Cybergenic Shade-sandbox tool

Discussion in 'sandboxing & virtualization' started by co22, Oct 4, 2015.

  1. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,341
    Location:
    The etherlands
    How do you get a key? Send them an email?
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,088
    They were quick. Already have it.
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,228
    Bad news for testers, but good new for SBIE users. 35-40% of malware stops just by detecting sandbox app. :thumb:
     
  4. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,908
    Location:
    Europe then Asia
    but malware may wait until the users let them escape, because the keygen show no threats when isolated so the average user think it was safe...
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,228
    Yes, but if doesn't perform anything visible, user might think it doesn't work and wouldn't run it unsandboxed at all.
     
  6. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    4,294
    Location:
    Nicaragua
    My thoughts as well :). I think probably a lot more than 40% of malware detects its been run sandboxed.

    Bo
     
  7. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    4,294
    Location:
    Nicaragua
    Using Sandboxie for telling if a program is clean or not is wrong. Sandboxie should not be used that way. No ifs.

    Bo
     
  8. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,803
    Location:
    Mexico
    Bad news? I think tester/malware testers/pentesters/betatesters and testers of all kinds should work on real machines, dedicated for such.
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,228
    I agree, but sometimes it's more convenient to just run it inside sandbox or virtual machine.
    Some malware also uses other indicators to detect non standard environment and could detect real machine dedicated for testing also (lack of personal files, installed tools that researcher uses...).
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,088
    Back on topic which is the shade Sandbox. Not Bad.

    It's not quite as polished as SBIE, but it protected the system against all the malware I threw at it. Couple of short comings. Biggest was It wouldn't take script files. That's huge. Also had no easy process kill
     
  11. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,908
    Location:
    Europe then Asia
    You right, but unfortunately many does...
    Exactly.
    yes when i tested it , it was decent, i think it is more a "sandbox for beginners" , made to be used "out-of-the-box" and it does its job quite well.
     
  12. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,184
    Location:
    Paris
    The percentage of environmental aware malware is a great deal less than 40%! Also the primary techniques used are not product specific at all, so the probability of malware not running in Shade will be as high as malware not running in SBIE, but would instead be dependent on the the "fingerprints" that VirtualBox or VMware leaves. And as to testers not running things in a VM- the virtual environment awareness of malware doesn't make the malware itself something brand new- the payload will be the same as malware without this function, so it is just a matter of finding and running the same stuff without VM awareness, and that is up to the experience of the tester.

    Finally, recent malware seem to be using a lag time feature- they may not activate for a few minutes or a few hours whether it is in a VM or not. So does that mean that running it in an actual production system is also invalid because it does not infect immediately?
     
  13. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,341
    Location:
    The etherlands
    The dev does lurk here so maybe he'll pick up on your comments.
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,088
    Well I had a reason to be enthused, so I installed on my host machine this morning, made the appropriate exclusions for other software, and had a whirl. Never got Opera to do anything but basically do a freeze on the machine. Guess I wait until the next release. WHen I tested in the VM i had all other software disabled.
     
  15. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,341
    Location:
    The etherlands
    Can one install Shade alongside Sandboxie to test? Or should one uninstall Sandboxie?
     
  16. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,731
    I don't think that you have to deinstall Sandboxie :cautious:
     
  17. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    723
    Found Shade very disappointing. Compared with Sandboxie browsers took a fair while to load. Also on shutting down Opera it consistently failed to unload its process so that it was not possible to clear the sandbox. I had to use the task manager to shut down Opera. Then clear the sandbox. Two out of three browsers found problems running in Shade.

    Also lots of notices appeared in the system tray with long gibberish file names asking one to click on the notice to transfer the files from the virtual folder to the real folder! And this is for beginners??

    Terry
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,607
    Location:
    The Netherlands
    Thanks for the heads up, it's clearly not as user friendly as SBIE, and needs some work.
     
  19. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,731
    An updated v1.6 is available (digital signature: 2017-04-06)
    http://www.shadesandbox.com/thankyou
     
  20. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    117
    Location:
    France
    I didn't receive any code from Shade via email and its been a few days but it did seem to work with Firefox but didn't work with Tor - I got an error message instead, something to do with the torrc file.
    Should I still try to contact Shade and source the password or code or whatever they call it?

    Does Shade remember saved bookmarks in Firefox?
    What happens when I want to download an mp3 under Firefox Shade? Is there a recovery like in SBIE?
     
    Last edited: Apr 29, 2017
  21. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    381
    Location:
    Italy
  22. Chattanooga Runner

    Chattanooga Runner Registered Member

    Joined:
    May 19, 2017
    Posts:
    1
    Location:
    Tennessee
    Has anyone figured how to print from Firefox in Cybergenic Shade? I can get Print Preview, but I can't get anything to print to a printer or to pdf. Is there a solution?
     
  23. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    117
    Location:
    France
    What actions taken by users allows the escape?
     
  24. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    117
    Location:
    France
    I right-clicked on firefox icon and tried:
    Open in default sandbox
    Put into Shade

    Nothing happened. Any clues? I received the license key.
     
  25. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,731
    The user downloads an application and is executing it in the sandbox. No sign of malicious activity can be seen (because the malicious activity is delayed) and the user thinks it is safe.
    Because it "seems to be safe", the user is executing it outside of the sandbox, and after some time the malicious activity is performed.
     
Loading...