Topsec Alpha Lab

This lab has a professional software and hardware reverse research team, which studies the vulnerability exploitation methods for IoT devices with different architectures and the wireless communication protocols commonly used by IoT devices. Its team members exploit vulnerabilities in various IoT devices such as routers, smart door locks, NAS, and smart home appliances, detect multiple high-risk vulnerabilities, assist IoT device manufacturers (such as TP-Link, NETGEAR, QNAP, Huawei, and Xiaomi) in fixing the vulnerabilities, and have received public acknowledgment from the manufacturers. They also study the IoV security, exploit the vulnerabilities of vehicle communication protocols, devices, systems, and wireless vehicle keys, and detect and submit multiple vehicle and T-box vulnerabilities.

This lab has a number of mobile security researchers, mainly engaged in the security technology research for mainstream mobile platforms such as Android and iOS. The researchers focus on app reverse analysis, anti-reverse protection confrontation, malicious code analysis, and privacy leakage threats and assessment of app security. They help a number of well-known manufacturers fix app security vulnerabilities and have received public acknowledgment from the manufacturers. They also assist relevant regulatory agencies in detecting privacy leakage risks of many well-known apps.

This lab has a professional software and hardware reverse research team, which has been engaged in reverse analysis for many years. Its team members focus on reverse analysis, anti-analysis confrontation, code restoration, and code auditing. They continuously carry out malicious code identification and analysis to detect a variety of advanced attack technologies, exploit and submit multiple high-risk vulnerabilities in mainstream products such as operating systems, databases, and readers, and have received public acknowledgment from software and hardware product suppliers including Apple, IBM, and Adobe many times.

With security vulnerabilities as a key factor affecting cybersecurity, the importance of relevant intelligence is self-evident. This lab establishes a complete set of vulnerability emergency response mechanism and develops an automatic vulnerability intelligence collection and analysis platform. This platform can collect data from many channels in a wide range to capture high-risk vulnerability intelligence in a timely and accurate manner through smart screening supplemented by manual judgment. Over the years, this lab has released emergency and major security vulnerability threat intelligence in the first time several times to help customers avoid security risks, and has been commended by relevant national institutions for many times.

Since its establishment, this lab has always adhered to original vulnerability research to assist manufacturers in mining and fixing vulnerabilities in various CMSs, network devices, industrial control devices, web sites, and apps. The researchers have continuously released more than 8,000 original vulnerabilities to Common Vulnerabilities and Exposures (CVE), China National Vulnerability Database (CNVD), China Industrial Control System Vulnerability Database (CICSVD), China National Vulnerability Database of Information Security (CNNVD), National Vulnerability Database (NVDB), and public Security Response Centers (SRCs) of major manufacturers. They assist the country in building the cyberspace order and strengthen cybersecurity defense.

This lab has a number of senior penetration testing engineers, who mainly engage in the research of web attack and defense technologies and provide support for internal and external penetration testing. Internally, they are responsible for the launch and upgrade security of Topsec's internal products. Externally, they assist the national security department in combating illegal and criminal activities to safeguard major national activities.