CrySyS Lab (in Hungarian pronounced as /ˈkriːsis/)[1] is part of the Department of Telecommunications at the Budapest University of Technology and Economics. The name is derived from "Laboratory of Cryptography and System Security", the full Hungarian name is Hungarian: CrySys Adat- és Rendszerbiztonság Laboratórium.
CrySyS Lab. was founded in 2003 by a group of security researchers at the Budapest University of Technology and Economics. Currently, it is located in the Infopark Budapest. The heads of the lab were Dr. István Vajda (2003–2010) and Dr. Levente Buttyán (2010-now). Since its establishment, the lab participated in several research and industry projects, including successful EU FP6 and FP7 projects (SeVeCom,[2] a UbiSecSens[3] and WSAN4CIP[4]).
CrySyS Lab is recognized in research for its contribution to the area of security in wireless embedded systems. In this area, the members of the lab produced
The above publications had an impact factor of 30+ and obtained more than 7500 references. Several of these publications appeared in highly cited journals (e.g., IEEE Transactions on Dependable and Secure Systems, IEEE Transactions on Mobile Computing).
The laboratory was involved in the forensic analysis of several high-profile targeted attacks.[5]
In October 2011, CrySyS Lab discovered the Duqu malware;[6] pursued the analysis of the Duqu malware and as a result of the investigation, identified a dropper file with an MS 0-day kernel exploit inside;[7] and finally released a new open-source Duqu Detector Toolkit[8] to detect Duqu traces and running Duqu instances.
In May 2012, the malware analysis team at CrySyS Lab participated in an international collaboration aiming at the analysis of an as yet unknown malware, which they call sKyWIper. At the same time Kaspersky Lab analyzed the malware Flame[9] and Iran National CERT (MAHER)[10] the malware Flamer. Later, they turned out to be the same.
Other analysis published by CrySyS Lab include the password analysis of the Hungarian ISP, Elender, and a thorough Hungarian security survey of servers after the publications of the Kaminsky DNS attack.[11]