Services

360 Degree Protection Testing

A first-of-its-kind test that covers all angles, our pioneering 360 Degree Protection Test targets the key threats faced by internet users. In each test case we employ the full spectrum of Early Life Malware. We use a Time-To-Detect metric to measure how long it takes each application to detect and neutralise missed threats.

Our Phishing Test assesses products’ capabilities in blocking Phishing websites.

more information

Next-Gen Network Appliance/Endpoint Protection Testing

Companies face the challenge that their multi-layered protections with firewalls, anti-virus systems and intrusion detection systems can be bypassed by targeted attacks or advanced opportunistic attacks (Advanced Persistent Threats). Vendors responded to this problem with APT detection appliances, also known as breach detection systems or next-generation intrusion detection systems. We provide efficacy and comparative assessments of these APT detection appliances, with custom developed, never-seen-before malware.

more information

In-The-Wild Exploit Testing

Criminals on the internet started to distribute malware to victims years ago by targeting vulnerabilities in browsers, browser plugins, and document readers. The obfuscation used in these attacks renders some traditional antivirus protections ineffective. Thus vendors started to develop products which can detect and block exploits against these vulnerabilities, so the malware does not have a chance to start working. We provide efficacy and comparative assessments of these anti-exploit protections.

more information

Safe browser tests

Internet Security Suites and Financial Endpoint Protection systems can provide a safe browser solution to prevent the theft of confidential data and protect the integrity of financial transactions by protecting a browser against financial malware (e.g. Zeus, Dyre, Tinba, SpyEye, etc.). We provide efficacy and comparative assessments of these safe-browser protections.

more information

Recent projects

MRG Effitas Online Banking Certification Q2 2017

2017 / 09 /13

download report

MRG Effitas 360 Assessment & Certification Q2 2017

2017 / 08 /22

download report

Blog news

Encrypted exploit delivery - #IRONSQUIRREL

2017 / 09 /21

This research deals with the delivery of encrypted browser exploits to a victim’s browser. It is a follow-up post to some research I did 2 years ago. Even if you are already familiar with the content of that research, you may still find valuable information in this post. Introduction In this blog I will propose that attackers who legitimately need to launch encrypted attacks (such as law enforcement agencies tracking suspect activity online) can reduce the threat of their attacks being nullified via reverse engineering. They can do this by using both encrypted and one-time URLs to deliver the exploit …

more information
A Note on the War of Android AVs and Advanced Malware

2017 / 08 /28

Recently, we performed an in-depth analysis of multiple Android AV engines. We checked how they perform in scenarios where the users’ device has not yet been infected. As an afterthought, we performed testing in scenarios where the handheld has already been infected with a piece of malware – a rather realistic scenario assuming that a user realizes that there is something nasty going on and decides to install a free AV to sort things out. For testing, we installed a fresh sample of Trojan-Banker.AndroidOS.Svpeng.ae on several versions of Android (5.1.1 and 7.1.1) This piece of malware has been throughly analysed …

more information

Our partners