Wubes is like Qubes but for Windows.

Related tags

DevOps ToolsWubes
Overview

Wubes

Wubes is like Qubes but for Windows. The idea is to leverage the Windows Sandbox technology to spawn applications in isolation.

We currently support spawning a Windows Sandbox for the following applications:

  • Firefox

Other applications could easily be added.

Architecture

The repository contains the following hierarchy of files and folders:

.
├── sandboxes                       // Contains folders shared between the sandboxes and the host
│   ├── Firefox                         // Folder shared between the host and the Firefox sandbox
│   │   ├── abcdefgh.default-release        // Firefox profile copied from the host
│   │   ├── backups                         // Contains a backup of all previous Firefox profiles
│   │   ├── install.bat                     // Install script automatically executed when the Windows Sandbox starts (see below)
│   │   └── save.bat                        // Script to manually execute to save modified Firefox profile onto the host for next Windows Sandbox run
│   └── Firefox.wsb                     // Windows Sandbox profile for Firefox. Double-click to open the sandbox
└── shared
    └── Tools
        └── procexp64.exe

Prerequisites

You need to have Windows 10 Pro or Enterprise and follow the quick start from here.

Usage

Each application has a Windows Sandbox profile (e.g. Firefox.wsb) that defines the host folder where wubes files are (you need to modify it to match your environment), as well as paths inside the Sandbox that will always be the same (no need to modify them).

<Configuration>
<vGPU>EnablevGPU>
<Networking>DefaultNetworking>
<MappedFolders>
   <MappedFolder>
     <HostFolder>C:\path\to\wubes\sandboxes\FirefoxHostFolder>
     <ReadOnly>falseReadOnly>
   MappedFolder>
MappedFolders>
<LogonCommand>
   <Command>C:\users\WDAGUtilityAccount\Desktop\Firefox\install.batCommand>
LogonCommand>
Configuration>

When we open the Windows Sandbox Profile (e.g. Firefox.wsb), it will automatically call the install.bat script to download Firefox, run Firefox once to create an empty profile, then replace the profile with the one from the shared folder and re-run Firefox. For this to work, you first need to copy the Firefox profile you used on your host (e.g. %APPDATA%\Mozilla\Firefox\Profiles\d63zctv5.default-release) into wubes\sandboxes\Firefox\abcdefgh.default-release. We use hardcoded abcdefgh so you don't have to modify internal helper scripts.

You can see the Bookmark toolbar contains all my bookmarks and it re-opened an old tab.

Once we are done browsing the Internet, we can execute the C:\Users\WDAGUtilityAccount\Desktop\Firefox\save.bat file from inside the sandbox. That will backup our Firefox profile onto the host. We can then close the Windows Sandbox window.

Tricks

Firefox sandbox

You can define your Downloads folder to be C:\users\WDAGUtilityAccount\Desktop\Firefox\Downloads so you download files directly on your host.

References

Owner
NCC Group Plc
Please report all security issues to security at nccgroup dot com
NCC Group Plc
GitHub Repository https://research.nccgroup.com/2021/03/03/wubes-leveraging-the-windows-10-sandbox-for-arbitrary-processes/
Daemon to ban hosts that cause multiple authentication errors

__ _ _ ___ _ / _|__ _(_) |_ ) |__ __ _ _ _ | _/ _` | | |/ /| '_ \/ _` | ' \

Fail2Ban 7.8k Jan 09, 2023
Visual disk-usage analyser for docker images

whaler What? A command-line tool for visually investigating the disk usage of docker images Why? Large images are slow to move and expensive to store.

Treebeard Technologies 194 Sep 01, 2022
The low-level, core functionality of boto 3.

botocore A low-level interface to a growing number of Amazon Web Services. The botocore package is the foundation for the AWS CLI as well as boto3. On

the boto project 1.2k Jan 03, 2023
MagTape is a Policy-as-Code tool for Kubernetes that allows for evaluating Kubernetes resources against a set of defined policies to inform and enforce best practice configurations.

MagTape is a Policy-as-Code tool for Kubernetes that allows for evaluating Kubernetes resources against a set of defined policies to inform and enforce best practice configurations. MagTape includes

T-Mobile 143 Dec 27, 2022
A tool to convert AWS EC2 instances back and forth between On-Demand and Spot billing models.

ec2-spot-converter This tool converts existing AWS EC2 instances back and forth between On-Demand and 'persistent' Spot billing models while preservin

jcjorel 152 Dec 29, 2022
A little script and trick to make your heroku app run forever without being concerned about dyno hours.

A little script and trick to make your heroku app run forever without being concerned about dyno hours.

Tiararose Biezetta 152 Dec 25, 2022
MLops tools review for execution on multiple cluster types: slurm, kubernetes, dask...

MLops tools review focused on execution using multiple cluster types: slurm, kubernetes, dask...

4 Nov 30, 2022
Ganeti is a virtual machine cluster management tool built on top of existing virtualization technologies such as Xen or KVM and other open source software.

Ganeti 3.0 =========== For installation instructions, read the INSTALL and the doc/install.rst files. For a brief introduction, read the ganeti(7) m

395 Jan 04, 2023
A repository containing a short tutorial for Docker (with Python).

Docker Tutorial for IFT 6758 Lab In this repository, we examine the advtanges of virtualization, what Docker is and how we can deploy simple programs

Arka Mukherjee 0 Dec 14, 2021
Create pinned requirements.txt inside a Docker image using pip-tools

Pin your Python dependencies! pin-requirements.py is a script that lets you pin your Python dependencies inside a Docker container. Pinning your depen

4 Aug 18, 2022
A job launching library for docker, EC2, GCP, etc.

doodad A library for packaging dependencies and launching scripts (with a focus on python) on different platforms using Docker. Currently supported pl

Justin Fu 55 Aug 27, 2022
CI repo for building Skia as a shared library

Automated Skia builds This repo is dedicated to building Skia binaries for use in Skija. Prebuilt binaries Prebuilt binaries can be found in releases.

Humble UI 20 Jan 06, 2023
Helperpod - A CLI tool to run a Kubernetes utility pod with pre-installed tools that can be used for debugging/testing purposes inside a Kubernetes cluster

Helperpod is a CLI tool to run a Kubernetes utility pod with pre-installed tools that can be used for debugging/testing purposes inside a Kubernetes cluster.

Atakan Tatlı 2 Feb 05, 2022
Oracle Cloud Infrastructure Object Storage fsspec implementation

Oracle Cloud Infrastructure Object Storage fsspec implementation The Oracle Cloud Infrastructure Object Storage service is an internet-scale, high-per

Oracle 9 Dec 18, 2022
The leading native Python SSHv2 protocol library.

Paramiko Paramiko: Python SSH module Copyright: Copyright (c) 2009 Robey Pointer 8.1k Jan 04, 2023

Honcho: a python clone of Foreman. For managing Procfile-based applications.

___ ___ ___ ___ ___ ___ /\__\ /\ \ /\__\ /\ \ /\__\ /\

Nick Stenning 1.5k Jan 03, 2023
A Habitica Integration with Github Workflows.

Habitica-Workflow A Habitica Integration with Github Workflows. How To Use? Fork (and Star) this repository. Set environment variable in Settings - S

Priate 2 Dec 20, 2021
Google Kubernetes Engine (GKE) with a Snyk Kubernetes controller installed/configured for Snyk App

Google Kubernetes Engine (GKE) with a Snyk Kubernetes controller installed/configured for Snyk App This example provisions a Google Kubernetes Engine

Pas Apicella 2 Feb 09, 2022
Run Oracle on Kubernetes with El Carro

El Carro is a new project that offers a way to run Oracle databases in Kubernetes as a portable, open source, community driven, no vendor lock-in container orchestration system. El Carro provides a p

Google Cloud Platform 205 Dec 30, 2022
Bash-based Python-venv convenience wrapper

venvrc Bash-based Python-venv convenience wrapper. Demo Install Copy venvrc file to ~/.venvrc, and add the following line to your ~/.bashrc file: # so

1 Dec 29, 2022