Security Research
current location:COMPANY>Security Research
Security Research
Security Research
Security Research:

About Venustech ADLab (Active-Defense Lab)

Founded in 1999, Venustech ADLab (Active-Defense Lab) has nearly 70 technicians. Over the past years, adhering to the concept of “security comes from a plan ahead”, ADLab has engaged in the research of deep attack and defense technologies in network security, found various security flaws in computer and network system, as well as assisted vendors to repair such flaws; in addition, it has always actively made forward-looking technology research in security field and helped customers get overall security. Now it has formed customized projects to provide strategic customers a series of customized source code security test, emergency response, penetration testing and other security services.

As one of the earliest attack and defense technology labs in China, ADLab constantly and closely followed up the latest developments in vulnerability mechanism research both at home and abroad, made in-depth research of network vulnerability and exposure attack technology, defense and counter attack technology, real-time intrusion detection and monitoring, security auditing technology, emergency response, operating system kernel technology, buffer overflow technology, database intrusion and defense technology, mobile terminal security technology, industrial control system security technology, Web-based intrusion and defense system technology, etc., built a comprehensive and professional vulnerability database, attack database, malicious code database, etc. and improved reporting and verification technology. 

In 2003, Venustech, upon the approval of the state, established one of the only two network security vendors that can review the source code of Microsoft Windows operating system in China. On one hand, it reflects Venustech’s position in national information security system; on the other hand, by reviewing the source code of Microsoft Windows, Venustech can analyze the hazard level of the security vulnerability from the essence of the operating system immediately and further analyze the mechanism of the rise of the bug, study the feature codes that may exist in the attack mode or even find the vulnerability immediately and write a loophole patch project and worm virus removal project, so as to reduce the loss caused by security accidents at the source. 

So far, Venustech ADLab has released over 100 CVE bugs and maintained its leading position in vulnerability release in Asia; at the same time, it has also carried out a series of studies of the new technologies and directions in network security field and won major technological breakthroughs in the smart phone system and industrial control system security. Now its research in operating system security has reached an international first-class level and taken up a core position in international top network security field.

As the support team of Venustech’s professional security products and service, ADLab’s superb professional technology, fast emergency response and rich experience in problem solving provide a strong and powerful technical support to Venustech to make product research, development and upgrading and undertake national major security projects and client services, help the users to solve existing security threats, foresee all kinds of possible threats and also lay a solid foundation for Venustech to win the trust of customers.

In addition to the emphasis on the research of the fundamental network security, ADLab also exert every effort to develop forward-looking technology, constantly studies new security theories, such as compiling environment security, wireless security and mobile security, etc. 

I. Responsibilities of ADLab

1. Research of the Security of Various Operating Systems and Application Systems 
The most important responsibility of ADLab. Since its inception, ADLab has always made the most timely and closest follow-up of the latest network system security vulnerabilities and application software bugs and even built a special research team to strive to make technological breakthrough in case of major security problems. Operating system security research mainly includes Windows, Unix-Like system, Mac OS, mobile system (Android, IOS, etc.), etc. Application security research is the research on the security of the dedicated application system according to the customers’ requirement.

2. Malicious Code Research 
ADLab’s malicious code research mainly includes the research of rapid analysis of worm technology, distributed honeypot technology research, research of management platform technology of remote system, etc., and the research results have been up to the internationally advanced level and some results even have been instrumentalization or semi-instrumentalization.

3. Botnet Technology Research 
The research is mainly made from four aspects, including finding, monitoring, take-over and application of the botnet. Now ADLab has made some achievements in botnet finding and monitoring and taken the lead in trace to the source of botnet’s denial-of-service attacks in China.

4. Research of Security Technology of Application System Source Code (White Box Security) 
On the basis of years of system security research, vulnerability detection and application research and security emergency response of application system (get the pressing need of the users from more than times of security emergency services), ADLab has started the technology research of the security of application system source code from 2003 and started to provide source code security detection services to key industry customers such as telecommunications, finance and governments from 2005.

Security detection service for application system source code is mainly for application system code security. With the service, system flaws, threats and bugs can be detected from source code and the security of the application system can be guaranteed from source code. 

5. Security Research of Information Application System, Network Equipment and Non-mainstream Platform 
ADLab’s security research of information application system mainly includes: Database security research, email security research, research of LAN information disclosure and information encryption & decryption research. For network equipment security, the research is mainly carried out from two aspects: “attacker” and “defender”. Security research of other platforms also includes: Wireless Network; IPV6 (mainly for protocol limitation ); Android, iphone, Ophone, Blackberry, WinCE (such as CE platform’s buffer overflow research and remote control technology research), Palm, Linux/LIPS (Smart Phone) and the security research of other smart phone operating systems. Some research results have been up to the nationally advanced level.

II. Application of the Research Results

1. Support for Company Products 
ADLab provides a strong, powerful and dynamic technology guarantee for Venustech’s security products, security services and project development, actively develops forward-looking technologies in security field and formed company-level customized projects; in addition, it provides a series of customized source code security detection, emergency response, penetration testing and other security services to strategic users. It also provides more professional, complete and comprehensive security solutions to the users. ADLab’s research results greatly support Venustech’s event database related to NIDS, HIDS, IPS, UTM and other products, IPv6 event database and vulnerability database. Additionally, ADLab can make emergency upgrading for key bugs in few hours and can give an alarm before the appearance of major worm and strongly support the knowledge database of Venus Security Operation Center (SOC).

ADLab has also supported the company’s strategic customers and sales platforms to make nearly 1,000 times of safety emergency treatments according to the company’s strategic planning for product technology research and development and phased target.

2. Support for National Key Scientific and Technological Projects 
So far, ADLab has undertaken more than 30 national-level and provincial-level key network security scientific and technological projects independently or together with other departments, including the project of core electronic devices, high-end general chips and basic software product, national 863 plan, national torch plan and national research project, etc.

ADLab also provides the following services according to users’ demand: Penetration testing, botnet emergency response, denial-of-service emergency response, security detection service of application system source code, server intrusion emergency response, etc.

ADLab has a few of senior experts that have the ability to trace the source of botnet and denial-of-service attack in China, especially, it has made remarkable achievements in source tracking of hacker attack and attack analysis. For example, tracing the source of the SYNflood denial-of-service attack of an university in Wuhan and a state-owned unit and solving the security problem for the users by chasing the invaders with honeypot system. At the same time, ADLab also offers special network security emergency service and plays a major role in Sino-US hacker wars, SQL Slammer worm flood, 0-day vulnerability in Apache denial-of-service, 0-day warn of IE browser, STUXNET trojan virus of industrial control system, high-risk vulnerability in BIND9 denial-of-service, PHPWind multiple security bugs, ART image bug, MSDTC and COM+ bug, Windows Media Player bug, MSN Messenger bug, buffer overflow vulnerability of Windows RPC DCOM interface heap, “blaster” worm virus, “sasser” worm virus flood and at other critical moments.

3. Emergency Response Service for Customers 
In China, ADLab has always kept a good partnership with National Computer Security Management Center, National Testing and Certification Center for Computer Security Products, National Emergency Treatment Center for Computer Viruses and CNCERT/CC. As an important technical supporter of CNCERT/CC, ADLab also offers special network security emergency service and help users solve more than 140 emergency services problems on average each year, with a success rate of 100%.

III. Cooperation and Communication

ADLab keeps a close partnership with International Organization of CVE (Common Vulnerabilities and Exposures, International Computer Security Institute, TruSecure International Computer Security Association Lab, International Forum of Incident Response and Security Teams and actively assigns its personnel to attend various international meetings to understand the latest development and research direction of attack and defense technology in the world.