fuck qubesos and fix index.md

Reviewed-on: http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/opsec-blogposts/pulls/4

index.md

@@ -19,6 +19,7 @@ With this new mkdocs blog version, we have completely changed how you can find b
 (Check out [this blogpost](whytheblog/index.md) for more details on our mission)
 
 ## Our latest contributed tutorials:
+- 2025-05-21:  [Realistic OPSEC Mistakes and Threat Scenarios](http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/opsecmistakes/)
 - 2025-05-16: [The State is the Enemy](stateistheenemy/index.md)
 - 2025-05-16: [Why can't I use signal to chat anonymously?](signalnoanonymity/index.md)
 - 2025-05-02: [Convert Monero into other Cryptos Anonymously (XMR -> LTC)](haveno-crypto/index.md)

opsecmistakes/attack_cycle.dia

@@ -0,0 +1,402 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<dia:diagram xmlns:dia="http://www.lysator.liu.se/~alla/dia/">
+  <dia:diagramdata>
+    <dia:attribute name="background">
+      <dia:color val="#ffffffff"/>
+    </dia:attribute>
+    <dia:attribute name="pagebreak">
+      <dia:color val="#000099ff"/>
+    </dia:attribute>
+    <dia:attribute name="paper">
+      <dia:composite type="paper">
+        <dia:attribute name="name">
+          <dia:string>#A4#</dia:string>
+        </dia:attribute>
+        <dia:attribute name="tmargin">
+          <dia:real val="2.8222"/>
+        </dia:attribute>
+        <dia:attribute name="bmargin">
+          <dia:real val="2.8222"/>
+        </dia:attribute>
+        <dia:attribute name="lmargin">
+          <dia:real val="2.8222"/>
+        </dia:attribute>
+        <dia:attribute name="rmargin">
+          <dia:real val="2.8222"/>
+        </dia:attribute>
+        <dia:attribute name="is_portrait">
+          <dia:boolean val="true"/>
+        </dia:attribute>
+        <dia:attribute name="scaling">
+          <dia:real val="1"/>
+        </dia:attribute>
+        <dia:attribute name="fitto">
+          <dia:boolean val="false"/>
+        </dia:attribute>
+      </dia:composite>
+    </dia:attribute>
+    <dia:attribute name="grid">
+      <dia:composite type="grid">
+        <dia:attribute name="dynamic">
+          <dia:boolean val="true"/>
+        </dia:attribute>
+        <dia:attribute name="width_x">
+          <dia:real val="1"/>
+        </dia:attribute>
+        <dia:attribute name="width_y">
+          <dia:real val="1"/>
+        </dia:attribute>
+        <dia:attribute name="visible_x">
+          <dia:int val="1"/>
+        </dia:attribute>
+        <dia:attribute name="visible_y">
+          <dia:int val="1"/>
+        </dia:attribute>
+        <dia:composite type="color"/>
+      </dia:composite>
+    </dia:attribute>
+    <dia:attribute name="color">
+      <dia:color val="#d8e5e5ff"/>
+    </dia:attribute>
+    <dia:attribute name="guides"/>
+    <dia:attribute name="guide_color">
+      <dia:color val="#00ff00ff"/>
+    </dia:attribute>
+    <dia:attribute name="display">
+      <dia:composite type="display">
+        <dia:attribute name="antialiased">
+          <dia:boolean val="true"/>
+        </dia:attribute>
+        <dia:attribute name="snap-to-grid">
+          <dia:boolean val="false"/>
+        </dia:attribute>
+        <dia:attribute name="snap-to-guides">
+          <dia:boolean val="true"/>
+        </dia:attribute>
+        <dia:attribute name="snap-to-object">
+          <dia:boolean val="true"/>
+        </dia:attribute>
+        <dia:attribute name="show-grid">
+          <dia:boolean val="true"/>
+        </dia:attribute>
+        <dia:attribute name="show-guides">
+          <dia:boolean val="true"/>
+        </dia:attribute>
+        <dia:attribute name="show-connection-points">
+          <dia:boolean val="true"/>
+        </dia:attribute>
+      </dia:composite>
+    </dia:attribute>
+  </dia:diagramdata>
+  <dia:layer name="Background" visible="true" connectable="true" active="true">
+    <dia:object type="Flowchart - Box" version="0" id="O0">
+      <dia:attribute name="obj_pos">
+        <dia:point val="16.6,12.4"/>
+      </dia:attribute>
+      <dia:attribute name="obj_bb">
+        <dia:rectangle val="16.55,12.35;24.1,16.25"/>
+      </dia:attribute>
+      <dia:attribute name="elem_corner">
+        <dia:point val="16.6,12.4"/>
+      </dia:attribute>
+      <dia:attribute name="elem_width">
+        <dia:real val="7.4499999999999957"/>
+      </dia:attribute>
+      <dia:attribute name="elem_height">
+        <dia:real val="3.8000000000000043"/>
+      </dia:attribute>
+      <dia:attribute name="border_color">
+        <dia:color val="#44c82cff"/>
+      </dia:attribute>
+      <dia:attribute name="show_background">
+        <dia:boolean val="true"/>
+      </dia:attribute>
+      <dia:attribute name="line_style">
+        <dia:enum val="1"/>
+      </dia:attribute>
+      <dia:attribute name="padding">
+        <dia:real val="0.5"/>
+      </dia:attribute>
+      <dia:attribute name="text">
+        <dia:composite type="text">
+          <dia:attribute name="string">
+            <dia:string>#Detection#</dia:string>
+          </dia:attribute>
+          <dia:attribute name="font">
+            <dia:font family="sans" style="0" name="Helvetica"/>
+          </dia:attribute>
+          <dia:attribute name="height">
+            <dia:real val="0.80000000000000004"/>
+          </dia:attribute>
+          <dia:attribute name="pos">
+            <dia:point val="20.325,14.585"/>
+          </dia:attribute>
+          <dia:attribute name="color">
+            <dia:color val="#44c82cff"/>
+          </dia:attribute>
+          <dia:attribute name="alignment">
+            <dia:enum val="1"/>
+          </dia:attribute>
+        </dia:composite>
+      </dia:attribute>
+    </dia:object>
+    <dia:object type="Flowchart - Box" version="0" id="O1">
+      <dia:attribute name="obj_pos">
+        <dia:point val="37.46,12.4"/>
+      </dia:attribute>
+      <dia:attribute name="obj_bb">
+        <dia:rectangle val="37.41,12.35;44.96,16.25"/>
+      </dia:attribute>
+      <dia:attribute name="elem_corner">
+        <dia:point val="37.46,12.4"/>
+      </dia:attribute>
+      <dia:attribute name="elem_width">
+        <dia:real val="7.4499999999999957"/>
+      </dia:attribute>
+      <dia:attribute name="elem_height">
+        <dia:real val="3.8000000000000043"/>
+      </dia:attribute>
+      <dia:attribute name="border_color">
+        <dia:color val="#ff0000ff"/>
+      </dia:attribute>
+      <dia:attribute name="show_background">
+        <dia:boolean val="true"/>
+      </dia:attribute>
+      <dia:attribute name="padding">
+        <dia:real val="0.5"/>
+      </dia:attribute>
+      <dia:attribute name="text">
+        <dia:composite type="text">
+          <dia:attribute name="string">
+            <dia:string>#Neutralization#</dia:string>
+          </dia:attribute>
+          <dia:attribute name="font">
+            <dia:font family="sans" style="0" name="Helvetica"/>
+          </dia:attribute>
+          <dia:attribute name="height">
+            <dia:real val="0.80000000000000004"/>
+          </dia:attribute>
+          <dia:attribute name="pos">
+            <dia:point val="41.185,14.585"/>
+          </dia:attribute>
+          <dia:attribute name="color">
+            <dia:color val="#ff0000ff"/>
+          </dia:attribute>
+          <dia:attribute name="alignment">
+            <dia:enum val="1"/>
+          </dia:attribute>
+        </dia:composite>
+      </dia:attribute>
+    </dia:object>
+    <dia:object type="Flowchart - Box" version="0" id="O2">
+      <dia:attribute name="obj_pos">
+        <dia:point val="27.02,12.4"/>
+      </dia:attribute>
+      <dia:attribute name="obj_bb">
+        <dia:rectangle val="26.97,12.35;34.52,16.25"/>
+      </dia:attribute>
+      <dia:attribute name="elem_corner">
+        <dia:point val="27.02,12.4"/>
+      </dia:attribute>
+      <dia:attribute name="elem_width">
+        <dia:real val="7.4499999999999957"/>
+      </dia:attribute>
+      <dia:attribute name="elem_height">
+        <dia:real val="3.8000000000000043"/>
+      </dia:attribute>
+      <dia:attribute name="border_color">
+        <dia:color val="#ffb600ff"/>
+      </dia:attribute>
+      <dia:attribute name="show_background">
+        <dia:boolean val="true"/>
+      </dia:attribute>
+      <dia:attribute name="padding">
+        <dia:real val="0.5"/>
+      </dia:attribute>
+      <dia:attribute name="text">
+        <dia:composite type="text">
+          <dia:attribute name="string">
+            <dia:string>#Identification#</dia:string>
+          </dia:attribute>
+          <dia:attribute name="font">
+            <dia:font family="sans" style="0" name="Helvetica"/>
+          </dia:attribute>
+          <dia:attribute name="height">
+            <dia:real val="0.80000000000000004"/>
+          </dia:attribute>
+          <dia:attribute name="pos">
+            <dia:point val="30.745,14.585"/>
+          </dia:attribute>
+          <dia:attribute name="color">
+            <dia:color val="#ffb600ff"/>
+          </dia:attribute>
+          <dia:attribute name="alignment">
+            <dia:enum val="1"/>
+          </dia:attribute>
+        </dia:composite>
+      </dia:attribute>
+    </dia:object>
+    <dia:object type="Standard - Text" version="1" id="O3">
+      <dia:attribute name="obj_pos">
+        <dia:point val="16.1,17.75"/>
+      </dia:attribute>
+      <dia:attribute name="obj_bb">
+        <dia:rectangle val="16.1,17.065;25.1475,19.54"/>
+      </dia:attribute>
+      <dia:attribute name="text">
+        <dia:composite type="text">
+          <dia:attribute name="string">
+            <dia:string>#Passive intelligence collection
+Dragnet tactics
+Social networks investigations#</dia:string>
+          </dia:attribute>
+          <dia:attribute name="font">
+            <dia:font family="sans" style="0" name="Helvetica"/>
+          </dia:attribute>
+          <dia:attribute name="height">
+            <dia:real val="0.80000000000000004"/>
+          </dia:attribute>
+          <dia:attribute name="pos">
+            <dia:point val="16.1,17.75"/>
+          </dia:attribute>
+          <dia:attribute name="color">
+            <dia:color val="#00ff00ff"/>
+          </dia:attribute>
+          <dia:attribute name="alignment">
+            <dia:enum val="0"/>
+          </dia:attribute>
+        </dia:composite>
+      </dia:attribute>
+      <dia:attribute name="valign">
+        <dia:enum val="3"/>
+      </dia:attribute>
+    </dia:object>
+    <dia:object type="Standard - Text" version="1" id="O4">
+      <dia:attribute name="obj_pos">
+        <dia:point val="27.85,17.5"/>
+      </dia:attribute>
+      <dia:attribute name="obj_bb">
+        <dia:rectangle val="27.85,16.815;33.6925,19.29"/>
+      </dia:attribute>
+      <dia:attribute name="text">
+        <dia:composite type="text">
+          <dia:attribute name="string">
+            <dia:string>#Active investigation
+Background checks
+Surveillance#</dia:string>
+          </dia:attribute>
+          <dia:attribute name="font">
+            <dia:font family="sans" style="0" name="Helvetica"/>
+          </dia:attribute>
+          <dia:attribute name="height">
+            <dia:real val="0.80000000000000004"/>
+          </dia:attribute>
+          <dia:attribute name="pos">
+            <dia:point val="27.85,17.5"/>
+          </dia:attribute>
+          <dia:attribute name="color">
+            <dia:color val="#ffb600ff"/>
+          </dia:attribute>
+          <dia:attribute name="alignment">
+            <dia:enum val="0"/>
+          </dia:attribute>
+        </dia:composite>
+      </dia:attribute>
+      <dia:attribute name="valign">
+        <dia:enum val="3"/>
+      </dia:attribute>
+    </dia:object>
+    <dia:object type="Standard - Text" version="1" id="O5">
+      <dia:attribute name="obj_pos">
+        <dia:point val="39.2,17.35"/>
+      </dia:attribute>
+      <dia:attribute name="obj_bb">
+        <dia:rectangle val="39.2,16.665;43.2975,19.94"/>
+      </dia:attribute>
+      <dia:attribute name="text">
+        <dia:composite type="text">
+          <dia:attribute name="string">
+            <dia:string>#Arrests
+Prosecutions
+Kidnapping
+Assassination#</dia:string>
+          </dia:attribute>
+          <dia:attribute name="font">
+            <dia:font family="sans" style="0" name="Helvetica"/>
+          </dia:attribute>
+          <dia:attribute name="height">
+            <dia:real val="0.80000000000000004"/>
+          </dia:attribute>
+          <dia:attribute name="pos">
+            <dia:point val="39.2,17.35"/>
+          </dia:attribute>
+          <dia:attribute name="color">
+            <dia:color val="#ff0000ff"/>
+          </dia:attribute>
+          <dia:attribute name="alignment">
+            <dia:enum val="0"/>
+          </dia:attribute>
+        </dia:composite>
+      </dia:attribute>
+      <dia:attribute name="valign">
+        <dia:enum val="3"/>
+      </dia:attribute>
+    </dia:object>
+    <dia:object type="Standard - Line" version="0" id="O6">
+      <dia:attribute name="obj_pos">
+        <dia:point val="24.0991,14.3"/>
+      </dia:attribute>
+      <dia:attribute name="obj_bb">
+        <dia:rectangle val="24.0491,13.9382;27.07,14.6618"/>
+      </dia:attribute>
+      <dia:attribute name="conn_endpoints">
+        <dia:point val="24.0991,14.3"/>
+        <dia:point val="27.02,14.3"/>
+      </dia:attribute>
+      <dia:attribute name="numcp">
+        <dia:int val="1"/>
+      </dia:attribute>
+      <dia:attribute name="end_arrow">
+        <dia:enum val="22"/>
+      </dia:attribute>
+      <dia:attribute name="end_arrow_length">
+        <dia:real val="0.5"/>
+      </dia:attribute>
+      <dia:attribute name="end_arrow_width">
+        <dia:real val="0.5"/>
+      </dia:attribute>
+      <dia:connections>
+        <dia:connection handle="0" to="O0" connection="16"/>
+        <dia:connection handle="1" to="O2" connection="7"/>
+      </dia:connections>
+    </dia:object>
+    <dia:object type="Standard - Line" version="0" id="O7">
+      <dia:attribute name="obj_pos">
+        <dia:point val="34.47,14.3"/>
+      </dia:attribute>
+      <dia:attribute name="obj_bb">
+        <dia:rectangle val="34.42,13.9382;37.51,14.6618"/>
+      </dia:attribute>
+      <dia:attribute name="conn_endpoints">
+        <dia:point val="34.47,14.3"/>
+        <dia:point val="37.46,14.3"/>
+      </dia:attribute>
+      <dia:attribute name="numcp">
+        <dia:int val="1"/>
+      </dia:attribute>
+      <dia:attribute name="end_arrow">
+        <dia:enum val="22"/>
+      </dia:attribute>
+      <dia:attribute name="end_arrow_length">
+        <dia:real val="0.5"/>
+      </dia:attribute>
+      <dia:attribute name="end_arrow_width">
+        <dia:real val="0.5"/>
+      </dia:attribute>
+      <dia:connections>
+        <dia:connection handle="0" to="O2" connection="8"/>
+        <dia:connection handle="1" to="O1" connection="7"/>
+      </dia:connections>
+    </dia:object>
+  </dia:layer>
+</dia:diagram>

opsecmistakes/index.md

@@ -0,0 +1,324 @@
+---
+author: Mulligan Security
+date: 2025-05-22
+gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/312"
+xmr: 86NCojqYmjwim4NGZzaoLS2ozbLkMaQTnd3VVa9MdW1jVpQbseigSfiCqYGrM1c5rmZ173mrp8RmvPsvspG8jGr99yK3PSs
+---
+
+# Realistic OPSEC Mistakes and Threat Scenarios
+
+![loose lips sink ships](opsec.jpg)
+
+## OPSEC: the name of the game
+When running any kind of clandestine operation, if you want to remain anonymous, you have
+to follow OPSEC (operational security) rules and procedures.
+
+
+More often than not, as we will see here, when an operation (or individual operators) are compromised
+it is through OPSEC mistakes.
+
+# Why OPSEC matters
+
+![attack cycle diagram](attack_cycle.png)
+
+From the adversary's point of view, repression requires the following broad steps:
+
+- Initial detection: someone is doing something we don't like
+- Identification: who those "someones" are
+- Neutralization: make sure they stop doing whatever they set out to do
+
+## Initial detection
+
+![protest](protest.jpg)
+
+Depending on your organization and activities (eg: [protests](../anonprotest/index.md)), this initial detection phase can come as soon as you get started
+(if you are staging protests, then identification is inevitable).
+
+### What good OPSEC looks like
+
+If your activities themselves must remain clandestine, OPSEC rules and procedures can help reduce your profile
+and make it less likely that your activity will be identified properly.
+
+A simple example:
+
+- sabotage during ww2 ([source](https://www.cia.gov/static/5c875f3ec660e092cf893f60b4a288df/SimpleSabotage.pdf))
+  - choose acts for which many people could be responsible, and it's even better if it can be credibly blamed on an accident
+  (such as an insecurely fastened hydro-turbine cover leading to a flooding of the facility)
+
+
+### What bad OPSEC looks like
+
+
+![smugglers](smugglers.jpg)
+
+## Smugglers
+
+The quicker you are identified, the faster your other lines of defense must come into play.
+If you are a novice in clandestine ops, it is likely that you still have stuff to learn in
+order to be safe. If your activities are quickly identified, that's even less time available to you
+to actually get better at survival.
+
+## Extortionists
+
+### Zeekill
+Julius "zeekill" Kivimaki extorted a Finnish online psychotherapy service, threatening them with the release of patient data (therapy notes among them).
+While preparing a data package for release he mistyped the tar command and instead of only releasing the pilfered data also released the entire content
+of his home directory, helping investigators identifying him. That way he managed to speedrun both initial detection and identification, what a champ!
+
+### USDoD
+USDoD made several OPSEC mistakes, allowing investigators to link his public and clandestine personas.
+
+
+- same bio on public and clandestine Twitter accounts, shared with an Instagram account as well
+- Instagram account mentioned by
+  - a tattoo artist
+  - a SoundCloud profile with his public identity and pictures of his face
+    - the pictures were the same used on a medium blog, allowing for trivial linking
+- The medium blog contained a post about an alien vault pulse (a cyber threat intelligence report) mentioning the same pseudonym used for his Instagram account
+- Associated gravatar account with the Instagram pseudonym and pictures of his face
+- Gravatar linked email publicly associated with
+  - registered domains
+  - github accounts
+  - tvtime
+  - leaked data from HackForum (linked to user name LLTV), itself associated with the publication of leaked data
+  - Shared pseudonym with reddit (user LLTV), mentioned in his medium blog
+
+## Darknet Markets Administrators
+
+Honorable Mention to Pharoah (see [indictement](https://www.justice.gov/archives/opa/media/1352571/dl) for details), for troubleshooting his servers after they went down (FBI seizure)
+using google with his personal email account (page 30 of the document), he used the same account to also conduct development research.
+
+~~~
+On or about July 20, 2022, at approximately 00:18 UTC,
+00:19 UTC, 00:20 UTC, and 00:23 UTC, the user of the Lin Personal Email Account-1 searched
+Google for “pm2 crashed,” “view pm2 daemon logs,” “pm2 daemon logs,” and “pm2 changelog,”
+respectively.
+~~~
+
+#### How it plays out
+
+- [drug smuggling](https://www.upi.com/Archives/1984/11/21/British-boat-loaded-with-marijuana/3929469861200/)
+  - OPSEC Mistakes
+    - bungling the weight and balance of a smuggling ship so much that its course became erratic and attracted attention
+  - Outcome
+    - Seizure of the ship, and it's $32M worth of cargo, arrest of the crew members
+- zeekill
+  - OPSEC Mistakes
+    - lack of operational segregation: there is no valid reason for having PII on the same machine as the one you use to manipulate operational data, at least use a different user created only for this purpose
+  - Outcome
+    - Arrest and conviction (6 years)
+- USDoD
+  - OPSEC Mistakes:
+    - too many to count in this section, see above
+  - Outcome
+    - Arrest
+- Pharoah
+  - OPSEC Mistakes
+    - use of a personal account to conduct research and operational activities
+  - Outcome
+    - [Arrest](https://www.ice.gov/news/releases/incognito-market-owner-arrested-operating-one-largest-online-narcotics-marketplaces)
+
+## Identification
+
+![radar dish](detection.jpg)
+
+After initial detection, your adversary will start collecting data to identify you. This will be from traces you left during operations.
+
+### What good OPSEC looks like
+
+![checklist](checklist.jpg)
+
+Standardized Operating procedures for your organization providing a framework for:
+
+- general operations
+  - what communication channels to use
+  - the use of encryption, codewords, passphrases
+  - Channel structure
+    - full mesh = more danger if any one participant is compromised
+    - clandestine celle structure = more resilient but also makes communication more costly
+  - Communication plan for each member ([PACE](https://en.wikipedia.org/wiki/PACE_(communication_methodology)) model)
+    - if one communication channel is cut or compromised, then there are fallback solutions that have already been investigated and whose risks level have been deemed acceptable
+- Specific action SOPS (eg: a protest)
+  - initial assembly point
+  - time, date
+  - means of transportation (ingress and egress)
+  - materials required
+    - initial sourcing
+    - purchase
+    - storage and delivery
+    - disposal
+
+### What bad OPSEC looks like
+
+![cabincr3w](cabincr3w.jpg)
+
+In 2012, Ochoa, a member of the hacktivist group CabinCr3w (an offshoot of Anonymous), conducted unauthorized intrusions into U.S. law enforcement websites. He defaced these sites and published personal information of police officers, including phone numbers and home addresses, as part of an operation dubbed "Operation Pig Roast."
+
+Critical Mistake: Ochoa posted a photograph on one of the defaced websites showing a woman holding a sign with a message mocking law enforcement.
+
+
+The picture's [metadata](../anonymitymetadata/index.md#file-data) contained GPS coordinates, which led authorities to identify and locate Ochoa.
+
+#### How it plays out
+- The FBI arrested Ochoa on March 20, 2012, in Galveston, Texas.
+- He was charged with unauthorized access of a computer and, in June 2012, pleaded guilty to the charges. Ochoa was sentenced to 27 months in federal prison and ordered to pay restitution.
+
+## Neutralization
+
+
+![swat](swat.jpg)
+
+That's when it's time to start running. If your adversary has gathered enough data to actively start neutralizing your operation you need to be prepared for it.
+
+
+Such preparation has two required components:
+
+- Detection: the more advance warning you have that the adversary is moving against you, the better
+- Avoidance: neutralization actions can't be directly thwarted (unless you are a nation state and then this discussion becomes one about military tactics), so you will want to minimize the damage
+
+### Detection
+Your general operations rules should have built-in detection capacities: either a way for operators to give advance warning or for the organization to detect when one has been turned or captured.
+
+- An easy to use counterintelligence tool is the [baryum meal test](https://en.wikipedia.org/wiki/Canary_trap) or canary trap.  By detecting leaks you can use them in anti-surveillance operations or as a warning system.
+- another one is a simple canary (example: [warrant canary](https://en.wikipedia.org/wiki/Warrant_canary)) where the cessation of an innocuous action is used to send a message
+
+#### What good OPSEC looks like
+
+Let's talk about [Operation Delego](https://en.wikipedia.org/wiki/Operation_Delego), a major CSAM-sharing and production group was infiltrated in a joint operation conducted by 19 countries. This group counted more than 600 members and had strict operational security:
+
+- Periodic platform change (new hidden service)
+- With each platform change, all users would change pseudonyms and receive new, randomly generated ones
+- Required use of GnuPG for encrypting communications
+- Never share PII
+- Strict metadata scrubbing policy for all shared media
+- Only share media over the trusted website channels
+
+#### The neutralization operation
+After infiltrating the group, Leo managed to trick several users into directly sharing media and personal information other unsanctioned channels, without encryption.
+
+#### Final Tally
+- 72 charges (out of 600+ active members)
+- 57 arrests
+
+
+OPSEC works, even for the scum of the earth: 9.5% neutralization rate after being infiltrated by a joint effort between 12 countries is pretty impressive.
+
+#### What bad OPSEC looks like
+
+![lulzsec](lulzsec.jpg)
+
+Now let's take a look at LulzSec. We have pretty much every OPSEC mistake rolled into one burrito of disappointment. We will use the analysis framework we've worked with so far
+
+LulzSec (Lulz Security) was a high-profile hacker group active in 2011, known for brazen cyberattacks on corporations, governments, and media.
+
+
+One of their members (Sabu) was identified, turned and then used to compromise the rest of the group.
+
+
+#### Detection
+That one's easy: between the defacement and bragging all over the web about their hacks, the operations were **meant** to be visible
+
+#### Identification
+- Sabu was identified after logging into IRC from his home IP instead of through Tor: it only happened once, but it was enough
+- Members reused online aliases across multiple platforms. For example, some had past activity linked to now-doxxed identities.
+- Email addresses used for domains or accounts were linked to real-life identities.
+- Boasting about hacks and providing technical details exposed them.
+- There was minimal effort to isolate real identities from online personas or separate operations between different members.
+- Many used the same machines for both personal and hacking activities.
+- The group let in new members quickly, including undercover agents or individuals who later cooperated with law enforcement.
+- They issued press releases and taunted their targets on Twitter, which increased media attention and pressure on authorities to catch them.
+- This also gave law enforcement leads to correlate timing between attacks and online activity.
+- Use of non-anonymized IRC clients, known VPN services, and unencrypted communication channels made traffic analysis easier.
+
+### Neutralization
+
+By mid-2012, most core members were arrested and charged.
+
+
+# Threat Modeling: choosing the right tool for the job
+
+![threat modeling](threat_model.jpg)
+
+We now have a simple framework (detection, identification, neutralization), that's actually called an attack cycle model. This will help us think our OPSEC procedures in a way that is methodical and grounded in rationality.
+
+
+As we have seen, depending on the situation you might need higher or lower security measures. Usually, when you crank up the security, communication slows down and becomes harder. When you want easier and faster communication, you often have to lower your security requirements.
+
+
+## What is a threat model
+
+In order to decide which OPSEC practices to adopt you have to know what you are defending against. Gun running, protest organization against private corporations and civil disobedience are activities that can bring the wrong kind of attention, but they all have wildly different threat models.
+
+
+A threat model is a description of your adversaries with:
+
+- their goals
+- capabilities
+- targets
+
+
+The more powerful and well-funded the adversary, the more dangerous it is (States being at the top of the food chain).
+
+### Quick Example
+Alice wants to organize a protest against Evil Corp evil practices of experimenting broccoli based diets on kittens. Evil Corp has been known to intimidate would-be protesters by hiring private detectives and thugs.
+
+![evil corp logo](ecorp.png)
+
+#### Evil Corp threat model
+- goals
+  - preventing disruption of their operations by protesters
+  - preventing PR fallout from their evil experimentation becoming public knowledge
+- capabilities
+  - technologically low, as they use tried and true methods of physically tailing people and throwing bricks through their windows
+- targets
+  - protest organizers and their assets
+
+## Risk Analysis
+
+The next step is to run a risk analysis: you want to list all your assets that are in play in your clandestine Ops, define how critical they are on three axes:
+- Confidentiality
+- Integrity
+- Availability
+
+
+### Example
+Alice determines that her group of protesters has the following asset
+
+- Member list and contact info
+  - Confidentiality requirement: **High**
+  - Integrity requirement: **High** (we don't want someone infiltrating the mailing list)
+  - Availability requirement: **Medium** (even if the list is destroyed, core members have copies and can reconstruct it together)
+
+Given her threat model, she determines the following plausible attack scenario:
+
+- Getting tailed after a protest and having her laptop stolen from her home with the list on it: **High likelihood, fits the MO and threat model**
+- Someone grabbing her laptop from her while she's planning her next big anti-corporate protest while sipping from a triple latte double macchiato at Starbucks **Medium likelihood**
+- someone hacking the mailing list server to read all the protest prep exchanges **Low likelihood**
+
+## OPSEC Standards and procedures
+
+Armed with her risk analysis, Alice's now knows which assets are most likely to be targeted. Thanks to the threat modeling exercise she has several attack scenarios. Based on their likelihood, her OPSEC efforts will be prioritized the following way:
+
+- Anti-surveillance and Counter-surveillance techniques to identify whether members are getting tailed after meetings or protests
+- Encryption on her laptop, automatic shutdown if someone grabs it
+- Hardening of the email server
+
+![stop sign](stop.jpg)
+
+## Know when to stop
+Why isn't she preparing for a large scale hacking campaign against her identities, followed with a 0-day barrage of all her servers and a complete compromise of her household appliances down to the lowliest airtag?
+
+
+**Because it does not fit the threat model, and it would be easier and more cost-effective to break into her house and grab her stuff, especially if her machine is unencrypted**
+
+
+# Now what?
+
+A threat model is a living thing, like any GRC (Governance, Risk and Compliance) document. Your adversaries will change in capabilities, motivations, methods as time passes. Your organization will change too, adopting new tools, forsaking old ones. In order to stay safe, you need to keep your threat model and risk analysis up to date, so you security level is always where it needs to be.
+
+
+- To be effective you need to be able to communicate with the highest bandwidth possible with the rest of your organization. Perfect OPSEC is useless if it makes you unable to function.
+- To be resilient you must have enough security to thwart your adversary and a defense in depth mindset to ensure that even in case of a successful attack your whole operation isn't toast.
+
+
+Threat modeling and risk analysis are skills that are highly sought for by companies themselves in order to protect their assets, cybersecurity professionals spend years cultivating them. This was a primer, I invite you to read more on the subject or get in touch if you need coaching or help doing this for your own operations.

qubesos/index.md

@@ -1,155 +0,0 @@
----
-author: Prism Breaker
-date: 2024-12-20
-gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/42"
-xmr: 87iB34vdFvNULrAjyfVAZ7jMXc8vbq9tLGMLjo6WC8N9Xo2JFaa8Vkp6dwXBt8rK12Xpz5z1rTa9jSfgyRbNNjswHKTzFVh
----
-# Qubes Host OS setup guide 
-
-
-**DISCLAIMER: Qubes OS is not suitable as a Host OS for our long-term [Deniability tutorials](../deniability/index.md) because it lacks the [live mode and ram-wipe](../livemode/index.md) feature** (which is a hard requirement), we consider Qubes OS as suitable for Private and Anonymous uses at best, **IT CANNOT be used for long-term sensitive use** unlike with our main [Kicksecure Host OS](../linux/index.md) recommendation.
-
-![alt text](image-1.png)
-
-([related forum thread](https://forum.qubes-os.org/t/what-is-the-consensus-on-running-vms-in-a-hidden-veracrypt-volume/28721/9))
-
-Official site of Qubes OS <https://www.qubes-os.org>
-
-When you land into this tutorial, I assume you already have some Linux experience, if not this might not be suitable for you, since Qubes OS is **not very user-friendly**. I recommend you to try some normal Linux distribution first [How to Install Linux as a beginner](../linux/index.md)
-
-Qubes OS is a very cutting edge OS that uses virtualization everywhere to compartmentalize your digital life. It is technically not a Linux distribution, it is built on Xen which is a type 1 hypervisor that runs on bare metal, <https://en.wikipedia.org/wiki/Xen>
-
-First you have Xen hypervisor booted at startup, then you get separate VM for all of your activities. Because all of your activities are separated by VM, one of them get hacked will not compromise the security of your entire system. It is like manage your personal pc like a server, that is why Qubes OS is a highly secure OS if used correctly
-
-If you want to dive into the tech details and concepts about Qubes, official document is the best place <https://www.qubes-os.org/intro/>
-
-
-
-## **Comparison**
-
-Why you should use Qubes OS instead of xyz config I use?
-
-1.Easier network configuration
-
-Qubes OS is designed to have a basket of different VMs with different **trust level** , and has a very easy menu in GUI to manage the network of these VMs. Qubes OS also has built-in firewall function to stop unexpected leaks. In short, it is less likely for you to make mistakes in Qubes
-
-For example if you want to have many different network configs like below link to satisfy your different online identities, Qubes OS is the right tool.
-
-[Theories about building up your online identities](../internetsegmentation/index.md). Check this theory about online identities, with Qubes OS you can easily build up chains of vm for doing whatever you want, for example different combination of vpn/proxy/tor
-
-![](qubes-trust-level-architecture.png)
-
-A image that shows Qubes OS with different vm for different functions and identities
-
-2.Integrated Whonix
-
-Qubes OS integrate whonix gateway and workstation by default, thus tor browser works out of the box. You can also use whonix gateway to torrify applications that do not support tor and be guaranteed it is leakproof. You can achieve all of these with some clicks of buttons, and no complicated iptables needed
-
-For learning what is whonix <https://www.whonix.org/wiki/FAQ>
-
-3.Superior safety
-
-Xen is a hypervisor that has a much smaller codebase than vmware/virtual box/kvm, it is possible to read and audit the entire code base. Besides qubes OS also put networking and usb service stack into VM, this feature greatly increases your host OS security from malicious network and usb. The days when you just plug in a bad usb into your computer and it booms are gone!
-
-## **Installation preparation**
-
-If you decided to install and try Qubes OS, then you must pick the correct hardware, since Qubes OS is a very cutting edge OS you should expect some compatibility issues.
-
-For desktop PC actually you should not worry too much, I have installed Qubes OS on many intel/amd platforms, with all kinds of peculiar combination of cpu and gpu, it all works. As long as you are on a quite modern platform with common consumer gpu, you should be fine
-
-This is the official hardware compatibility list, but be aware it is definitely incomplete, since people runs Qubes OS without problem mostly do not bother to report their config <https://www.qubes-os.org/hcl/>
-
-For laptops, you should be careful, you better get a mainstream business laptop. I tried many installations on Lenovo or hp business laptops from recent years, they all worked fine. However, you should especially try to avoid laptops from non-traditional vendors like Xiaomi or whatever Chinese brand, and any gaming laptop with very peculiar gpu setup.
-
-Next thing is to download the installation ISO, go to their website and download
-
-![](Screenshot From 2024-12-05 11-20-03.png)
-
-Download the ISO and hash digest
-
-Next thing is to **verify** your ISO file is authentic, Qubes OS has a very detailed guide on how to do that so there is no need for me to build the wheel again <https://www.qubes-os.org/security/verifying-signatures/>
-
-I will paste the master key fingerprint here for comparison:**427F11FD0FAA4B080123F01CDDFA1A3E36879494**
-
-Next step is to find an usb, make sure it is at least 16GB, then find its path
-    
-    
-    $ sudo blkid	
-    
-
-For example my usb is located at /dev/sda, then we use dd to burn the image into usb
-    
-    
-    $ sudo dd if=file_name.iso of=/dev/sda status=progress
-    
-
-Warning: dd is a low level tool aka **data destroyer** , check the parameters carefully and make sure parameters behind "of" points towards your usb, otherwise it might nuke your computer !!!
-
-## **Install**
-
-Next thing is to reboot into your computer and enter BIOS(EFI), this is different for every platform so you should find it out on google.
-
-You need to make two changes in BIOS basically, first you need to turn off secure boot(I know this is sad), but unfortunately secure boot and Xen did not work together on most consumer grade machines. I personally recommend only use qubes at home pc, or those so called "Qubes certified" laptops equipped with heads(What is heads : <https://trmm.net/Heads/>) that can protect your boot partition and has anti-evil maid features <https://www.qubes-os.org/doc/certified-hardware/>. 
-
-Next if you are on UEFI mode you need to enable "CSM". <https://superuser.com/questions/1284392/what-exactly-is-uefi-with-csm-boot-mode>. You also need to find that in your bios menu, it should usually appear below boot options. This can fix a lot of potential troubles later
-
-Final thing is remembering to turn on vt-x or cpu virtualization support, since this is needed for Qubes. Check your bios, if there is a setting called IOMMU, you also need to enable that
-
-For example, you can expect something look like this
-
-![](../linux/19.png)
-
-![](../linux/20.png)
-
-Finally, reboot and choose your usb as a boot device
-
-![](Screenshot From 2024-12-05 16-26-38.png)
-
-If things worked correctly, you should see a menu like this, just click enter and wait
-
-![](Screenshot From 2024-12-05 16-28-18.png)
-
-At this step, click "continue", if your computer is fully compatible and all bios settings are correct, you should see no warning message, otherwise go back to check bios again. If your computer is not some ancient stuff it should be compatible
-
-![](Screenshot From 2024-12-05 16-28-40.png)
-
-At this step you need to config the disk, click the installation destination
-
-![](Screenshot From 2024-12-05 16-29-00.png)
-
-If you are installing on a fresh drive just check the three areas on the pictures
-
-Next is to choose a disk encryption password, notice this is the password used to encrypt your disk and is the only thing protects you when FBI kicks your door, so make sure it is strong enough
-
-![](Screenshot From 2024-12-05 16-29-12.png)
-
-Select "delete all" and "reclaim space", make sure you **backed up** everything!
-
-![](Screenshot From 2024-12-05 16-29-23.png)
-
-Next create a user with password, this is the password you will use to unlock the screen
-
-![](Screenshot From 2024-12-05 16-29-33.png)
-
-Next choose "Begin Installation", and just wait until it is completed.
-
-## **Post Install Setup**
-
-You still cannot use your qubes at this step, since you need to run post install setup.
-
-![](Screenshot From 2024-12-05 16-40-34.png)
-
-These configs in most situation do not need to be changed, however if you are using wired connection you can make sys-net disposable, this increases your security a little bit.
-
-If you are using wireless network through a usb dongle you might need to choose "Use sys-net qube for both networking and USB devices"
-
-You can also enable system and template update over tor, but this will make it significantly slower for big updates. And there is no need to touch the advanced configuration.
-
-Click done and let the scripts run, do not interrupt it by closing your computer, it might seem unresponsive for a while.
-
-![](Screenshot From 2024-12-05 17-40-39.png)
-
-And finally we get our Qubes, in next tutorial we will start to compartmentalize our online activities by creating different qubes.
-
-Next tutorial : [How to use qubes for different online activities](../qubesosnetwork/index.md)
-

qubesosnetwork/index.md

@@ -1,250 +0,0 @@
----
-author: Prism Breaker
-date: 2024-12-20
-gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/260"
-xmr: 87iB34vdFvNULrAjyfVAZ7jMXc8vbq9tLGMLjo6WC8N9Xo2JFaa8Vkp6dwXBt8rK12Xpz5z1rTa9jSfgyRbNNjswHKTzFVh
----
-# How to navigate qubes OS and segment your internet uses 
-
-**DISCLAIMER: Qubes OS is not suitable as a Host OS for our long-term [Deniability tutorials](../deniability/index.md) because it lacks the [live mode and ram-wipe](../livemode/index.md) feature** (which is a hard requirement), we consider Qubes OS as suitable for Private and Anonymous uses at best, **IT CANNOT be used for long-term sensitive use** unlike with our main [Kicksecure Host OS](../linux/index.md) recommendation. ([related forum thread](https://forum.qubes-os.org/t/what-is-the-consensus-on-running-vms-in-a-hidden-veracrypt-volume/28721/9))
-
-![alt text](../qubesos/image-1.png)
-
-
-
-In this tutorial we will set up the environment for public, private and anonymous online identities, and how to use qubes os.
-
-If you are still not familiar with the identity model please check this link [Theories about building up your online identities](../internetsegmentation/index.md)
-
-
-
-## **Some glossary**
-
-For Qubes OS there are something you need to know, otherwise you will be really confused when using the OS
-
-0.Xen: Everything that Qubes OS built on this, a type 2 hyervisor
-
-1.qube: That is basically a vm, each qube is intended to do a single task for isolation. But it is not quite like the common vm you used to see on vmware or virtualbox
-
-2.dom0: This is the admin vm, it is still a vm, but it is very special vm with all the tools to control the entire machine. It never connects to the network and no files from other qubes should touch it, once it gets compromised you are done
-
-![](structure.png)
-
-3.Template VM: Template VM is like the concept of "class" in programming language, you will install all the applications you like in template vm, and appvm will simply share the root partition with the template vm, so appvm only needs to keep its own /home directory, this greatly saves disk space and time you spent on software update.
-
-Template VM do not connect to network by default for safety, since if they are compromised all the app vm spawned by them are also done. Updates are conducted through a special proxy so attack surface is minimized
-
-4.App VM: Lightweight VM spawned from template VM, any changes done to root partition will not persist across boot, it is meant to only use software installed from template VM and save your work in /home
-
-![](appvm.png)
-
-5.PVH: a para virtualization mode, which means some costly actions are not performed in the vm, instead they are done in the host through a special interface to make vm runs faster
-
-Most qubes will run under PVH mode
-
-6.HVM: Full virtualization, no host assistance. Only used in situation where PCI passthrough is required, or you installed your own special qube like windows
-
-7.Disposable VM: This is a special App VM, it is spawned from a disposable VM template every time when needed, but is destroyed immediately after the task without anything being saved. Ideal for performing some known dangerous activities
-
-8.PCI passthrough: By default qubes OS qube do not touch any peripheral devices for example usb or network card, if you want some qube to do something with the hardware, you need to do a PCI passthrough. For example if you want to setup a network qube you need to pass through the network adapter
-
-9.Standalone qube: These are the qubes that do not depend on template vm, you either copied it from a template or installed it yourself
-
-This is all the basic concepts you need to know, now we start our exploration
-
-## **Network blueprint**
-
-Qubes already comes with many default qubes, you can find them inside the qubes manager
-
-On the desktop, right click and choose "Open terminal here", you will get a terminal in dom0 
-
-![](terminal.png)
-
-Input "qubes-qube-manager", and click enter you will get the qubes manager
-
-![](manager.png)
-
-Now we are going to explain these default qubes
-
-0.Template qubes
-
-Qubes with the name "debian-12-xfce", "fedora-40-xfce", "whonix*" are template vms, you can install software in these template qubes, and use them in the app qubes
-
-1.sys-usb
-
-![](usb-qube.png)
-
-A qube that did not connect to network, and is responsible for providing **usb service** only, if you have usb keyboard or mouse it might also proxy the input for you. In some circumstances when you have an usb wifi dongle it also becomes the factual network qube
-
-This is installed by default and is a disposable vm
-
-1.sys-net
-
-![](net-qube.png)
-
-This is where everything starts, you need to passthrough your Ethernet adapter(wired or wireless) to a qube, and that qube will be used to as a first part in the network chain
-
-Since it is directly in contact with network adapter and the routers, it should be considered as untrusted because it is exposed to a lot of uncertain stuff
-
-It is installed by default and only intended to be used as a **basic router** and nothing else
-
-2.sys-firewall
-
-The qube that separate the rest of your network chain from the sys-net for better security, and it is also the qube that **enforces firewall** rules if you have vpn qube directly behind it.
-
-If you have any public identity it is best to directly connect it to sys-firewall, for example online banking
-
-![](firewall-qube.png)
-
-Each qube can select its own network qube, if none is selected it will not have internet at all. sys-firewall here set sys-net as its network qube
-
-![](firewall-net.png)
-
-And any qube provides network service need to enable **provides network** in advanced tab below "Run in debug mode"
-
-![](firewall-service.png)
-
-Any qube directly connect to sys-firewall will have your home isp ip address, best suited for public activity, for example online banking
-
-3.vpn qube
-
-A qube setup with vpn profile, redirect all the traffic to your designated vpn server. Ideal for providing a **pseudonymous** identity. If applied with firewall rules it can be guaranteed leakproof
-
-Qubes OS works fine with wireguard and openvpn cli programs, but for vpn vendor's own gui there might be problems, sometimes those apps break the dns setup in qubes
-
-Mullvad has a very detailed tutorial on how to setup a vpn qube <https://mullvad.net/en/help/wireguard-on-qubes-os>. However, iptables mentioned in it is already deprecated by Qubes, but it still works without DNS hijack config.
-
-![](vpn-qube.png)
-
-If you have any pseudonymous activities it is best to connect behind vpn qube, for example torrenting
-
-4.whonix qubes
-
-Whonix is the best part of qubes, it makes tor very easy to use. Whonix qubes consists of two parts, first is whonix gateway, which onionize all the network traffic behind it. Whonix workstation is a workstation specifically tuned for anonymity, and is usually disposable for increased security
-
-You can also hook up other non workstation qubes behind whonix gateway in rare circumstances, for example a windows qube, but you should be careful and should have a specialized gateway qube only for this.
-
-This is the ideal place for all the high risk activities like all the **darknet** stuff
-
-You might choose to wheter or not to put whonix gateway behind a vpn
-
-![](whonix-qube.png)
-
-## **Setup the vm according to network blueprint**
-
-Now we are about to setup the qubes according to the previous network blueprint, we are about to setup a banking vm, torrent vm, and darknet vm
-
-And they fit in different places of our network identity threat model obviously
-
-![](threat_level.png)
-
-**Public Use: Banking VM**
-
-In a public use setup, you can run closed source software, or access service that is directly tied to your real life identity.
-
-Let's go back to our qubes manager, click "New qube" in the top left corner
-
-![](create.png)
-
-First name it as "banking", and we assign it with **Yellow** tag, since it is for banking identities, so yellow is a medium trust score for me. Color tag is a very important feature of qubes, every qube has its own color tag for avoiding you accidentally type something sensitive in a insecure vm. Dom0 always has the special **White** tag
-
-For Type and Template I just leave it as AppVM and fedora-40-xfce, since this is exactly what I want
-
-For networking, I choose "sys-firewall", since I want my bank to see my home ip address instead of my vpn ip and get my account banned
-
-Now click ok and the qube will be created, you can find your qube app menu on the top left **Q** icon, then we can open firefox and start banking
-
-![](banking.png)
-
-**Private use: Torrent VM**
-
-In a private use setup, you should only use FOSS software, and use a vpn service for hiding your home ip 
-
-First we start a template vm, for example debian in this case, and install transmission
-
-![](template_install.png)
-
-After installation enter "sudo poweroff" to shut down the qube, make sure it is shutdown, since your changes in template qube only get reflected when it is shutdown **at least once!**
-
-Next go back to qubes manager, and create a new qube called torrent, I assume you already set up a vpn qube according to the mullvad tutorial mentioned above
-
-![](torrent_vm.png)
-
-First give it a name called "torrent", and I personally think this qube has a medium trust score, so it is given a yellow tag.
-
-We still leave it as appvm, and choose template as debian, since this is the template we just installed transmission
-
-Most importantly set the networking to **vpn qube** you just setup, if you do not want DMCA notice get sent to your home. Then click ok, and the qube will be created
-
-For accessing transmission app easily, we will add the transmission app into our "Q" menu which is in the top left corner
-
-Right click the torrent qube in the manager, choose "settings", and choose "application"
-
-![](torrent_transmission.png)
-
-Find "Transmission" on the left, click it, and click the ">" icon in the middle, then click ok. Now transmission will be visible in the app menu
-
-![](transmission_on.png)
-
-Now happy torrenting
-
-**Anonymous use: Darknet VM**
-
-Same as private setup, but you should use tor instead of vpn
-
-Here we use whonix workstation to access dread for exploring the darknet
-
-If you follow the default setting during the installation config, you should have disposable whonix workstation installed by default, which means we do not need to create anything
-
-Try to find something named "whonix-workstation-17-dvm" in the qubes Q menu, click "Tor Browser(AnonDist)", and you will get a disposable vm running tor browser. This is great since anything happen inside this vm get destroyed after you shut down the browser
-
-![](whonix_dread.png)
-
-If you see something as **disp** on the vm windows title, then you are on a disposable vm, congrats!
-
-## **Tips**
-
-There are some tricky problems about qube, like how to copy and paste text between qubes, and how to transfer files, or how to use usb.
-
-For copy text, there is a master pasteboard in dom0, once you copy some text normally inside a qube, click shift+ctrl+c, then the text get transferred to the master pasteboard, and go to the vm you want to paste, click shift+ctrl+v, then the text is inside the clipboard of your destination vm
-
-![](copy_in_vm.png)
-
-For example you first copy some text inside a vm, then click SHIFT+CTRL+C
-
-![](master_pasteboard.png)
-
-Then you will see a message about Global Clipboard
-
-Go to your destination vm and click CTRL+SHIFT+V, then you will see a message says Global Clipboard wiped
-
-![](master_pasteboard_wiped.png)
-
-Then just paste as normal
-
-![](destination_paste.png)
-
-![](text_arrived.png)
-
-For copying file between vm you need to use qvm-copy command inside the vm
-
-First we created a test file called "new_file"
-
-![](file_await_transfer.png)
-
-Then we use "qvm-copy" command, and choose "banking" vm in the dom0 prompt.
-
-`qvm-copy new_file`
-
-![](copy_destination.png)
-
-Then you can see the new_file in banking vm
-
-![](file_arrived.png)
-
-Files from other VM are all located inside **~/QubesIncoming**
-
-Other stuff are inside the official document, no need to rebuild the wheels again
-
-[All the qubes "how to" guide](https://www.qubes-os.org/doc/getting-started/)
-