Cases

Case Studies.

Real security-analysis and engineering tasks, all done with AVL Code and the Landi model — from sample reversing and traffic triage to building detection tools.

Session replays & reports are original records in Simplified Chinese · Built with AVL Code + the Landi model

User Cases

1

Real-world cases from users’ own business scenarios, delivered with AVL Code.

Team Showcase

9

Real security-analysis and engineering tasks completed by the Antiy team with AVL Code.

#010 · Traffic Analysis

Network Fault Localization in a Complex Business System

To pin down the root cause of a network fault in a complex business system, engineers drove AVL Code with natural-language instructions — a full intelligent loop from 2.2GB of traffic captures to a fault-localization report.

Network Fault LocalizationTraffic AnalysisRoot-Cause AnalysisComplex Business SystemsLarge-Scale Traffic
View case
#008 · Security Ops & Inspection

Automated Inspection and CVE Scanning for Antiy IEP EPP

With one open-ended natural-language instruction, an ops engineer had AVL Code run the whole loop: SSH into the host, inspect Antiy IEP EPP, check service status, scan for CVEs, redact sensitive data and generate an HTML report.

SSH AutomationProduct InspectionCVE ScanningFault Self-HealingThreat IntelligenceReport Automation
View case
#007 · R&D & Testing

Smart Installation and Setup of cve-mcp-server

To automate MCP service configuration, a developer gave AVL Code a single open-ended natural-language instruction — an end-to-end intelligent loop from vague prompt to working MCP service.

MCP IntegrationIntelligent AgentFault Self-HealingThreat IntelligenceCVE TriageOps Automation
View case
#006 · Security Tooling

iOS Exploit-Kit Response and Security Check Tool

To support the MIIT with a rapid response to an iOS exploit-kit security incident, engineers used AVL Code to build a zero-dependency HTML detection tool in record time.

iOSExploitDetection Tool
View case
#005 · Sample Analysis

Darkhotel JPEG Steganography Sample Analysis

Darkhotel is an APT group with an East Asian background. Analysts ran fully static analysis on a suspected sample with AVL Code, reconstructing its multi-stage information-theft attack chain end to end.

SteganalysisJPEGDarkhotelAPTWOW64
View case
#004 · Traffic Analysis

IRC Botnet Traffic Capture Analysis

Working from a captured IRC botnet traffic dump, analysts used AVL Code to reconstruct the full C2 communication picture through protocol-level behavioral analysis.

Traffic AnalysisIRC BotnetC2 Detection
View case
#003 · Behavioral Analysis

EDR Behavioral Alert Chain Reconstruction

An EDR platform raised a PowerShell alert. Engineers dug deeper with AVL Code, reconstructing a five-level process call chain and uncovering a DNS covert channel and LotL techniques.

EDRPowerShellDNS TunnelingMITRE ATT&CK
View case
#002 · Sample Analysis

In-Depth Analysis of the fast16 Malware

fast16 is a piece of malware with destructive capability. Analysts used AVL Code for purely static analysis, fully reconstructing the attack chain and delivering a detection tool plus YARA rules.

Reverse EngineeringPE AnalysisYARAThreat Detection
View case
#001 · R&D & Testing

NetAdmin Console Compatibility Analysis

NetAdmin is a support tool for network administrators. Test engineers used AVL Code to run a full-stack compatibility analysis across the entire product.

Compatibility AnalysisTechnology AssessmentSOP
View case