The recent attacks on the software supply chains of big software producers showed us that this component has not received the needed attention.
We can help you identify your supply chain, perform a threat assessment and establish a monitoring process for all software components that are part of your supply chain.
Don’t postpone this by telling yourself ‘Never change a running system’ and hope for the best.
Usually, the oldest or least known parts of your supply chain are the weakest links.
Did you know that a recent ENISA study showed that 66% of attacks focus on the supplier’s code ?

Here is more information

#security #testing #vulnerability #threat

Penetration testing is the technical analysis of the safety level of IT systems and networks.
We offer a complete investigation of the hardware / software systems for security vulnerabilities.
If you have at least one online service, then you must make sure that it is not vulnerable to attackers.
Our white hackers simulate potential attacks from internal and external perpetrators (intranet, internet).

The detection of security vulnerabilities includes the following sub-processes:
– Information Gathering/Preparation of the testing
– Vulnerability Detection and Verification
– Reporting
– Retesting of the fixes

You can find here more details:

#pentest #vulnerability #testing #ciso #whitehacker



A year ago, at VB2019 we presented for the first time an overview of how the anti-malware world looks from the perspective of a young company trying to enter the market: how they try to build products, how they try to enter the market, how they try to convert users, and what challenges they face in these activities.

In this new paper we will present an overview of the situation for such a company after one year of experience. We will look at the situation from several angles:

    • that of the consulting company helping them to build the product and enter the market


    • that of working with certification companies regularly, checking the products for detection and performance


  • that of working with Microsoft to make the company compliant and keep them compliant

One year later, many still have a hard time understanding that the security market is no longer the Wild Wild West, but we also see that a lot of visible efforts are being made to improve. This means that compliance with ‘clean software’ regulations is becoming an issue. We will present some interesting statistics and compare data from the past with current data. The young companies still have a lot of challenges in understanding that implementing AV software is not the same as implementing any other type of software. Despite the fact that they still get flagged by the established products for various reasons, there are still more and more companies trying to enter the market.

A lot of people in the audience will ask themselves ‘why would anyone want to enter the market, since the market is overcrowded, there are plenty of free products out there, and on Windows there is also Microsoft Defender?’. We will try to provide an answer to this question, but the answer is not what many think it is. Or, maybe it is …




If you’re serious in selling an AV product on Windows, you need certain APIs which are related to Windows Security Center / Action Center. You can get this API only if you are a member in the Microsoft Virus Initiative (MVI).

The Microsoft Virus Initiative (MVI) helps organizations to get their products working and integrated with Windows.

Here are the requirements to become a member:

Become a member

A request for membership is made by an individual as a representative of an organization that develops and produces antimalware or antivirus technology. Your organization must meet the following eligibility requirements to qualify for the MVI program:

  1. Offer an antimalware or antivirus product that is one of the following:
    • Your organization’s own creation.
    • Developed by using an SDK (engine and other components) from another MVI Partner company and your organization adds a custom UI and/or other functionality.
  2. Have your own malware research team unless you build a product based on an SDK.
  3. Be active and have a positive reputation in the antimalware industry.
    • Activity can include participation in industry conferences or being reviewed in an industry standard report such as AV Comparatives, OPSWAT or Gartner.
  4. Be willing to sign a non-disclosure agreement (NDA) with Microsoft.
  5. Be willing to sign a program license agreement.
  6. Be willing to adhere to program requirements for antimalware apps. These requirements define the behavior of antimalware apps necessary to ensure proper interaction with Windows.
  7. Submit your app to Microsoft for periodic performance testing.
  8. Certified through independent testing by at least one industry standard organization.

The most hard to achieve requirements are marked bold.

What you get ?

MVI members receive access to Windows APIs and other technologies including IOAV, AMSI and Cloud files. Members also get malware telemetry and samples and invitations to security related events and conferences.

We will work with you to get your company in the Antivirus Vendor page, we will build your product, will get your product accepted by Microsoft and deliver it to your customers.

Microsoft requires certain things from companies developing security products. Additionally, if you’re serious in selling an AV product on Windows, you need certain APIs which are related to Windows Security Center / Action Center.
These are not well documented and are usually very complex.

We have experience in dealing with such issues and with Microsoft.

Here are some steps required:

  • Set up the basics to deal with Microsoft
    • Build the product
    • Apply for 3rd party testing
    • Apply to MVI correctly
  • After that, we can help you
    • Integrate the API you obtain from Microsoft
    • Create the tool for interacting with the Action Center
    • Make it user friendly and test it with additional OSs.
    • Modify the updater to interact with the Action Center
    • Modify the licensing manager to interact with the Action Center
    • Modify the various other product functions to interact with the Action Center
    • Submit the kit (the result depends on all of the above)
    • Implement the product landing pages
    • Implement the incident landing pages
  • Make the required tests and adapt the product until you pass
  • Test and adapt the product for the Microsoft guidelines of interacting with Action Center  (all above situations)
  • Test and adapt the product for usability in regards to Windows 10 (which are special requirements)

We can’t do all these steps for you, but will guide and accompany you and your teams in doing them. Some of these steps we can do for you.

Please contact us to get more details.

An endpoint security product (aka: Antivirus product) has the following components:

  • User interface
  • The entire interception and detection technology to intercept file, memory, registry accesses:
  • Real time scanner (drivers, service) logic
  • On demand scanner  logic
  • Intercept Registry accesses (optional)
  • Identify running processes and scan them in memory together with the file on disk (optional)
  • Scanning logic – what gets scanned with what technology
  • In the cloud protection (optional)
  • Updater program and continuous updates for Product and Detection
  • Installer
  • Licensing management (offline and optional online)

All these are independent of the engine OEM vendor.


In addition, if you choose Avira to be your OEM vendor, you would benefit of our long experience in this field.

  • Integration of Avira SAVAPI with On Access Scanning (needs to be licensed separately from Avira)
    • SAVAPI
    • Drivers
    • Updater for Avira files

Optional components:

  • False Positive Prevention
  • Zero Day protection using cloud components
  • Remote configuration and control

Last, but not least:

  • Help to get in included into the Microsoft Virus Initiative
  • Windows Security Center integration

What we are offering:

Consulting for your team on how to build a product.

Your team will get a account connected to a Slack channel.

All items will be documented there:

  • Features  (above list)
  • User stories to define each feature in details
  • Bugs to signal issues in the product

You can book our services also to Promote your antivirus product

Sorin Mustaca (Sorin Mustaca IT Security Consulting)

Download the slides:

There are two categories of anti-malware vendors:

  • Established anti-malware vendors, who are preoccupied with getting the best scores in detection tests and capturing more market share.
  • Emerging anti-malware vendors, who are trying to understand what they need to do in order to enter the market.

This paper is about the second category of companies: those who are trying to enter the market either because they have identified a small market segment which they think they can serve, or simply because they’ve heard they can make some easy money. None of these emergent companies actually know what it takes to make a ‘real’ anti-virus product. They try to enter the market by creating some software that detects malware using a third-party scanning engine and soon realize that things are much more complicated than estimated: they face a multitude of problems they don’t understand and realize that there are more who want to see them fail than who are able and willing to help them.

In this paper I will discuss some of the challenges emergent anti-malware companies face:

  • Technical: how do you create an AV product?
  • Certification: how do you get tested and by whom?
  • Reputation: how do you establish a good reputation and remain unblocked by the ‘big guys’?
  • Blacklisting: what happens if you get flagged by some established companies?
  • Getting along with Microsoft: how do you establish a realistic ‘go-to-market’ plan?
  • Free product: what does it take to make a ‘free’ anti-malware product?




A movie describing what this is: