What is a zero-day (0-day) exploit?

A zero-day exploit is an exploit for a vulnerability that the affected vendor has not yet begun to remedy, usually due to lack of awareness of the issue. Exodus specializes in unearthing these types of vulnerabilities and developing exploits to demonstrate the impact of such flaws.


How do your capabilities differ from competitor X?

Exodus focuses primarily on vulnerabilities that are proven to be exploitable. Our goal is to supply our customers with actionable data, relevant to their environment and needs. Other vendors in the security intelligence space prefer the "quantity over quality" methodology which results in an overwhelming amount of information for end users to digest and prioritize.


Exploits can be dangerous in the wrong hands. How do you vet potential clients?

Exodus respects all published embargo or banned persons list distributed by the US government. All final client approval decisions are made internally and Exodus reserves the right to refuse business to any prospective client without cause.


Do you have a PGP key?

Yes, our e-mail address and PGP key are listed on our contact page. Our key is also available on the keyserver at pgp.mit.edu.


Is Exodus available for custom or contract work?

Exodus is available for contract work, please contact us with a description of the project and we can provide rates. We strongly suggest using our PGP key for such communications.

How are Exodus deliverables licensed?

Our deliverables are licensed in a number of different formats, we can include redistribution rights if desired. Typically our clients opt for our subscription model which includes a perpetual license for any deliverables made available to the client during their active subscription period.


What type of information is contained in an Exodus vulnerability report?

Exodus vulnerability reports include a functioning exploit demonstrating the real impact of the vulnerability; a document which describes the vulnerability, exploit, affected product, mitigation guidance, and network traffic analysis; and traffic captures documenting expected and malicious forms of traffic.


How are Exodus deliverables delivered to a client?

Exodus provides clients with access to our web based delivery portal. All data stored on the portal is encrypted to the authorized party’s PGP key and is available for retrieval as long as the client subscription is active.


Does Exodus work with any resellers?

We currently work with a limited number of resellers. Please contact us to obtain an up to date list of these partners.


What type of products does Exodus have capabilities for?

Exodus focuses on software with a large presence in the enterprise, industrial control & automation facilities, and the consumer market.

When is your next scheduled public training class?

As the answer to this question is ever changing, keep an eye on our training page for updates.


What prerequisite knowledge is suggested for the Master Class?

For our Master Class we require the students to be fluent in x86 ASM and have some familiarity with IDA Pro, WinDBG, Python, and C/C++.


Are on-site or private training classes available?

Yes, please contact us with your requirements and we can work with you on rates and scheduling.