According to statistics, in the first half of 2021, in China, the number of malicious program samples captured is about 23.07 million, the average daily propagation times reached more than 5.82 million, involving about 208,000 malicious program families . The National Information Security Vulnerability Sharing Platform (CNVD) included 13,083 general security vulnerabilities, a year-on-year growth of 18.2%. Among them, the number of high-risk vulnerabilities was 3,719 (28.4%), a decrease of 13.1% year-on-year; The number of zero-day vulnerabilities was 7,107 (54.3%), a significant increase of 55.1% year-on-year.

The cybercriminals behind those attacks used a variety of computer intrusion techniques to break into corporate networks. They were targeted, skilled, proactive, well-organized and well-funded. In order to defend cyber attacks and cope with customers' demands, security companies need to analyze the security situation in real time, analyze the possible vulnerabilities of network service programs and mobile applications, reduce the possibility of being attacked, and prevent service interruption and data loss. All those work cannot be done without reverse engineering.

Reverse engineering is the most common practice of security engineering to analyze malicious programs and system vulnerabilities, and is a powerful tool that allows those who are proficient in it to figure out how a given program or system works when no source code is available. By taking malware apart and studying it, cybersecurity companies can build tools to counter the techniques used by malware developers, rather than passively developing defenses for individual malware programs.

In the future, the software and network will become more and more complex and diversified. Traditional reverse tools are always for single dimension and single executable files. When dealing with complex systems, it wasn't very handy.Our Reactor Engine is for future complex software.

First of all, Reactor Engine analyzes the entire firmware, from manufacturers, models, to SBOM, and the disassembly and decompilation information of each executable file, disclosed and undisclosed vulnerabilities, information association between multiple executables, simulation of the whole firmware system, debugging binary as easily as debugging source code. Reverse working efficiency has been greatly improved by Reactor Engine. Meanwhile, the powerful cloud component of our engine analyzes the historical version, close relative version and patch version of the target firmware, extracts the instruction level differences of two similar executables, and establishes the horizontal and vertical connection of the firmware.

Even as an experienced security researcher, such tools can greatly improve work efficiency. At the same time, the security company's business can build on the underlying capabilities of our engine to present different product forms for their business. For example, for vulnerability mining, BINQL in our engine provides highly customizable vulnerability mining interface to meet diverse needs and achieve semi-automated vulnerability mining. We provide simulation of the whole system, which is a perfect tool for software behavior analysis.