Qubes OS as a Lab

Qubes is a desktop operating system that uses isolated Xen-based virtual machines to achieve security by compartmentalization. At an abstract level, the user experience is like having an endless set of comptuers in one interface that can only interact on very specific terms. The project's guiding principle is "distrust the infrastructure and be free". The community is very active and the documentation is very good, which is why this post is not about things that have already been written about Qubes.

After using Qubes as a daily driver for a long time, I decided to experiment with using it as a security research lab. Apparently this is not a common use, based on the limited discussion of it on forums or anywhere. This made me wonder if it was an obviously poor idea and I was missing something. But out-of-the box testing distributions like Kali, Parrot, and REMnux are essentially curated toolsets that do not necessarily provide security by default, at least at a level required for serious, risky threat environments.