Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, April 16, 2019 1:25 PM
Hello
We would like to host malware samples on virtual machines for edutional purposes.
We give training in malware analysis and reverse engineering and are looking for a good, scalable, reliable solution like Azure.
Are we allowed to intentionally host malware on any of the virtual machine services on Azure?
Kind regards
All replies (5)
Tuesday, April 16, 2019 5:09 PM
Yes you can do that. One thing to note is that many forms of malware will break RDP connections. So if you need to reverse engineer something it might be difficult to actually get into the VM depending on the malware.
So I would think that hosting these environments in a Hyper-V on prem environment might be more beneficial or easier to work with but nothing is stopping you from deploying what you like in the VM.
Tuesday, April 16, 2019 9:50 PM
Hi
Thanks a lot. I don't have a preference for a VM. I haven't done a lot of experimentation with SaaS-solutions for malware environments. I appreciate that you recommend the Hyper-V.
Would you be able to add why you would recommend it, and perhaps any other recommendations that you might have?
Kind regards
Adam
Tuesday, April 16, 2019 10:37 PM
If you are looking to setup something for malware in Azure you will want to stick with IaaS solution. (Infrastructure as a service) this is because the environment is managed by you and we don't take care of any of the Guest OS level security. For SaaS and PaaS the platform handles the security so deploying anything with malware would be quickly removed or resolved.
So if you are looking to try this environment in Azure, the using VMs would be the place to test it. The upside of using Azure would be that if you need to delete the VM or the environment you can easily do that and deploy a fresh one. The ability to isolate VMs from one another or allow them to communicate would also be good for testing how things spread but with the ability to limit traffic to a single Vnet you could actually contain any tests.
If you are looking to use something outside of Azure such as an on prem solution, then Hyper-V or VMware would likely suit your needs. The plus side of using an on premise environment would ensure you have console access to the VM at all times. If you were to do something inside the Azure VM that blocks RDP access it could be hard to regain that access and see what is happening inside the machine. But running on prem you should be able to retain console access regardless of what you deploy in the VM. You also would not have to pay for on premise use so it could save you some $$$
Another thought is that you could use a hybrid solution. For example, spin up VMs in hyper-v, configure them as you need then upload them to Azure to be used to build VMs from. This would also allow you to rapidly deploy many VMs as needed.
So there is not a "Single best" solution but many routes could work.
If you have any specs or basic environment requirements I would be happy to share some useful links as well. Or if you want to start investigating and if you have questions I am happy to answer :)
Friday, April 19, 2019 6:03 PM
Any update on this issue?
If the proposed answer was useful please remember to mark it as the answer so others can easily find it.
Friday, May 3, 2019 7:05 PM
Any update on this issue?
If a suggestion was useful, remember to upvote and mark as answer so others in the community can easily find it.