The Laboratory of Cryptography and System Security (CrySyS Lab) is committed to carry out internationally recognized, high-quality research on security and privacy in computer systems and networks, and to teach related subjects at the Budapest University of Technology and Economics. We strongly believe in problem driven, project oriented research, therefore we participate in R&D projects, where we collaborate with industry partners and academic institutions, and maintain international relationships.

Notes: CrySyS Lab belongs to the Department of Networked Systems and Services at the Budapest University of Technology and Economics. It is not a company, but a university research lab. The official Hungarian name of the lab is CrySyS Adat- és Rendszerbiztonság Laboratórium. Lab members pronounce CrySyS as [kri:sis].

Alumni Network

The CrySyS Alumni Network consists of those 100+ persons who did their diploma or PhD projects in the CrySyS Lab. The following PhD graduates are distinguished alumni who received the CrySyS Steel Ring which has the lab logo and the date of graduation graved in it:

Members of the !SpamAndHex and c0r3dump hacker teams are also part of our Alumni Network. Both teams have grown out from the CrySyS Student Core and became one of the best CTF teams in the world. !SpamAndHex won iCTF 2014, the largest CTF organized specifically for universities, and it was among the 15 teams that qualified for the DEFCON CTF Finals, the most prestigious professional CTF in the world, in 2015, 2016, and 2017. C0r3dump is a younger, but an equally enthusiastic team achieving nice results at different CTFs.

Godfathers of Duqu

We are probably best known about our contributions to the discovery, naming, and analysis of the Duqu malware.

It all began in September 2011, when a European company sought our help to investigate a security incident that happened in their IT system. During the investigation, we discovered a new malware that was unknown to all mainstream anti-virus products, however, it showed striking similarities to the infamous Stuxnet worm. We named the new malware Duqu, and we carried out its first analysis. Our findings led to the hypothesis that Duqu was probably created by the same people who developed Stuxnet, but with a different purpose: unlike Stuxnet, whose mission was to attack industrial equipment, Duqu was an information stealer rootkit. Nevertheless, both pieces of malware have a modular structure, and they could be re-configured remotely from a Command and Control server to include virtually any kind of functionality. Later, we also identified the dropper of Duqu, which led to the discovery of a zero-day Windows kernel exploit. The story and our results received intensive press coverage at that time.

Since the discovery of Duqu, we have been involved in the analysis of other targeted malware campaigns, including Flame (2012), MiniDuke (2013), TeamSpy (2013), and Duqu 2.0 (2015). More information is available on our blog site at blog.crysys.hu and on our research page.



Tresorit was started as a student project in the CrySyS Lab and it evolved into a spin-off thanks to the talent and devotion of the students, István Lám and Szilveszter Szebeni, who designed the Tresorit architecture. Tresorit is a cloud based encrypted data storage system that allows for secure sharing of information within closed user groups. In Tresorit, data is encrypted at the client side before it is uploaded into the cloud, hence, users do not need to trust the cloud storage provider.


Avatao is an online e-learning platform for IT professionals offering custom-tailored learning paths and detailed analytics about the learning process. Avatao helps users acquiring desired skills by guiding them through a series of hands-on exercises and challenges. Currently, Avatao focuses on providing IT security related challenges at all levels and in multiple sub-domains.

Ukatemi Technologies

Ukatemi Technologies was founded by members of the CrySyS Lab with the mission of addressing the problems of targeted attacks in cyber space. Ukatemi Technologies provides malware analysis services and offers solutions for building malware analysis laboratory environments. It also has a large local malware repository, containing 350+ million samples, and featuring a fast search method based on binary similarity. The company is also active in the ICS/SCADA cybersecurity domain, providing consulting services and offering an asset inventory and network discovery tool that is based on passive monitoring of network traffic.