Name: Vulnerability Research & Intelligence

Text: VU?--• N ®
s e cu r

t y

Vulnerability Research & Intelligence

VU?C:Ne
security
VUPEN

Exploits for Law Enforcement Agencies

I

' ' Law enforcement agencies need
the most advanced IT intrusion research
and the most reliable attack tools
to covertly and remotely gain access to
computer systems. Using previously
unknown
software
vulnerabilities
and exploits which bypass Antivirus
products and modern operating system
protections such as Data Execution
Prevention (DEP) and Address Space
Layout Randomization (ASLR) could
help investigators to successfully

While social engineering or physical access is often used by law enforcement
agencies and investigators to gain access to computer systems and install
monitoring and interception tools on target PCs or mobile devices, using 0-day
exploits taking advantage of previously unknown software vulnerabilities can help
investigators in speeding up the process while covertly and remotely installing
payloads on PCs and mobiles.

achieve this task. ' '

Access to this program is restricted to Intelligence and Law Enforcement Agencies
under NOA (Non-Disclosure Agreement) in countries members or partners of NATO,
ANZUS and ASEAN.

Chaouki Bekrar, VUPEN Security CEO

To respond to this challenge, VUPEN Exploits for Law Enforcement Agencies aim to
deliver exclusive exploit codes for undisclosed vulnerabilities discovered in-house by
VUPEN security researchers. This is a reliable and secure approach to help LEAs
and investigators in covertly attacking and gaining access to remote computer
systems.

How it works

0

Subscribe and become a LEA member

As a member, you will buy a specific number of credits and you will have access to:
• a private and secure portal to browse the list of available codes published by
VUPEN with minimal technical details such as the targeted software, operating
system and reliability
·a real-time notification to get alerted as soon as a new vulnerability is discovered
by VU PEN and the research code is added to the portal

0

Select a code

Each code is available at a specific cost (1, 2, 3 or 4 credits) depending on its
coverage, reliability, nature and number of underlying vulnerabilities.

Q

Download the code

Once you select a code, you will be able to download it from the portal and the
related credits will be deduced from your account.
Membership benefits

• Work with a recognized and trusted provider of IT security intelligence
• Access the most advanced and exclusive vulnerability research
• Get highly reliable codes defeating modern exploit mitigation technologies
Contact us

VUPEN Security
Cap Omega - CS 39521
Rond-point Benjamin Franklin
34960 Montpellier - France
Website: www.vupen.com
Twitter: twitter.com/VUPEN
Email: sales@vupen.com
Phone: +33 467 130 094
Fax:
+33 467 130 095

Pricing and Licensing

VUPEN Exploits for Law Enforcement Agencies are priced as a prepaid annual
subscription which includes a specific number of credits.
About VUPEN Security

VUPEN has been recognized as "Entrepreneurial Company of the Year in the
Vulnerability Research Market" by Frost &Sullivan .
VU PEN team includes highly skilled and motivated security researchers dedicated to
finding critical and unpatched vulnerabilities in prominent and widely deployed
software created by Microsoft, Adobe, Sun, Apple, Oracle, Novell, and others.

VU ?C::N~
security

' ' VUPEN provides its customers
protection guidance and research
reports about critical vulnerabilities up
to 9 months in advance before any
patches are released. The high quality
and in-depth technical details of
VUPEN's research reports provide a
unique way to mitigate and respond to
zero-day attacks. Organizations with
critical infrastructures and networks
need and appreciate such vulnerability
intelligence solutions with added
values. ' '
Richard Martinez, Frost & Sullivan Analyst

VUPEN works closely with governments and major corporations to reduce their
exposure to zero-day attacks and to address the security risks emanating from
cyberspace.
The number of targeted and sophisticated cyber attacks taking advantage of
unpatched vulnerabilities in major software is significantly increasing. Recent attacks
have demonstrated the need for organizations to leverage the most advanced
security intelligence to protect critical infrastructures and assets.
Major software vendors usually take 6 to 9 months to release a security patch for
critical vulnerabilities affecting their products, and this long delay between the
discovery of a vulnerability and the release of a patch creates a window of exposure
during which criminals can rediscover a previously reported but unpatched
vulnerability, and target any organization running the vulnerable software.
To respond to this challenge, VUPEN Threat Protection Program (TPP) aims to
deliver exclusive research reports and attack detection guidance for undisclosed
vulnerabilities discovered in-house by VUPEN security researchers, providing timely,
actionable information and guidance to help mitigate risks from unknown
vulnerabilities or exploits. This is a proactive approach to aid governments and
corporations in making decisions in response to potential threats on a real-time basis
and in advance of public disclosure, maintaining a secure environment while the
affected vendor is working on a patch.
Access to this program is restricted to major corporations and governments under
NDA (Non-Disclosure Agreement).

Threat Protection Levels
Basic Level
• 30 credits!1>
• Brief technical description
• In-depth technical analysis
• Workaround I miligation<2>

Enhanced Level

Com rehensive Level

• 40 credits!1>
• Brief tech~ical description
• In-depth technical analysis
• Workaround I mitigation!2>
• Proof-of-concept (crash only)

• 50 credits<1>
• Brief technical description
• In-depth technical analysis
• Workaround I mitigation<2>
• Proof-of-concept (crash only)
• Code execution exploit!2l
• Attack Detection guidance<2>

(1) each research report costs 1 or 2 credits depending on the nature of the vulnerability
(2) when available

Contact us

Pricing and licensing

VUPEN Security
Cap Omega - CS 39521
Rand-point Benjamin Franklin
34960 Montpellier Cedex 2
France

VUPEN Threat Protection Program is priced as a prepaid annual subscription based
on the chosen level.

Website: www.vupen .com
Twitter: twitter.com/VUPEN
Email: sales@vupen.com

VUPEN has been recognized as "Entrepreneurial Company of the Year in the
Vulnerability Research Market• by Frost & Sullivan.

Phone: +33 467 130 094
Fax:
+33 467 130 095

About VUPEN Security

VUPEN team includes highly skilled and motivated security researchers dedicated to
finding critical and unpatched vulnerabilities in prominent and widely deployed
software created by Microsoft, Adobe, Sun, Apple, Oracle, Novell, and others.

Contact
VUPEN Security
Cap Omega - CS 39521
Rend-point Benjamin Franklin
34960 Montpellier Cedex 2
FRANCE
Phone: +33 467 130 094
Fax: +33 467 130 095
Email: sales@vupen.com

www.vupen.com

Document Path: ["1266_vupen_product-description_vulnerability.pdf"]

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh