360 Degree Protection Testing
A first-of-its-kind test that covers all angles, our pioneering 360 Degree Protection Test targets the key threats faced by internet users. In each test case we employ the full spectrum of Early Life Malware. We use a Time-To-Detect metric to measure how long it takes each application to detect and neutralise missed threats.
Our Phishing Test assesses products’ capabilities in blocking Phishing websites.
Next-Gen Network Appliance/Endpoint Protection Testing
Companies face the challenge that their multi-layered protections with firewalls, anti-virus systems and intrusion detection systems can be bypassed by targeted attacks or advanced opportunistic attacks (Advanced Persistent Threats). Vendors responded to this problem with APT detection appliances, also known as breach detection systems or next-generation intrusion detection systems. We provide efficacy and comparative assessments of these APT detection appliances, with custom developed, never-seen-before malware.more information
In-The-Wild Exploit Testing
Criminals on the internet started to distribute malware to victims years ago by targeting vulnerabilities in browsers, browser plugins, and document readers. The obfuscation used in these attacks renders some traditional antivirus protections ineffective. Thus vendors started to develop products which can detect and block exploits against these vulnerabilities, so the malware does not have a chance to start working. We provide efficacy and comparative assessments of these anti-exploit protections.more information
Safe browser tests
Internet Security Suites and Financial Endpoint Protection systems can provide a safe browser solution to prevent the theft of confidential data and protect the integrity of financial transactions by protecting a browser against financial malware (e.g. Zeus, Dyre, Tinba, SpyEye, etc.). We provide efficacy and comparative assessments of these safe-browser protections.more information
2016 / 11 /15download report
2016 / 11 /10download report
2016 / 12 /03
This week was popcorn-time on Twitter. The good old debate started again. On one side, browser developers, penetration testers and AV bug hunters, on the other side, members of the AV industry. It is hard to get the essence what the debate is about, but it is mostly around this statement: “AV increases attack surface. AV introduces more risks with this increased attack surface than it reduces.” I agree with the first sentence. I don’t agree with the second sentence. If you are interested why, here it is. My definition of AV is that it should protect the users from …more information
2016 / 09 /28
Our Research Director, Balazs Bucsay made an exhaustive research on the topic of chroot bypass techniques early last year. The chroot system call is used to create restricted environments for specific processes. This research was presented on several international IT-Security conferences for example: PHDays V @ Moscow, Russia Hacktivity @ Budapest, Hungary DeepSec @ Vienna, Austria The evasion technique that he found affected almost all UNIX based operating systems including Mac OS X and iOS as well. These operating systems are running on iPhones, iPads, Macs and Macbooks so basically all Apple products were affected. The technique is called by move-out-of-chroot, which …more information