(HD) Sandboxie Vs. Rootkit (Avast_Home_Free in action)
Loading...
Uploaded by NiGhtMarEs0nWax on Jan 1, 2009
Please leave a comment and rate the video :)
Running Windows XP SP2 in VirtualBox.
Sandboxie is such a great tool for general everyday use or for testing untrusted programs such as keygens or cracks, even for running your browser, which is probably the most vulnerable program you have running on your computer. It regularly has direct contact to the outside world when visiting websites, it runs executable code in client side scripts such as with JavaScript, making it exploitable by spyware and drive-by downloads. Poor programming or unforseen mistakes can also mean your browser can be exploited in different ways to that of JavaScript, running a browser sandboxed means any modifications made to your system through your broswer are actually made to dummy copies in the Sandbox, making for a neat and tidy recovery. I will post a video on drive-by downloads in action in the near future.
All credit to Avast, for identifying the threat, and many many others in the past. In this video I had realtime protection turned off, which filters all aspects of your internet connection, analysing all data being sent and received. It's probably the best Anti-virus you can get, even when comparing to the likes of Nod32 and its free.
Sandboxie: http://www.sandboxie.com
VirtualBox: http://www.virtualbox.org
Avast Home Free 4.8: http://www.avast.com/eng/avast_4_home.html
Unfortunately SandBoxie does not work on 64bit Vista or 64bit XP. The reason being because of preventative measures Microsoft introduced in a program called Patchguard. It routinely checksums your kernel to check for modification. It is also apparently not a hard program to get round, SandBoxie is. It's not only SandBoxie, but many other Security applications provided by the likes of Mcafee and Norton rely on Kernel modifications to work. Microsoft in the past have demonstrated how incapable they are at keeping your data safe. This is a clear demonstration of how real security works, Microsoft should take note of Tzuk's work, because they could learn a lot.
Link to this comment:
Uploader Comments (NiGhtMarEs0nWax)
All Comments (40)
-
Nice demonstration of the best anti spyware/malware application on the net.
-
@Remui Fire is dangerous for the clueless. It doesn't apply for those experienced who play with fire with fireproof suits in controlled labs.
In the physical world they are called chemists and pyrotechnicians. In the digital world they are called hackers.
-
@nextone1985 mason - exceeder. :)
-
song?
7:27Sandboxie Review Part 2by mrizos30,361 views
Featured Video
4 videos
YouTube Mix for Mason- 3:50Sandboxie 3.62 (32-Bit) Registered for free.Run...by dhs48340,462 views
- 2:13Sandboxie 3.60 for 64-Bit Windows.Registered fo...by dhs4833,662 views
- 9:21Diablo 2 - 1.13c - Multiple Windows using Sandb...by dascenti10,814 views
- 0:55Sandboxie 3.56 [Both 32 & 64 Bit] Multilingual ...by argiesb20115,112 views
- 5:26Sandboxie 3.58 (32-bit) Registered for free.Run...by dhs48311,802 views
- 2:25Sandboxie tutorialby D4rkst4r2354,700 views
- 8:58Elio Riso & Rafunk To Be Or Not To Beby NiGhtMarEs0nWax6,350 views
- 2:23AirRivals EP 3-2-5 with Sandboxie x64.wmvby gigabyte1285,937 views
- 4:24SandBoxie Vs Malware!by g2xskillz988 views
- 2:57Booting my infected Virtual PCby AZLAN2103964,520 views
- 6:59Tune Brothers - I See You Watching (Spoken Voca...by NiGhtMarEs0nWax16,670 views
- 2:56Sandboxie Howto and Installationby IvanVersluis2,634 views
- 9:23Void Reaver - The Gauntlet's First Kill, Nordra...by NiGhtMarEs0nWax2,989 views
- 6:12Jorgensen - I Dont Care (Original Mix)by NiGhtMarEs0nWax21,352 views
- 0:20Ground Slam - How To Avoidby NiGhtMarEs0nWax1,919 views
- 2:58Secure File Executing - Sandboxie [HD]by pokerfuzzi1,101 views
- 4:59Sandboxie - 100% Safe Surfingby cotojo125339,866 views
- 1:55How to Defeat a Rootkit Without Reinstalling Wi...by 1RadicalOne15,750 views
- 4:04Sandboxie Tutorial - Complete Download Offers S...by blacksheep6084,659 views
@NiGhtMarEs0nWax Semantics. An exploit is simply abusing bad programming, bad implementation or bad design. You don't need a specific exploit for Deep Freeze, if the user is running DF with an administrators account, you can install a Kernel Footnote bypassing the massive hooks.
quelorepario 1 year ago
@quelorepario that is true, but one would be exploiting stupidity or bad administration in that case; You would still need a more useful payload, such as shellcode, to install the rootkit, and a backdoor, to give it a purpose; A rootkit on its own is not enough to compromise a system. A kernel mode rootkit modifies kernel space only, once installed, and is of no use to bypass initial security measures.
NiGhtMarEs0nWax 1 year ago
Those who play with fire might get burned.
Do you know what kind of data that piece of malware sent out?
Remui 1 year ago
@Remui it was probably a bot client, but i didn't sniff it. it was running in a virtual machine anyway. feel free to enlighten me.
NiGhtMarEs0nWax 1 year ago
@NiGhtMarEs0nWax I know that DeepFreeze can be defeated with Kernel Rootkits, have you tried one in a sandboxie?
quelorepario 1 year ago
@quelorepario the one demonstrated in the video is a kernel mode rootkit; it uses a kernel module.( driver )
Rootkits on their own are useless, they posses no abilities to exploit or penetrate a system; That is the job for an exploit.
Exploits have circled in the wild for Sandboxie in the past, direct contact with such would leave your system compromised. Such a concept is not foreign to any software, including deep freeze.
Sandboxie software is obscure enough to be out of the limelight; mostly.
NiGhtMarEs0nWax 1 year ago