Cases
Case Studies.
Real security-analysis and engineering tasks, all done with AVL Code and the Landi model — from sample reversing and traffic triage to building detection tools.
Session replays & reports are original records in Simplified Chinese · Built with AVL Code + the Landi model
User Cases
1Real-world cases from users’ own business scenarios, delivered with AVL Code.
Team Showcase
9Real security-analysis and engineering tasks completed by the Antiy team with AVL Code.
Network Fault Localization in a Complex Business System
To pin down the root cause of a network fault in a complex business system, engineers drove AVL Code with natural-language instructions — a full intelligent loop from 2.2GB of traffic captures to a fault-localization report.
Automated Inspection and CVE Scanning for Antiy IEP EPP
With one open-ended natural-language instruction, an ops engineer had AVL Code run the whole loop: SSH into the host, inspect Antiy IEP EPP, check service status, scan for CVEs, redact sensitive data and generate an HTML report.
Smart Installation and Setup of cve-mcp-server
To automate MCP service configuration, a developer gave AVL Code a single open-ended natural-language instruction — an end-to-end intelligent loop from vague prompt to working MCP service.
iOS Exploit-Kit Response and Security Check Tool
To support the MIIT with a rapid response to an iOS exploit-kit security incident, engineers used AVL Code to build a zero-dependency HTML detection tool in record time.
Darkhotel JPEG Steganography Sample Analysis
Darkhotel is an APT group with an East Asian background. Analysts ran fully static analysis on a suspected sample with AVL Code, reconstructing its multi-stage information-theft attack chain end to end.
IRC Botnet Traffic Capture Analysis
Working from a captured IRC botnet traffic dump, analysts used AVL Code to reconstruct the full C2 communication picture through protocol-level behavioral analysis.
EDR Behavioral Alert Chain Reconstruction
An EDR platform raised a PowerShell alert. Engineers dug deeper with AVL Code, reconstructing a five-level process call chain and uncovering a DNS covert channel and LotL techniques.
In-Depth Analysis of the fast16 Malware
fast16 is a piece of malware with destructive capability. Analysts used AVL Code for purely static analysis, fully reconstructing the attack chain and delivering a detection tool plus YARA rules.
NetAdmin Console Compatibility Analysis
NetAdmin is a support tool for network administrators. Test engineers used AVL Code to run a full-stack compatibility analysis across the entire product.
