Track Awesome Qubes OS Updates Weekly

A curated list of awesome qubes os links

🏠 Home · 🔍 Search · 🔥 Feed · 📮 Subscribe · ❤️ Sponsor · 😺 xn0px90/Awesome-Qubes-OS · ⭐ 94 · 🏷️ Miscellaneous

[ Daily / Weekly / Overview ]

Nov 18 - Nov 24, 2024

Qubes OS Server / Unikernel-like

• borg-offsite-backup (⭐3) - help back up Qubes VMs and ZFS file systems.

Nov 11 - Nov 17, 2024

Qubes OS Websites

• Qubes OS Developer Books - A list of various books that might be useful in learning some basics needed for Qubes development.

Downloading, Installing, Upgrading, and Building

• Qubes OS 4.3 Weekly Alpha Builds - Qubes OS 4.3 Weekly Alpha Build download.

How-to guides

• Inter-qube file copying (qfilecopy) - File copying with qfilecopy.

• Qubes Salt Beginner’s Guide - How to guide for beginners who enjoy an hands-on introduction with examples.

• Reverse Tethering & Screen Mirroring Qube for Android Device - Control your Android Device from Qubes OS while providing Network to the Android Device.

• How to migrate qubes to a new computer - How to efficiently migrate qubes to a new computer with a direct network connection

• USB MFP printer/scanner - How to get a USB MFP printer/scanner working in R4.2

Templates

• Manually Verifying Hashes of Installed Files - This guide explains how to manually verifying hashes of installed files.

• Pentesting: Parrot - Parrot Security is a Debian-based OS with over 600 tools for hacking, pentesting and software development. It is free, open source, secure, portable and customizable for various environments and devices

• Prestium OS - Prestium OS is a Tails OS-like live linux distro.

• Android VM options - There are multiple “android on PC” type distributions that one could try in a VM. Here are the 3!

• Waydroid template - This guide is for setting up minimal Waydroid template.

• Ubuntu 2022.4 minimal - Ubuntu 22.04 (Jammy Jellyfish) Releasesis an open-source software platform that runs everywhere from the PC to the server and the cloud.

• Ubuntu 2024.4 minimal - Ubuntu 24.04.1 (Noble Numbat) ReleasesUbuntu is an open-source software platform that runs everywhere from the PC to the server and the cloud.

• GuixOS HVM - Install Guix OS in a standalone HVM

• Zoom Disp VM - Running Zoom in a DispVM.

• PrestiumOS HVM - Prestium OS is a Tails OS-like live linux distro.

• PiHole Cloudflared (⭐1) - PiHole Cloudflared in QubesOS with NextDNS (DNS over Https).

• Fedora template in-place upgrade - How to upgrade a Fedora template in-place.

VM-Hardening

• Kicksecure for DISP-sys* - How to create disposable sys-usb, sys-net, sys-firewall off a debian-11 minimal template with Kicksecure and other hardening features for DISP-sys*.

• Easily NAT qubes port to external network - A script to ease the work of doing a NAT to expose a qube port to the physical network interface.

• Install Qubes OS with boot partition and a detached LUKS header on USB - The encrypted disk will look like an unused/empty unpartitioned disk.

• Custom preferences for Brave browser in disposable qube - The initial_preferences json file can be used to configure the preferences that will be used by default in newly created profiles.

• Hardening sys-net - This guide works no matter whether or not you chose disposable sys-net or not. no nonsense guide, Lets get in!

• Nix in a Qubes OS AppVM - How to install Nix in an AppVm.

• No file indexing - Disable file indexing in disposable qubes

• Qubes Shutdown Idle Script (⭐4) - This is a simple script that watches the current qube for idleness and, if it's idle for more than 15 minutes (timeout time is defined in qubesidle.idleness_monitor), shuts it down.

• qubes-ssh-agent (⭐3) - This is an alternative approach to the existing qubes split-ssh.

Customization

• Playback performance - This guide will show you how to install the mpv player and use it with maximum performance.

• qubes-salt-video-playback - Qubes SaltStack configuration of Videos Playback VM

• Sys-gui Customization - Minimal Fedora and Alternate Desktop Environments / Window Managers (DE/WMs)

• Tiling XFCE - Titled windows in XFCE with shortcut keys.

• Dark Theme - The following text describes how to change the default light theme to a dark theme.

• Rxvt Terminal - rxvt-unicode is an advanced and efficient vt102 emulator.

• CPU monitor per VMs - Individual VM monitoring.

• Custom App entries for the Q Menu - App menu shortcut troubleshooting.

• xfce dark mode - Xfce global dark mode in Qubes

GPU

• Gaming HVM) - HVM for gaming!

• Salt: automating NVIDIA GPU passthrough - This “guide” aims to explore and give a practical example of leveraging SaltStack to achieve the same goal as NVIDIA GPU passthrough into Linux HVMs for CUDA applications.

• Qubes SaltStack configuration of Videos Playback VM - An mpv salt start step-by-step easy guide.

• Improve video playback performance including YouTube (ytfzf) - This guide will show you how to install the mpv player and use it with maximum performance.

• GPU passthrough with lots of RAM - GPU passthru with max RAM

ML, LLM & AI

• Running local LLMs with or without GPU acceleration - This guide explains how to install text-generation-webui (oobabooga) on Qubes OS.

Clearnet & Anonymous Networking / OpenVPN

• Fedora 40 Minimal(OpenVPN) - Qubes 4.2 - Six Easy Steps!

Clearnet & Anonymous Networking / VLESS

• VLESS obfuscation VPN - The protocol mimics a long-running https session of Chrome and is hard to detect by DPI systems.

Clearnet & Anonymous Networking / Tor

• Snowflake Proxy in QubesOS - A Qubes-Whonix-17 Tor Control Panel snowflake proxy fix/installation guide.

• Qubes Tor onion services - Qubes OS Tor .onion links

• Onionizing Repositories - The guide explains how to configure experimental Tor onion services for APT repositories.

• QubesOS to be remotely manageable thru tor - QubesOS to be remotely manageable from on-demand, ephemeral, hidden onion service to dom0/AdminVM.

• Qubes-Whonix development notes - Whonix development notes.

• Tips on Remaining Anonymous - The wiki page provides guidelines and good habits for online privacy and security, with a focus on distinguishing between anonymity and pseudonymity.

Clearnet & Anonymous Networking / Anonymity

• LocalSend -Free, open-source app that allows you to securely share files and messages with nearby devices over your local network without needing an internet connection. Basically, a platform neutral “airdrop”.

• Tailscale Setup - How to create template and install Tailscale.

Clearnet & Anonymous Networking / Crypto

• Ultimate Guide on Using Trezor on Qubes - his guide explains how to use Trezor cryptocurrency hardware wallets on Qubes OS.

Kernels / Crypto

• Rump (⭐1.1k) - Rump kernels enable you to build the software stack you need without forcing you to reinvent the wheels.

Kernels / Unikernels

• Unikraft - Unikraft powers the next-generation of cloud native applications by enabling you to radically customize and build custom OS/kernels, unlocking best-in-class performance, security primitives and efficiency savings.

• Unik (⭐2.7k) - A platform for automating unikernel & MicroVM compilation and deployment.

Qubes OS Server / Unikernel-like

• Multi-user Qubes: Using sys-gui to make non-adminstrative user logins - Here we try to create restricted sys-guis, where they only need to see the parts that pertain to them. Basically a administrative gui login (dom0), and a restricted user sys-gui login.

• Qubes Admin Policies/API - The qubes admin policies are core to modern qubes.

• Opensnitch Nodes -A node is a daemon running on a machine. You can install the daemon on multiple machines, and manage them from the server

• Qubes sync git repositories with dom0 - This solution is intended have git repos easily in sync with dom0.

• Salt (management software) - Salt allows administrators to easily configure their systems.

• Salt Beginner's Guide - Guide for beginners who enjoy an hands-on introduction with examples.

• qubes-mgmt-salt-dom0-qvm (⭐13) - Salt can manage many Qubes settings via the qvm state module.

• Virtual Machine Formulae - Salt allows administrators to easily configure their systems. In this guide we will show how it is set up and how you can modify it for your own purpose.

• Configuration Management - A collection of guides about creating Salt formulas in Qubes OS and distributing them as RPM packages to take advantage of the secure updates mechanism for dom0.

• Offcial Salt Documentation - Salt is an event-driven automation tool and framework to deploy, configure, and manage complex IT systems.

• Official Salt User Guide - Salt user guide

• qusal (⭐20) - Salt Formulas for Qubes OS.

• qvm-firewall - Manage VM outbound firewall.

• Qubes Admin python modules - Python Module Index

• Qubes network dom0 display - a simple script to run in dom0 (easy to audit) that will output a hierarchy tree of netvm and their qubes.

• Colored! network information - Colorful network information with iptables & ip.

• Visualize Qubes Configuration Without Trust - Visualize Qubes Configuration with the Qubes Admin API.

• SSH or VNC into Qubes dom0 - tutorial on how to SSH or VNC in to dom0

• qubes-remote-support-receiver dom0 scripts (⭐3) - Scripts to configure dom0 to allow remote connections.

• Web VNC - Running Qubes in the Browser

• VNC (⭐8) - SystemD services for creating VNC server session in dom0 or any qube.

• Software RAID (mdadm) Qubes Installation Procedure - CLI & Software Raid installation procedure.

Exploitation Tools / Unikernel-like

• sys-mitm (⭐39) - A man-in-the-middle Qube for your traffic analysis needs.

Optics and Extra Info / Qubes OS Summit - 3mdeb Summit videos

• Qubes OS Summit 2024 - Day 1

• Qubes OS Summit 2024 - Day 2

Optics and Extra Info / Xen project summit 2024 videos

• Demi Marie Obenour: Reasonably Secure GPU Acceleration

• Marek Marczykowski-Górecki: Host and Guest Suspend Under Xen - S3 and S0ix

• Marek Marczykowski-Górecki: Linux Stubdomains Status Update

• Full xen project summit 2024 playlist

Optics and Extra Info / UX - User Experience

• UX Jackie - Qubes OS AppMenu Design Direction. Part of 2020/21 MOSS funded UX work.

Optics and Extra Info / Extra Info

• Backups in Qubes - Learn how and why to back up your data on Qubes OS.

Training and Materials / Extra Info

• Qubes OS for Anarchists - Qubes OS for Anarchists | Guide & Best Practices

• The Guardian's Deep Dive into Qubes OS: a Secure Solution for Whistleblowing and Journalism - The Guardian's engineering team recently shared their experience with Qubes OS, a security-focused desktop operating system.

• Free e-book Foundation - Free ebooks to help your journey!

Social media / Extra Info

• Dread - Dark Net QubesOS .onion forum room.

Oct 28 - Nov 03, 2024

Clearnet & Anonymous Networking / Crypto

• Split Monero Wallet - With Qubes + Whonix you can have a Monero wallet that is without networking and running on a virtually isolated system from the Monero daemon which has all of its traffic forced over Tor.

Oct 14 - Oct 20, 2024

Downloading, Installing, Upgrading, and Building

• Qubes OS 4.2.3 - Qubes OS 4.2.3 download.

• Qubes OS 4.2.3 Weekly Builds - Qubes OS 4.2.3 Weekly Build download.

Jul 08 - Jul 14, 2024

Clearnet & Anonymous Networking / OpenVPN

• How To make a VPN Gateway in Qubes - Qubes includes a number of tools that can make the client-side setup of your VPN more versatile and secure.

Clearnet & Anonymous Networking / Anonymity

• Lokinet - Lokinet is the reference implementation of LLARP (low latency anonymous routing protocol), a layer 3 onion routing protocol.

Dec 25 - Dec 31, 2023

Templates

• Pentesting: Kali - How to create a Kali Linux VM.

Qubes OS Legends / Extra Info

• ClaraCrazy (⭐39) - Qubes OS Discord server owner & Just amazing!.

Nov 27 - Dec 03, 2023

Templates

• Auto Minimal Debian Template Creation - This page summarizes how to automate debian-minimal based template creation.

Qubes OS Server / Unikernel-like

• Port forwarding - Qubes-os port forwarding to allow external connections

Nov 20 - Nov 26, 2023

Templates

• audio-qubes - An audio qube acts as a secure handler for potentially malicious audio devices, preventing them from coming into contact with dom0

• Pentesting: BlackArch - BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers.

• Pentesting: PTF - "The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing.

Nov 13 - Nov 19, 2023

Templates

• Qvm-Create-Windows-Qube (⭐346) - Qvm-Create-Windows-Qube is a tool for quickly and conveniently installing fresh new Windows qubes with Qubes Windows Tools (QWT) drivers automatically.

Customization

• Bash completion - How to install bash completion for Qubes OS commands.

• Qubes-Scripts (⭐11) - Collection of custom scripts for Qubes OS.

Nov 06 - Nov 12, 2023

How-to guides

• How to resize dom0 - Just in case anyone needs help with this to resize dom0 from 20G to 50G.

• How to open Urls in other qube - This page is about opening URLs and files from one qube in a different qube.

Templates

• archlinux-minimal template - This is a community guide, not an official guide.

• Building a TemplateVM for a new OS - If you don’t like using one of the existing templates because of specific administration, package management or other building needs, you can build a TemplateVM for your distribution of choice.

• NetBSD templates - Createa NetBSD template

• Linux HVMs - Fixing Linux distro HVMs

• Multimedia template - Configuring a “Multimedia” TemplateVM

• Windows Qubes - Like any other unmodified OSes, Windows can be installed in Qubes as an HVM domain.

• Tails OS - Tails stands for The Amnesic Incognito Live System. It is a live operating system that aims to preserve your privacy and anonymit.

• Shadow qube (⭐7) - The below script will create a Qube, launch the Tor browser, wait for the browser to close, then remove the qube and its RAM pool.

VM-Hardening

• Dom0 secure updates - Updating dom0

• nft Firewall - This is an example for a TCP redirection, for UDP you would have to replace tcp by udp.

• Signal - It uses end-to-end encryption to secure all communications.

• Split SSH - Split SSH implements a concept similar to having a smart card with your private SSH keys, except that the role of the “smart card” is played by another Qubes AppVM.

Customization

• DPI scaling - Qubes OS passes on dom0’s screen resolution to VMs (this can be seen in the output of xrandr) but doesn’t pass on dom0’s dpi value.

• Wayland agent (⭐16) - This is a GUI agent for Qubes OS that supports the [Wayland] display server protocol. Compared to X11, Wayland is vastly simpler and aims to ensure every frame is perfect.

Troubleshooting

• Mounting a qube’s private storage in another qube - Useful for data recovery.

• Traffic Analysis in Qubes OS - You can place a ProxyVM between your AppVMs and Your NetVM. This way we can create an ideal topology for traffic analysis.

• Analyze Qubes OS VM (⭐1) - Analyze Qubes OS VM startup performance.

• Url redirector (⭐35) - This is a browser extension, aimed to improve surfing security.

• Changing your Time Zone - Change the system’s time zone in terminal you can issue the timedatectl command with the option set-timezone.

Clearnet & Anonymous Networking / Wireguard

• Mullvad VPN (Fedora38 + WG) - Privacy-first VPN provider's guide for Qubes OS. This guide bears an optimal method for setting up a WG ProxyVM (i.e sys-vpn); you may substitute out Mullvad's WG configuration files in place of your own.

• Wireguard setup - This guide assumes you are using a VPN service that has wireguard support.

Clearnet & Anonymous Networking / OpenVPN

• Mullvad VPN (Dedian 12 + OVPN) - Privacy-first VPN provider's guide for Qubes OS.

Clearnet & Anonymous Networking / Anonymity

• Really disposable ram based qubes - You can use your QubesOS 𝚜𝚝𝚊𝚝𝚎𝚕𝚎𝚜𝚜 just like TailsOS, with persistent storage for VMs. That is pretty simple! It takes 6Gb of extra 𝚁𝙰𝙼 (for store root filesystem files).

• How to bypass the GFW on Qubes OS when you’re in China - The purpose of this article is to provide several feasible ways to bypass the GFW for you to choose.

Exploitation Tools / Unikernel-like

• Hyperdbg (⭐2.9k) - HyperDbg Debugger is an open-source, community-driven, hypervisor-assisted, user-mode, and kernel-mode Windows debugger with a focus on using modern hardware technologies. It is a debugger designed for analyzing, fuzzing, and reversing.

Optics and Extra Info / Extra Info

• Hipervisor From Scratch (⭐2.2k)- Source code of a multiple series of tutorials about the hypervisor.

Oct 30 - Nov 05, 2023

Optics and Extra Info / Qubes OS Summit - 3mdeb Summit videos

• Qubes OS Summit 2023 - Day 2

Oct 16 - Oct 22, 2023

Clearnet & Anonymous Networking / DNS

• dnscrypt-proxy - Run dnscrypt-proxy inside of sys-net to encrypt and secure dns-requests.

Oct 02 - Oct 08, 2023

Optics and Extra Info / Qubes OS Summit - 3mdeb Summit videos

• Qubes OS Summit 2023 - Day 1

Apr 10 - Apr 16, 2023

How-to guides

• How to Implement TPM Boot Verification - Verify and validate boot process using PCR without Heads or AEM on systems using TPM 2.0

Customization

• QubesOS Autostart Menu (⭐0) - Speed up system boot process with a custom launch script

• sys-VPN notification setup - Get VPN stats as a desktop notification

Mar 06 - Mar 12, 2023

How-to guides

• How to persist Tailscale tunnel in QubesOS (⭐2) - Tailscale is a mesh private network that lets you easily manage access to private resources or quickly SSH into devices on your network.

• How to use Qubes for journalists and Humans Rights Defenders (⭐17) - A suite of tools for improving and streamlining the use of Qubes OS for reporters, edtiors, lawyers and aid workers. Work in progress.
  • PAM distress login for xscreensaver - A simple setup for sending a distress email if forced to login to desktop beyond LUKS passwords.
  • Automated Arkenfox Qubes browser install (⭐17) - Arkenfox config install for journalists

Feb 06 - Feb 12, 2023

Exploitation Tools / Unikernel-like

• AFL++ (⭐5.2k) - AFL++ is a superior fork to Google's AFL - more speed, more and better mutations, more and better instrumentation, custom module support, etc.

• Capstone - Capstone is a lightweight multi-platform, multi-architecture disassembly framework.

• Coredump (⭐7) - Access Microsoft Windows Coredump files.

• Kvm (⭐40) - KVM memflow connector.

• Pcileech (⭐21) - Access pcileech interface.

• Qemu_procfs (⭐41) - Access QEMU Physical memory.

• Unicorn - Unicorn is a lightweight multi-platform, multi-architecture CPU emulator framework.

Exploitation Tools / Xen Exploitation

• Blackhat 2010 - Hacking the Hypervisor

• Blackhat 2014 - [Website Slides] - Lessons Learned from Eight Years of Breaking Hypervisors

• Blackhat 2015 - [PDF Slides] - Attacking Hypervisors Using Firmware And Hardware

• Ouroboros - Tearing Xen Hypervisor With the Snake

• XenPwn - [PDF Slide] - Breaking Paravirtualized Devices

Exploitation Tools / Web articles

• Xen exploitation part 1: XSA-105 - From nobody to root

• Xen exploitation part 2: XSA-148 - From guest to host

Optics and Extra Info / Qubes OS Summit - 3mdeb Summit videos

• Qubes OS summit 2022 - Day 1

• Qubes OS summit 2022 - Day 2

• Qubes OS-3mdeb mini-summit 2021 - Day 1

• Qubes OS-3mdeb mini-summit 2021 - Day 2

Optics and Extra Info / Extra Info

• GPU Virtual Machine (GVM) - An OpenMdev Project (Qubes OS Summit 2022)

• Micah Lee presents - “Qubes OS: The Operating System That Can Protect You Even If You Get Hacked”

• Explaining Computers presents - “Qubes OS: Security Oriented Operating System”

Jan 30 - Feb 05, 2023

VM-Hardening

• Qrexec: Qubes RPC internals - The qrexec framework consists of a number of processes communicating with each other using a common IPC protocol, described in detail below.

• TUFF - We can think of a software update system as “secure” if:

Clearnet & Anonymous Networking / Anonymity

• i2p-Whonix - Temporary way to run i2p on Qubes-Whonix.

Exploitation Tools / Xen Exploitation

• Advanced Exploitation - Xen Hypervisor VM Escape

• Hypervisor Vulnerability Research [PDF] - State of the Art

Exploitation Tools / Web articles

• Glitches in the Matrix - Escape via NMI

Jan 23 - Jan 29, 2023

Exploitation Tools / Unikernel-like

• Lldb - LLDB is a next generation, high-performance debugger.

Jan 16 - Jan 22, 2023

Training and Materials / Extra Info

• The Book of Secret Knowledge (⭐148k) - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools, and more.

Jan 16 - Jan 22, 2023

Templates

• USB Qubes - A USB qube acts as a secure handler for potentially malicious USB devices, preventing them from coming into contact with dom0 (which could otherwise be fatal to the security of the whole system). I

VM-Hardening

• Anti Evil Maid (AEM) - A user who frequently travels with a Qubes laptop holding sensitive data may be at a much higher risk of Evil Maid attacks than a home user with a stationary Qubes desktop.

• SaltStack (management software)

Customization

• Qubes-GUI-Rust (⭐7) - Rust libraries for the Qubes OS GUI Protocol

Exploitation Tools / Unikernel-like

• MemProcFS (⭐3.1k) - MemProcFS is an easy and convenient way of viewing physical memory as files in a virtual file system.
  • MemProcFS-Plugins (⭐55) - This repository contains various non-core plugins for MemProcFS - The Memory Process File System.

Training and Materials / Extra Info

• Anonymous Planet - The Hitchhiker’s Guide to Online Anonymity: the comprehensive guide for online anonymity and OpSec.
  • Anonymous Planet Onion - For those who wish to read over the anonymous Tor network.
  • Privacy-Security-Anonymity Matrix Space - The place to be for all topics regarding privacy, anonymity and other subjects. Rooms are click-to-join.

Qubes OS Legends / Extra Info

• Core Team - Qubes OS core team.

Jan 09 - Jan 15, 2023

Qubes OS Websites

• Qubes OS Development Documentation - Qubes OS development documentation.

• Qubes OS Documentation - Qubes OS main documentation.

• Qubes OS GitHub Documentation (⭐346) - Qubes OS GitHub latest documentation.

VM-Hardening

• Qcrypt (⭐16) -qcrypt is a multilayer encryption tool for Qubes OS.

• Passwordless root access in Qubes - In Qubes VMs there is no point in isolating the root account from the user account.

Customization

• Brightness-Ajustment - Easy brightness adjustment

• Custom icons - Place the custom folder icons ~/.local/share/icons is a persistent place to place the custom folder icons and so is /usr/share/icons.

• Suckless dwm (⭐12) - How to install dwm in Qubes OS.

GPU

• GUI-configuration - Adjust your GUI configuration to meet your display needs.

• GUI-domain - On this page, we describe how to set up a GUI domain.

• GUI-troubleshooting - Learn to troubleshoot your GUI configuration.

• GUI-virtualization - All AppVM X applications connect to local (running in AppVM) Xorg servers.

• How-to-use-pci-devices - This page is part of device handling in qubes.

• Install-nvidia-driver (⭐258) - Nvidia proprietary driver installation.

• Nvidia-troubleshooting (⭐258) - Nvidia Troubleshooting Guide

Clearnet & Anonymous Networking / OpenVPN

• Qubes-Tunnel (⭐22) - Manage, run, protect VPN connections in Proxy VMs.

Clearnet & Anonymous Networking / Tor

• Qubes OS Onion - Qubes OS onion address on the Tor network.

Clearnet & Anonymous Networking / Crypto

• Awesome-DeSci (⭐75) - A curated list of awesome Decentralized Science (DeSci) resources, projects, articles and more.

Kernels / Microkernels

• Qubes-linux-kernel (⭐87) - Qubes package for Linux kernel.

• seL4 - seL4 is a high-assurance, high-performance operating system microkernel.

Kernels / Unikernels

• Awesome-Unikernels (⭐43) - Secure, lightweight and high performance approach to application delivery.

• Qubes-Mirage-Firewall (⭐210) - A unikernel that can run as a Qubes OS ProxyVM, replacing sys-firewall.

Qubes OS Server / Unikernel-like

• Qubes-network-server (⭐107) - Turn your Qubes OS into a networking server.

• Qubes-remote-desktop (⭐8) - SystemD services for creating VNC server session in dom0 or any Qube.

Exploitation Tools / Unikernel-like

• Awesome-Fuzzing (⭐843) - A curated list of references to awesome Fuzzing for security testing. Additionally there is a collection of freely available academic papers, tools and so on.

• CodeQL - Discover vulnerabilities across a codebase with CodeQL.

• Joern (⭐2.1k) - Joern is a platform for analyzing source code, bytecode, and binary executables. It generates code property graphs (CPGs), a graph representation of code for cross-language code analysis.

• Libvmi - LibVMI is a C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine.

• Memflow (⭐773) - memflow is a library that enables introspection of various machines (hardware, virtual machines, memory dumps) in a generic fashion.

• Microlibvmi (⭐167) - A cross-platform unified Virtual Machine Introspection API library.

• Radare2 (⭐21k) - Libre Reversing Framework for Unix Geeks.

Optics and Extra Info / UX - User Experience

• UX Bessie - Qubes OS AppMenu Design Direction. Part of 2020/21 MOSS funded UX work.

Training and Materials / Extra Info

• Training-materials (⭐4) - A Collection of training materials for Qubes OS. -Qubes for Journalists (⭐18) - Existing guides and infrastructure for journalists insufficiently prepares them for digitally interacting with sources, working on sensitive stories while protecting sensitive materials offline and online, and traveling cross borders with personal and professional data.

• Qubes-diagrams (⭐15) - Qubes OS architecture diagrams.

• Qubes-artwork (⭐12) - This repository contains various artworks for Qubes OS.

• pwn.college - pwn.college is an education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion.

Social media / Extra Info

• Mastodon - Qubes OS Mastodon channel

• Reddit Qubes OS - General Qubes OS Reddit room.

• Reddit hacking_qubes_os - Reddit room dedicated to hacking Qubes OS

• Reddit hack_with_qubes_os - Reddit room dedicated to hacking with Qubes OS

• #xen channel on irc.oftc.net via traditional IRC clients.

• #qubes channel on irc.libera.chat via traditional IRC clients.

• #qubes-os channel on irc.anonops.com via traditional IRC clients.

Qubes OS Legends / Extra Info

• Ninavizz - Qubes OS UX Designer.

• Unman - Qubes OS contributor.
  • Templates - Unman custom templates.
  • Install Scripts (⭐18) - Unman install scripts
  • Notes (⭐37) - a good reference
  • Shaker (⭐18) - Shaker!

Jan 02 - Jan 08, 2023

System Information & Requirements

• Architecture - Qubes implements a security-by-compartmentalization approach.

• Audio virtualization - VMs on Qubes OS have access to virtualized audio through the PulseAudio module.

• Certified Hardware - We aim for these vendors to be as diverse as possible in terms of geography, cost, and availability.

• Community-recommended hardware - Community-recommended computers.

• Hardware compatibility list (HCL) - The HCL is a compilation of reports generated and submitted by users across various Qubes versions about their hardware’s compatibility with Qubes.

• System Requirements - User documentation / Choyhe attacker doesn’t have access to all the software running in the other domains.

• Security-critical code - A list of security-critical (i.e., trusted) code components in Qubes OS.

• Storage pools - Qubes OS implements a security-by-isolation (or security-by-compartmentalization) approach by providing the ability to easily create many security domains.

• Secondary storage - hese steps assume you have already created a separate volume group and thin pool (not thin volume) for your HDD.

• Networking - In Qubes, the standard Xen networking is used, based on backend driver in the driver domain and frontend drivers in VMs.

• Config files - These files are placed in /rw, which survives a VM restart. That way, they can be used to customize a single VM instead of all VMs based on the same template. The scripts here all run as root.

• Disposable customization - A disposable can be based on any app qube.

• How to install software in dom0 - How to install a specific package

• How to make any file persistent (bind-dirs) - With bind-dirs any arbitrary files or folders can be made persistent in app qubes.

• How to mount a Qubes partition from another OS - When a Qubes OS install is unbootable or booting it is otherwise undesirable, this process allows for the recovery of files stored within the system.

• Installing contributed packages - This page is for users who wish to install contributed packages.

• Managing qube kernels - By default, VMs kernels are provided by dom0.

• Qubes service - Usage documentation is in the qvm-service man page.

• RPC policies - This document explains the basics of RPC policies in Qubes.

• Resize disk image - By default Qubes uses thin volumes for the disk images.

• Standalones and HVMs - A standalone is a type of qube that is created by cloning a template. Unlike templates, however, standalones do not supply their root filesystems to other qubes.

• Volume backup and revert - With Qubes, it is possible to revert one of a VM’s storage volumes to a previous state using the automatic snapshot that is normally saved every time a VM is shutdown.

Downloading, Installing, Upgrading, and Building

• Building (⭐15) - This is the second generation of the Qubes OS builder.

• Installing - Qubes OS installation guide!

• Upgrading - These guides are for upgrading from one version of Qubes to another.

How-to guides

• How to back up, restore, and migrate - With Qubes, it’s easy and secure to back up and restore your whole system, as well as to migrate between two physical machines.

• How to copy and move files - This page is about copying and moving files.

• How to copy and paste text - This page is about copying and pasting plain text.

• How to copy from dom0 - This page covers copying files and clipboard text between dom0 and domUs.

• How to enter fullscreen mode - Normally, the Qubes GUI virtualization daemon restricts the VM from “owning” the full screen.

• How to install software - When you wish to install software in Qubes OS, you should generally install it in a template.

• How to update - This page is about updating your system while staying on the same supported version of Qubes OS.

• How to use PCI devices - Unlike other devices (USB, block, mic), PCI devices need to be attached on VM-bootup.

• How to use USB devices - Attaching USB devices to VMs requires a USB Qube.

• How to use block storage devices - This page is part of device handling in Qubes.

• How to use devices - This is an overview of device handling in Qubes OS.

• How to use disposables - A disposable is a lightweight Qube that can be created quickly and will self-destruct when closed.

• How to use optical discs - Passthrough reading and recording (a.k.a., “burning”) are not supported by Qubes OS.

Templates

• Debian templates - The Debian template is an officially supported template in Qubes OS.

• Fedora templates - The Fedora template is the default template in Qubes OS.

• Minimal templates - The minimal templates are lightweight versions of their standard template counterparts.

• Templates - In Getting Started, we covered the distinction in Qubes OS between where you install your software and where you run your software.

• Template implementation - Describes template implementation.

• Template manager - A template manager application.

• Xfce templates - If you would like to use Xfce (more lightweight compared to GNOME desktop environment) Linux distribution in your Qubes, you can install one of the available Xfce templates for Fedora, CentOS or Gentoo.

VM-Hardening

• Anonymizing your MAC Address (⭐258) - Although the MAC address is not the only metadata broadcast by network hardware, changing your hardware's default MAC Address could be an important step in protecting privacy.

• Data leaks - Firewalling in Qubes is not intended to be a leak-prevention mechanism.

• Device handling security - Any additional ability a VM gains is additional attack surface.

• Firewall - Every Qube in Qubes is connected to the network via a FirewallVM, which is used to enforce network-level policies.

• Reducing the fingerprint of the text-based web browser w3m (⭐258) - You can reduce the amount of information w3m gives about itself and the environment it is running in (and, by extension, you).

• Running Tails in Qubes (⭐258) - Tails stands for The Amnesic Incognito Live System.

• Split GPG - Split GPG implements a concept similar to having a smart card with your private GPG keys, except that the role of the “smart card” is played by another Qubes app Qube.

• Split dm-crypt (⭐23) - Instead of directly attaching an encrypted LUKS1 partition from a source VM such as sys-usb to a destination VM and decrypting it there.

• U2F proxy - The Qubes U2F Proxy is a secure proxy intended to make use of U2F two-factor authentication devices with web browsers without exposing the browser to the full USB stack, not unlike the USB keyboard and mouse proxies implemented in Qubes.

• Using Multi-Factor Authentication with Qubes (⭐258) - This page concerns multi-factor authentication for logging into external services, not for logging into Qubes itself.

• Using OnlyKey with Qubes OS - The following setup instructions walk through the process of configuring dom0 and a USB qube so that OnlyKey will function as a keyboard and be able to communicate with the OnlyKey app (required for TOTP).

• Qrexec: secure communication across domains - The qrexec framework is used by core Qubes components to implement communication between domains.

• Qrexec: socket-based services - The qrexec allows implementing services not only as executable files, but also as Unix sockets.

• Qubes memory manager (qmemman) - Provides automatic balancing of memory across participating PV and HVM domains, based on their memory demand

• YubiKey - Most use cases for the YubiKey can be achieved exactly as described by the manufacturer or other instructions found online.

Customization

• AwesomeWM (window manager) - This is an rpm package for awesomewm with the patches for Qubes.

• i3 (window manager) - i3 is part of the stable repository (as of Qubes R3.1) and can be installed by using the dom0 update mechanism.

• KDE (desktop environment) - KDE was the default desktop environment in Qubes

Clearnet & Anonymous Networking / Anonymity

• ipfs (⭐23k) - A peer-to-peer hypermedia protocol to make the web faster, safer, and more open.

Clearnet & Anonymous Networking / Crypto

• Split Bitcoin Wallet (⭐258) - A "split" bitcoin wallet is a strategy of protecting your bitcoin by having your wallet split into an offline "cold storage" wallet and an online "watching only" wallet.

Kernels / Crypto

• eBPF - eBPF is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in an operating system kernel.

Kernels / Microkernels

• OpenXT - OpenXT is an open-source development toolkit for hardware-assisted security research and appliance integration.

Kernels / Unikernels

• ClickOS - Efficient network function virtualization platform, optimized for Xen and developed by NEC.

• Clive - Research project from Rey Juan Carlos University (Madrid), developed in Go.

• HaLVM - Port of Glasgow Haskell compiler producing Xen optimized unikernels.

• Mini-OS - Reference kernel distributed with Xen.

Kernels / Unikernel-like

• Drawbridge - Research prototype platform from Microsoft.

• Graphene (⭐769) - Library OS optimized for Intel SGX.

Qubes OS Server / Unikernel-like

• Admin API - The goals of the Admin API system is to provide a way for the user to manage the domains without direct access to dom0.

• Qubes core admin client - Qubes core admin client’s documentation!

• Qubes core admin - Qubes core-admin’s documentation!

• Qubes core stack - Introducing the Next Generation Qubes Core Stack.

Exploitation Tools / Unikernel-like

• Bonzai (⭐190) - It's like a modular, multicall BusyBox builder for Go with built in completion and embedded documentation support.

• LeechCore (⭐519) - The LeechCore Memory Acquisition Library focuses on Physical Memory Acquisition using various hardware and software based methods.
  • LeechCore-Plugins (⭐32) - This repository contains various plugins for LeechCore - Physical Memory Acquisition Library.

• Volatility3 (⭐2.7k) - Volatility is the world's most widely used framework for extracting digital artifacts from volatile memory (RAM) samples.

Exploitation Tools / Xen Exploitation

• Software Attacks on Hypervisor Emulation of Hardware - [PDF Slides]

• The Arms Race Over Virtualization - [PDF Slides]

Companies using Qubes OS / Extra Info

• Qubes Partners - The Qubes Project relies greatly on the generous support of the organizations, companies, and individuals who have become Qubes Partners.

Social media / Extra Info

• ClubHouse - Qubes OS Clubhouse Room

Qubes OS Legends / Extra Info

• Joanna Rutkowska - Founder of Qubes OS.
  • Blog - Personal Blog.
  • Subverting the Xen Hypervisor [PDF] - Xen 0wning Trilogy Part One
  • Preventing and Detecting Xen Hypervisor Subversions [PDF] - Xen 0wning Trilogy Part Two
  • Bluepilling the Xen Hypervisor [PDF] - Xen 0wning Trilogy Part Three

• Marek Marczykowski-Górecki - Lead developer at Qubes OS.

Releases / Extra Info

• Release notes - Developer documentation Notes

• Release schedules - Developer Release Schedules

• Supported releases - This page details the level and period of support for releases of operating systems in the Qubes ecosystem.

• Testing new releases and updates - Testing new Qubes OS releases and updates is one of the most helpful ways in which you can contribute to the Qubes OS Project.

Dec 26 - Jan 01, 2022

VM-Hardening

• Kicksecure - The following list of actionable items can help to improve security on the Qubes platform, and by extension Kicksecure ™ for Qubes users.

• Qubes-VM-hardening (⭐74) - Leverage Qubes template non-persistence to fend off malware at VM startup: Lock-down, quarantine and check contents of /rw private storage that affect the execution environment.

Clearnet & Anonymous Networking / Anonymity

• Whonix - Qubes-Whonix ™ is the seamless combination of Qubes OS and Whonix™ for advanced security and anonymity.

Social media / Extra Info

• Matrix Discord Bridge - Qubes OS Discord General Room Bridge

Aug 30 - Sep 05, 2021

Qubes OS Server / Unikernel-like

• Ansible - Automation with Ansible.

Social media / Extra Info

• Forum - Qubes OS Discorse Forum

Aug 16 - Aug 22, 2021

Qubes OS Websites

• Qubes OS - Qubes OS is an operating system built out of securely-isolated compartments called Qubes.

• Qubes OS News - Latest Qubes OS News.

Optics and Extra Info / Extra Info

• 3mdeb - We’re hands-on firmware experts with years of experience writing elegant, scalable and custom code for clients.

Social media / Extra Info

• Discord - Qubes OS discord invite link

• Facebook - Qubes OS facebook page

• LinkedIn - Qubes OS linkedin account

• Matrix:Qubes OS - General Qubes OS matrix room

• Twitter - Qubes OS Twitter account