Requirements
1. A cheap dogshit USB (to install the OS)
2. A SSD USB with good read/write speeds (for your host OS)
3. A laptop/computer with 16GB RAM (Recommended as we will be running 2 Virtual Machines)
4. A Hard Drive (Not a solid state drive)
Instructions
1. Go to https://www.kicksecure.com/wiki/USB_Installation#ISO_LIVE_Mode and download the ISO file. Use Rufus to make a bootable USB stick on the dogshit $10 USB. Then shutdown your PC.
2. Plug the USB in, boot your PC and press the F-key needed to load the boot menu. The F-key needed is different based on manufacters. For example: it's F12 on ASUS and F2 on Dell.
Also make sure virtualization support and USB boot is enabled in your BIOS. Disable Secure Boot.
3. In your boot menu, select the option for the bootable USB. Should say something like "Kicksecure" or it will be the name of your USB.
4. Plug your fast SSD USB into your PC and Follow the instructions on https://www.kicksecure.com/wiki/ISO#Download.2C_Create_Live_USB to create a bootable Kicksecure OS on new USB. Set an encrypted password of at least 20 characters when requested.
Once completed, shut down your PC.
5. This is really finicky and buggy. But I found the following procedure to work to prevent broken boots. Plug BOTH your dogshit USB and your fast SSD Stick.
Boot your PC and go to the boot menu as before. You will see a bunch of boot options like "Kicksecure".
NOW UNPLUG YOUR DOGSHIT USB.
Using your arrow keys, select the Kicksecure option and press ENTER to boot into your Kicksecure OS.
Once again, using your arrow keys, select the PERSISTANT MODE | SYSMAINT boot option.
6. Connect to your internet and Install Updates and wait for it to complete.
Then click Purge Unused Packages. You may have to open terminal and type "sudo apt autoremove" - this will remove old packages you don't need.
7. IMPORTANT to fix a bug:
Click Open Terminal. And type "sudo cp /boot/efi/EFI/Kicksecure/grub.cfg /boot/efi/EFI/boot/grub.cfg"
This fixes a boot issue in the OS.
8. Shutdown and boot back into Kicksecure. You can discard the dogshit USB. Boot into "PERSISTANT MODE | Kicksecure" (should be the first one)
RECOMMENDED: Boot into SYSMAINT and choose the option to remove SYSMAINT. It's alot of hassle dealing with sudo permissions imo. Sometimes it's useful to bypass it. We'll be doing all internet related activities inside a Virtual Machine anyway. Kicksecure serves as a secure operating system that does not spy on you and is hardened against attackers. Run systemcheck program and set user passwords.
9. Download mullvad vpn and mullvad browser. This will be for plausible deniability when you're being TORTURED.
Open terminal (Black square icon on top left or press CTRL + ALT + T) and follow the instructions in downloading Mullvad VPN. https://mullvad.net/en/download/vpn/linux
Then install mullvad browser by typing in "apt install mullvad-browser -y"
10. Now time to install Virtual Machines. We will KVM instead of VirtualBox, since it is open-source and lightweight.
We will use seperate Virtual Machines based on our usage.
1. One Windows VM - for unsafe usage. We're ok exposing our identity and data during this usage.
2. One Kicksecure VM - for private usage. This is for applications to send private messages through. Anonymity isn't the main priority here. So E2E encrypted messages, emails etc.
3. One Whonix VM - for anonymous usage. This is for complete anonymity. Whonix forces all connections through TOR, making DNS leaks impossible.
Open terminal and type
Then edit the file /etc/libvirt/libvirtd.conf and replace the part to 'unix_sock_group="libvirt" ' and ' unix_sock_rw_perms="0770" '
Then edit /etc/libvirt/qemu.conf and replace ' group="libvirt" ' and ' user="user" '
In terminal type:
11. Now install the VMs you need. I recommend installing Whonix and following their KVM instructions https://www.whonix.org/wiki/KVM in setting up correctly.
12. Keep a clean Whonix qcow2 files as backup and clone the VM using those .qcow2 files. I can't be asked explaining everything on setting up Whonix on KVM. But it's worth putting a few hours reading the Whonix Documentation. I guarentee you will learn alot. Also if you've made it this far then you're capable off getting Whonix on KVM working.
13. It's recommended to store your Whonix VM files in an encrypted hard drive for plausible deniability reasons. You don't want your torturer knowing you are a TOR user. So go to https://veracrypt.io/en/Downloads.html and download the veracrypt-1.26.24-Debian-12-amd64.deb file.
14. Open terminal and cd into the file location that it was downloaded on and run "sudo dpkg -i veracrypt-1.<TAB>" By <TAB> I mean press TAB on your keyboard to load the entire filename. Then run "sudo apt install --fix-broken" and once more run "sudo dpkg -i veracrypt-1.<TAB>"
15. Plug your hard drive in and setup a encrypted Hidden Volume using veracrypt for full-disk encryption. There should be one partition on the hard drive and select this to encrypt with veracrypt.
MAKE SURE YOU SELECT THE EXTERNAL HARD DRIVE partition.
Select Hidden Volume and follow the instructions. Best option is the triple cascade encryption. Hidden volume password minimum 20 characters.
16. Store your virtual machines inside the encrypted drive. Moving forward, ALWAYS BOOT into Live Mode for Kicksecure, so it doesn't leave any traces off usage that might be useful for forensics. Only boot into Persistant Mode for updates.
17. Always use a no-log VPN like Mullvad, IVPN, Windscribe etc. Pay for these through TOR and using Monero.
This website is amazing in explaining the entire process and goes into more detail: https://blog.nowhere.moe/
1. A cheap dogshit USB (to install the OS)
2. A SSD USB with good read/write speeds (for your host OS)
3. A laptop/computer with 16GB RAM (Recommended as we will be running 2 Virtual Machines)
4. A Hard Drive (Not a solid state drive)
Instructions
1. Go to https://www.kicksecure.com/wiki/USB_Installation#ISO_LIVE_Mode and download the ISO file. Use Rufus to make a bootable USB stick on the dogshit $10 USB. Then shutdown your PC.
2. Plug the USB in, boot your PC and press the F-key needed to load the boot menu. The F-key needed is different based on manufacters. For example: it's F12 on ASUS and F2 on Dell.
Also make sure virtualization support and USB boot is enabled in your BIOS. Disable Secure Boot.
3. In your boot menu, select the option for the bootable USB. Should say something like "Kicksecure" or it will be the name of your USB.
4. Plug your fast SSD USB into your PC and Follow the instructions on https://www.kicksecure.com/wiki/ISO#Download.2C_Create_Live_USB to create a bootable Kicksecure OS on new USB. Set an encrypted password of at least 20 characters when requested.
Once completed, shut down your PC.
5. This is really finicky and buggy. But I found the following procedure to work to prevent broken boots. Plug BOTH your dogshit USB and your fast SSD Stick.
Boot your PC and go to the boot menu as before. You will see a bunch of boot options like "Kicksecure".
NOW UNPLUG YOUR DOGSHIT USB.
Using your arrow keys, select the Kicksecure option and press ENTER to boot into your Kicksecure OS.
Once again, using your arrow keys, select the PERSISTANT MODE | SYSMAINT boot option.
6. Connect to your internet and Install Updates and wait for it to complete.
Then click Purge Unused Packages. You may have to open terminal and type "sudo apt autoremove" - this will remove old packages you don't need.
7. IMPORTANT to fix a bug:
Click Open Terminal. And type "sudo cp /boot/efi/EFI/Kicksecure/grub.cfg /boot/efi/EFI/boot/grub.cfg"
This fixes a boot issue in the OS.
8. Shutdown and boot back into Kicksecure. You can discard the dogshit USB. Boot into "PERSISTANT MODE | Kicksecure" (should be the first one)
RECOMMENDED: Boot into SYSMAINT and choose the option to remove SYSMAINT. It's alot of hassle dealing with sudo permissions imo. Sometimes it's useful to bypass it. We'll be doing all internet related activities inside a Virtual Machine anyway. Kicksecure serves as a secure operating system that does not spy on you and is hardened against attackers. Run systemcheck program and set user passwords.
9. Download mullvad vpn and mullvad browser. This will be for plausible deniability when you're being TORTURED.
Open terminal (Black square icon on top left or press CTRL + ALT + T) and follow the instructions in downloading Mullvad VPN. https://mullvad.net/en/download/vpn/linux
Then install mullvad browser by typing in "apt install mullvad-browser -y"
10. Now time to install Virtual Machines. We will KVM instead of VirtualBox, since it is open-source and lightweight.
We will use seperate Virtual Machines based on our usage.
1. One Windows VM - for unsafe usage. We're ok exposing our identity and data during this usage.
2. One Kicksecure VM - for private usage. This is for applications to send private messages through. Anonymity isn't the main priority here. So E2E encrypted messages, emails etc.
3. One Whonix VM - for anonymous usage. This is for complete anonymity. Whonix forces all connections through TOR, making DNS leaks impossible.
Open terminal and type
Code:
sudo apt install libvirt0 virt-manager dnsmasq bridge-utils
sudo systemctl --now libvirtd
sudo usermod -a -G libvirt user
sudo usermod -a -G kvm userThen edit the file /etc/libvirt/libvirtd.conf and replace the part to 'unix_sock_group="libvirt" ' and ' unix_sock_rw_perms="0770" '
Then edit /etc/libvirt/qemu.conf and replace ' group="libvirt" ' and ' user="user" '
In terminal type:
Code:
systemctl restart libvirtd.service
cd /var/lib/libvirt/
mkdir dnsmasq
sudo chown user:libvirt -R dnsmasq11. Now install the VMs you need. I recommend installing Whonix and following their KVM instructions https://www.whonix.org/wiki/KVM in setting up correctly.
12. Keep a clean Whonix qcow2 files as backup and clone the VM using those .qcow2 files. I can't be asked explaining everything on setting up Whonix on KVM. But it's worth putting a few hours reading the Whonix Documentation. I guarentee you will learn alot. Also if you've made it this far then you're capable off getting Whonix on KVM working.
13. It's recommended to store your Whonix VM files in an encrypted hard drive for plausible deniability reasons. You don't want your torturer knowing you are a TOR user. So go to https://veracrypt.io/en/Downloads.html and download the veracrypt-1.26.24-Debian-12-amd64.deb file.
14. Open terminal and cd into the file location that it was downloaded on and run "sudo dpkg -i veracrypt-1.<TAB>" By <TAB> I mean press TAB on your keyboard to load the entire filename. Then run "sudo apt install --fix-broken" and once more run "sudo dpkg -i veracrypt-1.<TAB>"
15. Plug your hard drive in and setup a encrypted Hidden Volume using veracrypt for full-disk encryption. There should be one partition on the hard drive and select this to encrypt with veracrypt.
MAKE SURE YOU SELECT THE EXTERNAL HARD DRIVE partition.
Select Hidden Volume and follow the instructions. Best option is the triple cascade encryption. Hidden volume password minimum 20 characters.
16. Store your virtual machines inside the encrypted drive. Moving forward, ALWAYS BOOT into Live Mode for Kicksecure, so it doesn't leave any traces off usage that might be useful for forensics. Only boot into Persistant Mode for updates.
17. Always use a no-log VPN like Mullvad, IVPN, Windscribe etc. Pay for these through TOR and using Monero.
This website is amazing in explaining the entire process and goes into more detail: https://blog.nowhere.moe/
Last edited:
