA 8jeKnUj60/AKFMpatSaBQvLtwPeqhSGFIl0M+lW0ve7xEhceMIVYEd76mTVSutsB 7DqJdJeXDw3Ef2EdU71L+LykOSAXD00NAtkQPEMziQ5v9f+wtCHh9/y87W9ZlNdw XQW7rDAf1/3RfKDXFAe8wO5Hl0CLnmISFNYJGmjDiBsXPLAObgwsKTrgYLGRR+oL sQ6bgVDaK9bgO6KdBWP+4d5srQJEQqF1hxsb5kA+pRA8qaxm4X2g8nLPTbQ3bN8h 2szqTLCsd3drJQ6dE0B…

Qubes OS 3.2 - clamav in untrusted and/or vault domain

Qubes 3.2 is great if you need to handle malicious files. Just create yourself a quarantine vm that has no network access and you're good to go - you could of course use a disposable VM, but that is a topic for another post. There is also a pre-installed (if you have chosen so during setup) "vault vm" that is  already configured for this purpose.

To get clamav onto these vms I opened a terminal on the "fedora-23 template vm" and installed clam:

sudo dnf -y install clamav clamav-update sudo vim /etc/freshclam.conf sudo vim /etc/sysconfig/freshclam
The two config files will tell you what to do when you edit them, so just follow the instructions.

Using freshclam on the template vm does not work, unless you allow it to access the internet for a while (in the vm settings, firewall tab). But since I'll only really need it in my quarantine vm I just started a terminal in the "quarantine vm" and did a "sudo freshclam" there.

clamscan --i…

Qubes OS 3.2 and my BCM4313

So when I followed the installation instructions of Qubes 3.2 and got to the second stage of installing the system (after files had been copied, directly after the first reboot) the system froze during "network setup" and I had to cold start my laptop. Looking for similar issues and solutions was quite the challenge and involved sifting through Google groups threads which had some contradicting answers.

In my case the culprit was the wireless card, a BCM4313, and a too restrictive PCI arb. So I reinstalled and disabled my wifi card in the BIOS for this setup. Everything went smooth now and I could finish the installation, but the system was still a little bit unstable.

I have the laptop connected to an external monitor via HDMI and the system was trying to initialize pulseaudio and could not properly connect to the audio output (monitor does not have one). So pulseaudio was going to 100% cpu usage every few seconds trying to initialize the output.

No problem, I plugged out …

Woah - this is how fast 4 years go by...

My blog does not seem to recognize me after four years of inactivity... At least it tells me that the post will be posted by "unknown"... Oh well, we will see if I can make it recognize me again with some upcoming articles about Qubes OS.

 I've been tinkering around with if for a few days now and ran into some obstacles on the way that it was semi-hard to find some concrete answers to. So I thought I'd keep track of what I had to do to start using it on this blog. Soon(tm)