our capabilities

The Most Critical
Threats Don’t Have A CVE

We strive to ensure each and every capability we provide our clients is relevant,
reliable, and well documented. Find out more about what we offer and how we can
enable you to focus on what is truly important.
Contact us for an overview of our
capabilities and examples of how they have
been utilized by our clients.

We equip a wide range of clientele

which are you?

  • Offensive
    The only reliable way to test defenses is to go on the offensive. We provide a wide range of exploit code to support those tasked with conducting red team exercises.
  • Defensive
    By integrating our intelligence, vendors and organizations are able to provide pro-active protection against threats we discover to their customers and end users.
  • Specialized
    Often we receive requests that do not fall into our standard offerings. As we enjoy difficult problems, we work with our clients in these situations to produce innovative and trustworthy results.
Offensive use cases
  • case 01
    In early 2013, members of Facebook's Incident Response Team spoke at a security conference about their positive experience using zero-day exploits on their own (unaware) employees and systems in order to test their internal reactive procedures.

    Simulating a realistic attack enabled Facebook to better understand and improve their ability to respond to a cyber attack.
  • case 02
    Syndis is Scandinavia’s leading provider of attack technology services. Their goal-oriented methodology uses zero-day exploits to more closely mimic both the techniques and capabilities employed by sophisticated threat actors.

    This demonstrates to their clientele the threat a determined attacker poses, with measurable results and proven solutions for mitigation.
  • case 03
    NSS Labs, Inc. is the recognized leader in independent security research and testing.

    Determining the effectiveness of defensive security products requires a rigorous validation process using advanced real-world exploits.

    The 0-day exploits Exodus Intelligence provides to NSS enables them to provide decision-makers with an accurate analysis of the security efficacy of leading defensive products.
defensive use cases
  • case 01
    The well-known Nessus scanner from Tenable identifies hosts and their susceptibility to known vulnerabilities and misconfigurations.

    By integrating zero-day intelligence from Exodus, premium users of Nessus are able to determine if their systems are currently vulnerable to discovered zero-day vulnerabilities.
  • case 02
    An unnamed client works with Exodus to keep apprised of zero-day vulnerabilities affecting SCADA systems.

    They relay relevant details and mitigations through their early warning system, subscribed to by dozens of administrators of critical infrastructure sites.
  • case 03
    Fortinet utilizes threat intelligence to deliver a combination of multi-layered security knowledge and provide true zero-day protection from new and emerging threats to their clients.

    The zero-day intelligence provided by Exodus assists companies like Fortinet to ensure their clients are protected against the most pertinent threats.

specialized use cases

  • Case 01

    The United States FBI has utilized zero-day exploits to assist in their Lawful Intercept efforts, specifically to deploy their Computer and Internet Protocol Address Verifier (CIPAV) software on target criminal's computers.

    The FBI has been using the CIPAV since 2002 against hackers, online sexual predators, extortionists, and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor.

  • Case 02

    Government defense department systems today face a broad and sophisticated cyber threat, with every application scanned and probed millions of times a day.

    The cost-savings of third-party software and service providers, the interconnectivity of software systems, as well as the proliferation of Web services and cloud computing has increased the exposure of commercial off the shelf (COTS) software to the cyber threat.

    Exodus' experience and expertise enables such agencies and organizations to secure their COTS applications, without the need for source code.