1. Sourcing System
Web crawler hunting samples
2. Blackcert automation system
Generate blackcert signatures with a Cluster and Rules
3. FakeFinder System
Detect fake/repack applications automaticly with a Classifier and Rules
4. Backend System v1.0
Powerful backend system to process volume samples and contribute detections
5. Backend System v2.0
More powerful backend system with a new generation of antivirus engine, supporting patterns of much more complex, generic and accurate
6. ApkInfo System
System to extract information from apk file and store in Intelligent analysis system
7. FakeId monitor system
System for analyzing new coming samples and hunting fresh malwares exploiting the fakeId vulerability
8. CertChain Checker
Module for check which certification files packed inside the apk are used for signing truly.
9. Competitor Reverse
gdb scripts for automation are developed
Other automation systems
10. Mobile Browser Fuzzing Framework
Framework for fuzzing android browsers hunting 0-day vulnerabilities.
Six fuzzer modules integrated in now.
11. Participated in the design and implement of new generation antivirus engine (under developing)
New generation, more powerful.
12, VulSalmonHunter System (under developing)
System used to scan ARM binaries and find possible vulnerability points.
13, ELKIntellengence V1.0:
Big data anlaysis platform based on ELK.
14, Two vulnerabilities on Android OS:
As described in this blog: http://blog.trendmicro.com/trendlabs-security-intelligence/malformed-androidmanifest-xml-in-apps-can-crash-mobile-devices/
-- AndroidManifest with DTD technology crashes android OS.
-- AndroidManifest declaring too many icons turns Android devices into bricks.
(In Ant Financial Group:)
1. Design and implemented "VulSalmonHunter" System:
Used to detect flaws and vulnerabilities in ARM ELF files automatically, based on taint analysis algorithm.
2. Design and implemented "AlipayWalletAutoFuzzer" System:
System to fuzz alipay wallet web requests and rpc requests automatically.
3. Four vulnerabilities on Mac OSX/IOS operating systems.
-- two local vulnerabilities: exploitable/dos caused by malformed font file.
-- two remote vulnerabilities: safari remote exploitable/dos caused by malformed pdf files.