Azure and Malware Sandboxes

Dear readers,

This year has been one of the weirdest experiences in our lives and that’s why we wanted to come back to topics we know you love. We prepared a few articles that approach known areas “Malware and Azure“ from different perspectives.

We start with The Integration of Azure Sphere and Azure Cloud Services for Internet of Things. The author proposes an integrated solution for Internet of Things (IoT), utilizing high performance Azure Sphere microcontroller unit and Microsoft Azure cloud services.

Another article related to Azure is Azure SQL Managed Instance Overview, which is a brief tutorial on deploying Azure SQL Managed Instance on SQL server type of workload running in Microsoft Azure. Pretty awesome, right?

You may also want to look at Kubernetes as an Availability Manager for Microservice Applications, where authors show a results of their investigations that in certain cases, the service outage for applications managed with Kubernetes is significantly high.

Later on we are going to dive into the topic of malware sandboxes with A Practical Introduction to Malware Analysis and an analysis of Cuckoo Sandbox. Then, we will take a closer look at Sophisticated PDF Malware.

At the end we have a couple of extremely fascinating articles from various fields of cybersecurity, like  WiFi cyberattacks, drone hacking, docker tools and cyberpsychology. One of our favourite articles is Kali Linux & WiFi Attacks with the New Pi400, in which the author covers some very interesting issues in a clear and approachable way.

That’s right, in this issue everybody can find something interesting that suits individual needs!

We hope you will enjoy this edition. We would also like to send gratitude to our contributors, reviewers and proofreaders.

Thank you for sticking with us throughout this difficult year. We wish you all the best and we hope the new year will greet you with many successes and happiness.

Thank you and happy new year!

Hakin9 Editorial Team

---

TABLE OF CONTENTS

Xanthe – Docker aware miner

Vanja Svajcer, Outreach Researcher - Cisco Talos

Attackers are constantly reinventing ways of monetizing their tools. Cisco Talos recently discovered an interesting campaign affecting Linux systems employing a multi-modular botnet with several ways to spread and a payload focused on providing financial benefits for the attacker by mining Monero online currency.  We believe this is the first time anyone’s documented Xanthe’s operations. The actor is actively maintaining all the modules and has been active since March this year.  The infection starts with the downloader module, which downloads the main installer module, which is also tasked with spreading to other systems on the local and remote networks. The main module attempts to spread to other known hosts by stealing the client-side certificates and connecting to them without the requirement for a password.

---

The Integration of Azure Sphere and Azure Cloud Services for Internet of Things

Jiong Shi, Liping Jin

In this article, an integrated solution including Azure Sphere devices and Azure cloud services is proposed to provide a comprehensive and efficient way to ensure security that starts in the device and extends to the cloud with limited budgets. Moreover, the implementation details including hardware components, software design and Azure cloud integration are presented to demonstrate the feasibility and efficiency of the proposed solution.

---

 Kubernetes as an Availability Manager for Microservice Applications

Leila Abdollahi Vayghan

Kubernetes is an open source platform that defines a set of building blocks which collectively provide mechanisms for deploying, maintaining, scaling, and healing containerized microservices. Thus, Kubernetes hides the complexity of microservice orchestration while managing their availability. In a preliminary work we evaluated Kubernetes, using its default configuration, from the availability perspective in a private cloud setting.

---

Azure SQL Managed Instance Overview

Marek Chmel

Databases are one of the most common choices to store application data. While there are many modern database types, generally described as NoSQL databases, relational databases are still the most frequent and common type of storage. Considering you would like to run Microsoft SQL Server type of the workload, there are numerous choices for you in Microsoft Azure.

---

Cuckoo Sandbox

Preet Kamal

So what is a sandbox? In simple words, it's an isolated box in which experiments are conducted and results are observed without affecting the things that are present outside the box. In this scenario, that sandbox is “Cuckoo Sandbox”, in which you can throw any piece of software/files and the sandbox will analyze (experiment) it, which is automated, and provide a detailed report outlining its behaviour.

---

Study of a sophisticated PDF Malware

applebl00m

This is an article about a sophisticated PDF malware. You will need the Python executable installed on your machine and Python PDF tools, basic knowledge in assembly and Windows API and good common sense. Instead of LINUX, you could use a good internet connection. This PDF malware impersonates the police and wants to inspire fear in the person reading the document containing it. Thus, it can prevent the user from taking actions against its malicious behavior. 

You will learn a good methodology to fight against sophisticated PDF malware.

---

A practical introduction to malware analysis

Daniel Crossley

This is an introductory level article that aims to introduce the reader to some basic principles of malware analysis by discussing some initial steps and publicly available online tools and resources, which can be used to analyse and understand a piece of malware. 

---

Kali Linux & Wi-Fi Attacks with the New Pi 400!

Daniel W. Dieterle

The Pi 400 is perfect as a Kali Linux system, and in this article, we will look at installing Kali, and running some quick Wi-Fi attacks. All that is needed hardware-wise for this article is the Pi 400 (Complete Kit), an HDMI monitor and a Kali compatible USB Wi-Fi adapter. I used a TL-WN722N (v1!) and an Alfa AWUS036NHA Extended Range, both worked “Out of the Box”. The TL-WN722N V1 is no longer available, new and updated versions require driver tinkering, though many tech enthusiasts already have them, and it is a very good short-range adapter. 

---

What is drone hacking?

Nazneen Khan

After the fourth Industrial Revolution, or Industry 4.0, most of the robots in industries are equipped with modern smart technologies, like Internet of Things, along with machine-to-machine communication (M2M) to increase automation, improve communication and self monitoring and also smart machines that can diagnose issues and try to repair them or solve them without human intervention. When we talk about drones, currently all drones are equipped with internet connectivity to transfer data or broadcast video, or also for logging all the data in databases received from the real world to the pilot or drone operator in case of autonomous missions.

---

Introduction to Cyberpsychology

Dr Varin Khera

Most research studies regarding the cyberpsychology topic focused on the effect of the internet, especially the advent of social media on individuals' and groups' psychology. However, the cyberpsychology domain includes all digital interactions that affect human psychology, such as virtual reality, augmented reality, artificial intelligence, online gaming, and mobile computing.