Wubes is like Qubes but for Windows.

Related tags

DevOps ToolsWubes
Overview

Wubes

Wubes is like Qubes but for Windows. The idea is to leverage the Windows Sandbox technology to spawn applications in isolation.

We currently support spawning a Windows Sandbox for the following applications:

  • Firefox

Other applications could easily be added.

Architecture

The repository contains the following hierarchy of files and folders:

.
├── sandboxes                       // Contains folders shared between the sandboxes and the host
│   ├── Firefox                         // Folder shared between the host and the Firefox sandbox
│   │   ├── abcdefgh.default-release        // Firefox profile copied from the host
│   │   ├── backups                         // Contains a backup of all previous Firefox profiles
│   │   ├── install.bat                     // Install script automatically executed when the Windows Sandbox starts (see below)
│   │   └── save.bat                        // Script to manually execute to save modified Firefox profile onto the host for next Windows Sandbox run
│   └── Firefox.wsb                     // Windows Sandbox profile for Firefox. Double-click to open the sandbox
└── shared
    └── Tools
        └── procexp64.exe

Prerequisites

You need to have Windows 10 Pro or Enterprise and follow the quick start from here.

Usage

Each application has a Windows Sandbox profile (e.g. Firefox.wsb) that defines the host folder where wubes files are (you need to modify it to match your environment), as well as paths inside the Sandbox that will always be the same (no need to modify them).

<Configuration>
<vGPU>EnablevGPU>
<Networking>DefaultNetworking>
<MappedFolders>
   <MappedFolder>
     <HostFolder>C:\path\to\wubes\sandboxes\FirefoxHostFolder>
     <ReadOnly>falseReadOnly>
   MappedFolder>
MappedFolders>
<LogonCommand>
   <Command>C:\users\WDAGUtilityAccount\Desktop\Firefox\install.batCommand>
LogonCommand>
Configuration>

When we open the Windows Sandbox Profile (e.g. Firefox.wsb), it will automatically call the install.bat script to download Firefox, run Firefox once to create an empty profile, then replace the profile with the one from the shared folder and re-run Firefox. For this to work, you first need to copy the Firefox profile you used on your host (e.g. %APPDATA%\Mozilla\Firefox\Profiles\d63zctv5.default-release) into wubes\sandboxes\Firefox\abcdefgh.default-release. We use hardcoded abcdefgh so you don't have to modify internal helper scripts.

You can see the Bookmark toolbar contains all my bookmarks and it re-opened an old tab.

Once we are done browsing the Internet, we can execute the C:\Users\WDAGUtilityAccount\Desktop\Firefox\save.bat file from inside the sandbox. That will backup our Firefox profile onto the host. We can then close the Windows Sandbox window.

Tricks

Firefox sandbox

You can define your Downloads folder to be C:\users\WDAGUtilityAccount\Desktop\Firefox\Downloads so you download files directly on your host.

References

Owner
NCC Group Plc
Please report all security issues to security at nccgroup dot com
NCC Group Plc
GitHub Repository https://research.nccgroup.com/2021/03/03/wubes-leveraging-the-windows-10-sandbox-for-arbitrary-processes/
A lobby boy will create a VPS server when you need one, and destroy it after using it.

Lobbyboy What is a lobby boy? A lobby boy is completely invisible, yet always in sight. A lobby boy remembers what people hate. A lobby boy anticipate

226 Dec 29, 2022
Run Oracle on Kubernetes with El Carro

El Carro is a new project that offers a way to run Oracle databases in Kubernetes as a portable, open source, community driven, no vendor lock-in container orchestration system. El Carro provides a p

Google Cloud Platform 205 Dec 30, 2022
Ansible Collection: A collection of Ansible Modules and Lookup Plugins (MLP) from Linuxfabrik.

ansible_mlp An Ansible collection of Ansible Modules and Lookup Plugins (MLP) from Linuxfabrik. Ansible Bitwarden Item Lookup Plugin Returns a passwor

Linuxfabrik 2 Feb 07, 2022
Chef-like functionality for Fabric

/ / ___ ___ ___ ___ | | )| |___ | | )|___) |__ |__/ | __/ | | / |__ -- Chef-like functionality for Fabric About Fabric i

Sébastien Pierre 1.3k Dec 21, 2022
Pulumi - Developer-First Infrastructure as Code. Your Cloud, Your Language, Your Way 🚀

Pulumi's Infrastructure as Code SDK is the easiest way to create and deploy cloud software that use containers, serverless functions, hosted services,

Pulumi 14.7k Jan 08, 2023
Iris is a highly configurable and flexible service for paging and messaging.

Iris Iris core, API, UI and sender service. For third-party integration support, see iris-relay, a stateless proxy designed to sit at the edge of a pr

LinkedIn 715 Dec 28, 2022
Nagios status monitor for your desktop.

Nagstamon Nagstamon is a status monitor for the desktop. It connects to multiple Nagios, Icinga, Opsview, Centreon, Op5 Monitor/Ninja, Checkmk Multisi

Henri Wahl 361 Jan 05, 2023
IP address management (IPAM) and data center infrastructure management (DCIM) tool.

NetBox is an IP address management (IPAM) and data center infrastructure management (DCIM) tool. Initially conceived by the network engineering team a

NetBox Community 11.8k Jan 07, 2023
CI repo for building Skia as a shared library

Automated Skia builds This repo is dedicated to building Skia binaries for use in Skija. Prebuilt binaries Prebuilt binaries can be found in releases.

Humble UI 20 Jan 06, 2023
A simple python application for running a CI pipeline locally This app currently supports GitLab CI scripts

🏃 Simple Local CI Runner 🏃 A simple python application for running a CI pipeline locally This app currently supports GitLab CI scripts ⚙️ Setup Inst

Tom Stowe 0 Jan 11, 2022
Django-Kubernetes - Learn how to deploy a docker-based Django application into a Kubernetes cluster into production on DigitalOcean

Django & Kubernetes Learn how to deploy a production-ready Django application in

Coding For Entrepreneurs 100 Jan 01, 2023
Docker Container wallstreetbets-sentiment-analysis

Docker Container wallstreetbets-sentiment-analysis A docker container using restful endpoints exposed on port 5000 "/analyze" to gather sentiment anal

145 Nov 22, 2022
Lima is an alternative to using Docker Desktop on your Mac.

lima-xbar-plugin Table of Contents Description Installation Dependencies Lima is an alternative to using Docker Desktop on your Mac. Description This

Joe Block 68 Dec 22, 2022
HXVM - Check Host compatibility with the Virtual Machines

HXVM - Check Host compatibility with the Virtual Machines. Features | Installation | Usage Features Takes input from user to compare how many VMs they

Aman Srivastava 4 Oct 15, 2022
DataOps framework for Machine Learning projects.

Noronha DataOps Noronha is a Python framework designed to help you orchestrate and manage ML projects life-cycle. It hosts Machine Learning models ins

52 Oct 30, 2022
HB Case Study

HB Case Study Envoy Proxy It is a modern Layer7(App) and Layer3(TCP) proxy Incredibly modernized version of reverse proxies like NGINX, HAProxy It is

Ilker Ispir 1 Oct 22, 2021
A repository containing a short tutorial for Docker (with Python).

Docker Tutorial for IFT 6758 Lab In this repository, we examine the advtanges of virtualization, what Docker is and how we can deploy simple programs

Arka Mukherjee 0 Dec 14, 2021
MicroK8s is a small, fast, single-package Kubernetes for developers, IoT and edge.

MicroK8s The smallest, fastest Kubernetes Single-package fully conformant lightweight Kubernetes that works on 42 flavours of Linux. Perfect for: Deve

Ubuntu 7.1k Jan 08, 2023
🎡 Build Python wheels for all the platforms on CI with minimal configuration.

cibuildwheel Documentation Python wheels are great. Building them across Mac, Linux, Windows, on multiple versions of Python, is not. cibuildwheel is

Python Packaging Authority 1.3k Jan 02, 2023
Cross-platform lib for process and system monitoring in Python

Home Install Documentation Download Forum Blog Funding What's new Summary psutil (process and system utilities) is a cross-platform library for retrie

Giampaolo Rodola 9k Jan 02, 2023