Malicious Code Research
The Malicious Code Research Laboratory (MCRL) is a team of experts in terms of determining the functionality of malicious code and developing recommendations for their detection, elimination and prevention of re—infection.
The laboratory specializes in the study of malicious objects involved in targeted attacks, which are almost impossible to detect by automatic means of protection, such as antivirus sandboxes. We are engaged in a detailed study of malicious objects, analyzing their real code instead of its behavior, since the behavior of the objects under study can be changed depending on certain conditions (for example, pretending to be a harmless program if run inside a sandbox).
The qualification of the MCRL experts allows you to neutralize (bypass) the protection used by malicious software and identify the conditions that the malware needs for real work, which often requires decrypting its configuration, studying the logs of the malware and obtaining other important characteristics. The collected information allows you to create a list of indicators of compromise, through which system administrators and even novice security specialists can find and neutralize complex malicious software.
In addition, our research contributes to improving the efficiency of using complex security tools, such as anti-virus sandboxes, anti-APT and EDR, which, without expert support, are quite difficult to use as effectively as possible.
Taking into account the current threats to the organization, the results of our research help to adjust the rules for searching for threats, and, sometimes, the functionality of security tools.
The laboratory is equipped with professional equipment and software products to ensure high-quality research of malicious code, and its experts improve their knowledge at international forums, including by acting as speakers at major international conferences (Positive Hack Days, Security Analyst Summit, FIRST Conference and others).