Quick links

Tel :010-82779088

Fax :010-82779000

E-MAIL:venus@venustech.com.cn

セキュリティ アドバイザリ

Introduction of Venustech ADLab (Active-Defense Lab)

The Venustech Active-Defense Laboratory (ADLab) was found in 1999. . The Lab had over 40 dedicated technical researchers. It had committed to researches on technologies for protection against deep network security attacks for many years under the guideline of "security from better preparedness". The Lab assists manufacture to repair these vulnerabilities and to help users access to comprehensive security.   The Lab took initiative in undertaking proactive technical researches in the security fields. It can provide strategic clients with a series of customized services, such as source code security testing, emergencies responding and penetrating test, and other security service.

ADLab is one of the  attack and defense technical research laboratories was found by the domestic security industry. . The Lab has constantly followed latest development in the study on mechanism of vulnerabilities by domestic and international institutions. It carried out in-depth research on technologies like attacks targeting network vulnerabilities and defects, defense and anti-attacks, real-time intrusion detection and monitoring, security auditing technology, rapid emergency response , core of operating system, buffer overflow technology, intrusion and protection of database, security technology for mobile terminals, security for industrial control system, and Web-based intrusion and prevention system. With the establishment of total and professional vulnerabilities library, attack toolkit and malicious code signatures, it enhanced its capacity in obtaining evidence and verification. In 2003, Venustech became the network security vendor, one of the only two Chinese network security vendors that had access to source code of Microsoft's Windows operating system. The access on one hand is a demonstration of Venustech's technological capacity. On the other hand, it enables the Lab to reduce losses from security events fundamentally through analysis of the dangerousness of security vulnerabilities in the first time and from the core of the operating system, further analysis of the mechanism of the vulnerabilities, identification of possible attacks targeting these vulnerabilities, possible characteristic code in the attack mode, and even identification of vulnerabilities in the first time and compilation of vulnerability patches and worm killing programs. To the end of December of 2011, ADLab has released  nearly 90 CVE vulnerabilities, sustained release loopholes in the number of Asia’s leading position.  It also launched  series studies for  new technologies and new directions in the field of network security.  The Lab made great technological breakthrough in smart phone system and industrial control system. It had been a leader in advance network security and in research of operating system security.

As a professional security division and service support team of Venustech, ADLab skilled strong support to R&D and  development of Venustech products, to major security projects and customer services through its knowhow,  capabilities in responding to emergencies rapidly and experiences in fixing problems. It also helped Venustech in winning trust from customers by assisting users in addressing imminent security threats and  predictable threats, Focus on network security development, in addition, ADLab also responsible for the mission of prospective  technology and continuously research the theory of security, such as security of compilation environment, wireless environment and mobile phone and made fruitful achievements

Ⅰ. Scope of research activities of ADLab

1. Security research of various operating systems and application systems 

ADLab from the establishment had  tracked the latest security vulnerabilities of network system and applications in domestic and international countries in a most timely and closely track.  We had set up a  specialized research group for major security issues Operating system security research, including Windows systems, Unix-like systems, Mac OS systems, the mobile terminal system (Android, IOS, etc.) and so on. Application security research is based on user demand, user-specific application system security research 

2. Research on malicious code 

ADLab's research on malicious code mainly includes rapid analysis of worm technologies, distributed honeypot, and remote system management platform technology research. It had leading capacity in this area.  Some achievements have been instrumentalized or semi-tools.

3. Research on Botnet technologies

The research activities mainly include the identification, monitoring, taking over and utilization of Botnet. ADLab now achieve considerable results in identification and monitoring of Botnet among the leading level of domestic.

4. Security research of source code of application system (white box security) 

Based on its years of experiences in system security, vulnerabilities mining and utilization and response on the basic of users’ most pressing needs (from thoundsand times the safety of emergency services), ADLab  started research activities in application systems source code security in 2003. It  provided source code security checking services to important sectors such as telecommunications, financial institutions and government agencies  since 2005.

Safety inspection services of the application source code service mainly targets on code-level security applications, The service can identify system defects, threats and vulnerabilities in the source code layer and ensure application system security through source code protection.

5. Security research of information application system, network equipment and non-mainstream platforms  

ADLab information system security research, including: Security research of database, security research of email, research on intranet information disclosure and encryption and decryption of information. For the security of network equipment, the research are mainly from the perspectives of both "attackers" and "defenders". Other platforms, security research, including:Wireless Network; IPV6 (focus on defects in the protocol); Security research of operating systems for smart phones, such as Android, Iphone, Ophone, Blackberry, WinCE (such as research on buffer overflow of CE platform and remote control technologies), Symbian OS, Palm, Linux/LIPS (Smart Phone).  

Ⅱ. Application of research results 

1. Support for the products of the Company

ADLab provides strong and dynamic support to technical realization of the security products, security services and projects of Venustech. It actively expands research on prospective technologies in the security area and form corporate-level custom projects;  provide strategic clients with a range of customized services, such as source code security testing, emergencies responding and penetrating test, while also provide clients with more professional, complete and comprehesive security solutions. ADLab's research results provide support related to events library, IPv6 event library and vulnerabilities resource information library of Venustech's UTM, WAF, IPS and IDS. In addition, for important vulnerabilities, ADLab can provide emergent upgrade within hours. It also provides early warning before the emergence of major worms. The Lab undertaken to support Taihe security operation center (SOC) of Venustech. 

According to strategic planning and objectives for various stages, ADLab provides support in near a thousand times of emergency response for strategic clients and sales platforms. 

2. Support for major projects

ADLab according to the user needs to provide the following services: Penetration testing services, Botnet emergency responses, DoS emergency responses, security checking of source code of application systems, sever intrusion emergency responses.

ADLab's senior network security experts are a few ones in China who can track Botnet and DoS attacks, especially in tracking hackers' attacks and analysis of the attack behavior. Such as tracking SYNflood DOS for a university, the hunting down of intruders by honeypot system resolved security issue for clients. At the same time, ADLab also played a major role in  defense against SQL Slammer worms, Apache DoS oday vulnerability, 0day early warning of IE browser, STUXNET Trojan of industrial control system, critical vulnerability of DoS of BIND9, various security vulnerabilities of PHPWind, vulnerabilities in ART image, vulnerabilities in MSDTC and COM+, in Windows Media Player, in MSN Messenger, vulnerabilities of buffer overflow of interface of Windows RPC DCOM, breakout of worm virus shockwave and Sasser through special security emergency response services.

3. Providing emergency response services to users

ADLab also provides network security emergency services. On average, it provides over 140 emergency response services to clients each year with a success rate of 100%.

Ⅲ. Cooperation and exchange

ADLab maintains close cooperation with CVE (Common Vulnerabilities and Exposures), CSI (Computer Security Institute), ICSA (TruSecure International Computer Security Association Lab), and FIRST (Forum of Incident Response and Security Teams). It also actively sends delegates to participate in various important international conferences to keep up with the latest development and research direction in offensive and defensive technology.