Building a malware analysis lab as a SaaS

Question

Hi! I am currently a student pursuing my degree at ESCOM IPN and am in the process of completing my final project, which involves malware analysis.

The nature of my project requires the use of cloud services to perform malware analysis in a controlled and secure environment. I have reviewed your Acceptable Use Policy and Terms of Service, but I would like to seek explicit clarification to ensure my project does not violate these terms.

Specifically, my project involves the following activities:

1	Uploading and storing malware samples in a secure and isolated environment.

2	Analyzing the behavior of these malware samples.

3	Collecting data from these analyses for academic research purposes.

Note that the intention is purely academic, and every precaution will be taken to prevent any accidental release or propagation of malware. I have already read from an old question on this forum that I can do it but just with a PaaS model and I wanted to know if now I am able to implement it with a SaaS model

I look forward to your response and appreciate your assistance with this matter.

Answer 1

Hi Oscar,

Any malware or well known exploit tools that are uploaded to Azure - even for academic purposes - can, and likely will, get your Azure instance shut down, and it's a difficult procedure to get it back enabled.

I speak from personal experience - I took a security related course and made the mistake of downloading some commonly used exploit tools to a windows VM in Azure. Within the same week of the training my Azure instance had been shut down by Microsoft.

I'm not sure of any ways around this, aside from storing the malware outside of the cloud, like your own home workstation/VM and having your solution use that server at the 'sandbox' for your project.
Perhaps you could argue that it's an extension of the cloud by installing Azure Arc and Defender for endpoint.