Name: TPP, Threat Protection Program

Text:

security

VUPEN Threat Protection Program



VUPEN provides its customers
protection guidance and research
reports about critical vulnerabilities up
to 9 months in advance before any
patches are released. The high quality
and ln-depth technical details of
research reports provide a
unique way to mitigate and respond to
zero-day attacks. Organizations with
critical infrastructures and networks
need and appreciate such vulnerability
intelligence solutions with added

values.

Richard Martinez, Frost Sullivan Analyst

Contact us

VUPEN Security

Cap Omega - CS 39521
Rond-point Benjamin Franklin
34960 Montpellier Cedex 2
France

Website:
Twitter: twitter.coleU PEN
Email: sales@vupen.com

Phone: +33 467 130 094
Fax: +33 467 130 095





VUPEN works closely with governments and major corporations to reduce their
exposure to zero-day attacks and to address the security risks emanating from
cyberspace.

The number of targeted and sophisticated cyber attacks taking advantage of
unpatched vulnerabilities in major software is significantly increasing. Recent attacks
have demonstrated the need for organizations to leverage the most advanced
security intelligence to protect critical infrastructures and assets.

Major software vendors usually take 6 to 9 months to release a security patch for
critical vulnerabilities affecting their products, and this long delay between the
discovery of a vulnerability and the release of a patch creates a window of exposure
during which criminals can rediscover a previously reported but unpatched
vulnerability, and target any organization running the vulnerable software.

To respond to this challenge, VUPEN Threat Protection Program (TPP) aims to
deliver exclusive research reports and attack detection guidance for undisclosed
vulnerabilities discovered in-house by VUPEN security researchers, providing timely,
actionable information and guidance to help mitigate risks from unknown
vulnerabilities or exploits. This is a proactive approach to aid governments and
corporations in making decisions in response to potential threats on a real-time basis
and in advance of public disclosure, maintaining a secure environment while the
affected vendor is working on a patch.

Access to this program is restricted to major corporations and governments under
NDA (Non-Disclosure Agreement).

Threat Protection Levels



Basic Level Enhanced Level

Comrehensive Level

. 50 credits?)

. Brief technical description

. ln-depth technical analysis

. Workaround mitigation?)

. Proof-of-concept (crash only)
. Code execution exploit?)

. Attack Detection guidance?)

. 30 credits?)
. Brief technical description
. In-depth technical analysis

. 40 credits?)

. Brief technical description

. ln-depth technical analysis

. Workaround mitigation?)

. Proof-of-concept (crash only)

. Workaround I mitigation?)

(1) each research report costs 1 or 2 credits depending on the nature of the vulnerability
(2) when available

Pricing and Licensing



VUPEN Threat Protection Program is priced as a prepaid annual subscription based
on the chosen level.

About VUPEN Security



VUPEN has been recognized as "Entrepreneurial Company of the Year in the
Vulnerability Research Market" by Frost Sullivan.

VUPEN team includes highly skilled and motivated security researchers dedicated to
finding critical and unpatched vulnerabilities in prominent and widely deployed
software created by Microsoft, Adobe, Sun, Apple, Oracle, Novell, and others.






VUPEN Exploits for Law Enforcement Agencies



Law enforcement agencies need
the most advanced lT intrusion research
and the most reliable attack tools
to covertly and remotely gain access to
computer systems. Using previously
unknown software vulnerabilities
and exploits which bypass Antivirus
products and modern operating system
protections such as Data Execution
Prevention (DEP) and Address Space
Layout Randomization (ASLR) could
help investigators to successfully
achieve this task.

Chaouki Bekrar, VUPEN Security CEO

Contact us

VUPEN Security

Cap Omega - CS 39521
Rond-point Benjamin Franklin
34960 Montpellier - France

Website:
Twitter: twitter.com/VU PEN
Email: sales@vupen.com

Phone: +33 467 130 094
Fax: +33 467 130 095



While social engineering or physical access is often used by law enforcement
agencies and investigators to gain access to computer systems and install
monitoring and interception tools on target PCs or mobile devices, using 0-day
exploits taking advantage of previously unknown software vulnerabilities can help
investigators in speeding up the process while covertly and remotely installing
payloads on PCs and mobiles.

To respond to this challenge, VUPEN Exploits for Law Enforcement Agencies aim to
deliver exclusive exploit codes for undisclosed vulnerabilities discovered in-house by
VUPEN security researchers. This is a reliable and secure approach to help LEAs
and investigators in covertly attacking and gaining access to remote computer
systems.

Access to this program is restricted to Intelligence and Law Enforcement Agencies
under NDA (Non-Disclosure Agreement) in countries members or partners of NATO,
ANZUS and ASEAN.

How it works

0 Subscribe and become a LEA member

As a member, you will buy a specific number of credits and you will have access to:

.a private and secure portal to browse the list of available codes published by
VUPEN with minimal technical details such as the targeted software, operating
system and reliability

- a real-time notification to get alerted as soon as a new vulnerability is discovered
by VUPEN and the research code is added to the portal

0 Select a code

Each code is available at a specific cost (1, 2, 3 or 4 credits) depending on its
coverage, reliability, nature and number of underlying vulnerabilities.

0 Download the code

Once you select a code, you will be able to download it from the portal and the
related credits will be deduced from your account.

Membership benefits

. Work with a recognized and trusted provider of IT security intelligence
. Access the most advanced and exclusive vulnerability research
. Get highly reliable codes defeating modern exploit mitigation technologies

Pricirm and Licensing



VUPEN Exploits for Law Enforcement Agencies are priced as a prepaid annual
subscription which includes a specific number of credits.

About VUPEN Security



VUPEN has been recognized as "Entrepreneurial Company of the Year in the
Vulnerability Research Market? by Frost Sullivan.

VUPEN team includes highly skilled and motivated security researchers dedicated to
finding critical and unpatched vulnerabilities in prominent and widely deployed
software created by Microsoft, Adobe, Sun, Apple, Oracle, Novell, and others.

VUPEN


securi

VUPEN Exploits for Law Enforcement Agencies



Law enforcement agencies need
the most advanced IT intrusion research
and the most reliable attack tools
to covertly and remotely gain access to
computer systems. Using previously
unknown software vulnerabilities
and exploits which bypass Antivirus
products and modern operating system
protections such as Data Execution
Prevention (DEP) and Address Space
Layout Randomization (ASLR) could
help investigators to successfully
achieve this task.

Chaouki Bekrar, VUPEN Security CEO

Contact us

VUPEN Security

Cap Omega - CS 39521
Rond?point Benjamin Franklin
34960 Montpellier - France

Website:
Twitter: twitter.com/VUPEN
Email: sales@vupen.com

Phone: +33 467 130 094
Fax: +33 467 130 095



While social engineering or physical access is often used by law enforcement
agencies and investigators to gain access to computer systems and install
monitoring and interception tools on target PCs or mobile devices, using O-day
exploits taking advantage of previously unknown software vulnerabilities can help
investigators in speeding up the process while covertly and remotely installing
payloads on PCs and mobiles.

To respond to this challenge, VUPEN Exploits for Law Enforcement Agencies aim to
deliver exclusive exploit codes for undisclosed vulnerabilities discovered in-house by
VUPEN security researchers. This is a reliable and secure approach to help LEAs
and investigators in covertly attacking and gaining access to remote computer
systems.

Access to this program is restricted to Intelligence and Law Enforcement Agencies
under NDA (Non-Disclosure Agreement) in countries members or partners of NATO,
ANZUS and ASEAN.

How it works

0 Subscribe and become a LEA member

As a member, you will buy a specific number of credits and you will have access to:

.a private and secure portal to browse the list of available codes published by
VUPEN with minimal technical details such as the targeted software, Operating
system and reliability

- a real-time notification to get alerted as soon as a new vulnerability is discovered
by VU PEN and the research code is added to the portal

0 Select a code

Each code is available at a specific cost (1, 2, 3 or 4 credits) depending on its
coverage, reliability, nature and number of underlying vulnerabilities.

0 Download the code

Once you select a code, you will be able to download it from the portal and the
related credits will be deduced from your account.

Membership benefits



. Work with a recognized and trusted provider of IT security intelligence
. Access the most advanced and exclusive vulnerability research
. Get highly reliable codes defeating modern exploit mitigation technologies

Pricing and Licensing

VUPEN Exploits for Law Enforcement Agencies are priced as a prepaid annual
subscription which includes a specific number of credits.

About VUPEN Security



VUPEN has been recognized as "Entrepreneurial Company of the Year in the
Vulnerability Research Market" by Frost Sullivan.

VUPEN team includes highly skilled and motivated security researchers dedicated to
finding critical and unpatched vulnerabilities in prominent and widely deployed
software created by Microsoft, Adobe, Sun, Apple, Oracle, Novell, and others.

Document Path: ["279-vupen-thread-exploits.pdf"]

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh