Offerings
Company
About
Careers
Capabilities
Zero-Day
N-Day
Metadata
Training
Blog
FAQ
Contact Us
specialized skills
headline press
We started out as curious individuals. Fifteen years of hard-earned experience later, we grew to become a team of experts.
August 14, 2015
Many Android Devices Still Vulnerable...
Researchers from Exodus Intelligence report that they’ve been able to bypass the fix...
forbes.com
August 14, 2015
Android security patch 'flawed'
Exodus Intelligence said its researcher Jordan Gruskovnjak had easily bypassed the patch...
bbc.com
August 13, 2015
Android security on the ropes with one-two punch...
Faulty Stagefright patch and newly reported sandbox bypass leave users exposed.
arstechnica.com
August 13, 2015
Google flubs patch for Stagefright
Exodus warned Google about it on August 7, and today published code...
theregister.co.uk
August 13, 2015
Fixing 'Stagefright' flaw on Android is harder than we thought
The Stagefright vulnerability for Android won't seem to want to go away...
engadget.com
August 13, 2015
Android's Stagefright bug will live on for longer than we thought
The patch process for Android's Stagefright vulnerability hasn't gone quite as smoothly as Google hoped...
theverge.com
July 21, 2014
Exploit Dealer: Snowden's Favourite OS...
The zero-day flaws were uncovered by Exodus Intelligence...
forbes.com
July 15, 2014
Google's Project Zero to Scan Web ...
Google's Project Zero amounts to little more than a PR stunt
tomsguide.com
July 15, 2014
Computer Security Expert to Speak ...
The Worcester Economic Club (WEC) is proud...
dotnet.sys-con.com
July 14, 2014
Is our next World War here and only online?
...we followed a company called exodus intelligence in austin, texas.
msnbc.com
July 10, 2014
World War Zero: How Hackers Fight to Steal...
Portnoy takes pride in the superior quality and effectiveness of Exodus’ exploits.
time.com
Dec 15, 2013
Vendor security patches lag dangerously...
...government agencies and corporations purchase them from brokers and exploit clearinghouses, such as VUPEN Security, ReVuln, Endgame Systems, Exodus Intelligence, and Netragard.
pcworld.com
Oct 10, 2013
Bounty Hunters: The honor roll
Peter Vreugdenhil, Exodus Intelligence;1 Internet Explorer 11 Preview Bug Bounty – Tier 1
microsoft.com
Dec 15, 2013
Exodus Intelligence Teams Up with Syndis ...
Vulnerability and exploit research company Exodus Intelligence and Icelandic information security think-tank Syndis have joined forces for a new zero-day service offering called LiveFire.
prnewswire.com
July 13, 2013
Nations Buying as Hackers Sell Flaws ...
...Firms like Vupen in Montpellier, France; Netragard in Acton, Mass.; Exodus Intelligence in Austin, Tex...
nytimes.com
May 13, 2013
Elderwood and the Department of Labor Hack
The Elderwood kit provides several reusable techniques for spraying the heap with Adobe Flash and bypassing DEP with other plugins. However, the DoL exploit avoids the need to use plugins by copying the code for a new exploit technique from Exodus Intelligence.
trailofbits.com
Jan 28, 2013
Pentagon Plans Massive Increase in Cybersecurity...
Recently, Aaron Portnoy, one of the founders of Exodus Intelligence, found more than 20 vulnerabilities in SCADA systems with just a morning’s worth of work. And in October, DHS officials warned the operators of SCADA systems about an increase in the level of malicious activity targeting those systems.
threatpost.com
Jan 7, 2013
New exploit for recent Internet Explorer hole
Security expert Peter Vreugdenhil from Exodus Intelligence says that the recent temporary fix Microsoft released to patch a memory error in Internet Explorer can be bypassed using a new technique. Versions 6 to 8 of the browser are affected.
h-online.com
Jan 7, 2013
Researchers: We've cracked Microsoft fix...
A team of researchers at Exodus Intelligence say they have cracked the temporary fix released by Microsoft for a zero day exploit found in Internet Explorer.
zdnet.com
Jan 7, 2013
Security bods rip off Microsoft's 'sticking ...
However, Peter Vreugdenhil, of the vulnerability analysis firm Exodus Intelligence was able to sidestep that protection...
theregister.co.uk
Jan 7, 2013
When The 'Fix It' Doesn't Fix It
"What we discovered is that Microsoft's patch did not account for all the ways in which this vulnerability can be exploited,"
darkreading.com
Nov 28, 2012
Bored Researcher Easily Finds Two Dozen ...
In just a few hours, Portnoy said, he discovered 23 SCADA security holes that could allow hackers to cripple vital systems by executing malicious code, plus the fact that one SCADA system installs Adobe's outdated Reader 8 PDF software.
nbcnews.com
Nov 27, 2012
Power station, airport SCADA defences ...
Exodus Intelligence said it has found more than 20 flaws in SCADA (supervisory control and data acquisition) software from vendors including Rockwell Automation, Schneider Electric, Indusoft, RealFlex and Eaton Corporation. The bugs expose machinery to the risk of either remote code execution or denial of service attacks.
theregister.co.uk
Nov 27, 2012
Nearly two-dozen bugs easily found ...
All of the bugs were previously unknown security holes, Aaron Portnoy, co-founder and vice president of research at Exodus Intelligence, said Monday.
csoonline.com
Nov 27, 2012
Scada bugs make security a turkey ...
[To] help improve the security of industrial systems, Portnoy is hoping to open lines of communication with ICS-Cert to gain access to industrial control software and provide vendors with better audits and assessments of possible security vulnerabilities.
v3.co.uk
Nov 26, 2012
Researcher Finds Nearly Two Dozen SCADA ...
And now a researcher at Exodus Intelligence says he has discovered more than 20 flaws in SCADA packages from some of the same vendors and other manufacturers, all after just a few hours' work."
slashdot.org
Nov 26, 2012
Security Flaw Disclosure Debate Boils ...
Calling the computerized systems designed to manage critical infrastructure "easy targets," a security researcher at startup Exodus Intelligence announced the firm had found 23 vulnerabilities in the software used to control utilities and energy systems.
eweek.com
Nov 26, 2012
Researcher finds over 20 vulnerabilities ...
The vulnerabilities were discovered by Aaron Portnoy, vice president of research at startup security firm Exodus Intelligence
pcworld.idg.com.au
Nov 26, 2012
Expert Finds 23 Security Holes ...
Aaron Portnoy, VP of research and the founder of Exodus Intelligence, is among the researchers who believe that the best way for experts to contribute to a secure cyberspace is by properly disclosing security holes to CERTs or the affected companies.
softpedia.com
Nov 26, 2012
Researcher Finds Nearly Two Dozen SCADA ...
Aaron Portnoy, the vice president of research at Exodus, said that finding the flaws wasn’t even remotely difficult.
threatpost.com
Nov 8, 2012
Portrait of a Full-Time Bug Hunter
So Aaron Portnoy, head of the ZDI program at the time who recently launched an independent bounty-paying company called Exodus Intelligence, sent him back an in-depth and lengthy analysis of the bug.
wired.com
Sept 10, 2012
Words Of War And Weakness: The Zero-Day...
“By fixing a single vulnerability, you protect one piece of software from one flaw… by providing enterprises and vendors insight into what attackers are capable of, you enable them to better design their defenses and hopefully develop solutions that are wider in scope.
techweekeurope.co.uk
July 26, 2012
NSS Labs Announces Strategic Partnership...
“Determining the effectiveness of defensive security products requires a rigorous validation process using advanced real-world exploits. The 0-day exploits Exodus Intelligence provides NSS enables them to provide decision-makers with an accurate analysis of the security efficacy of leading defensive products,” said Aaron Portnoy, VP of Research, Exodus Intelligence.
nsslabs.com
June 25, 2012
New Startup Exodus Intelligence ...
"At Exodus we are able to focus on the vulnerabilities, the threats they pose, how to mitigate them, and subsequently analyze the trends that emerge," Portnoy said. "As we aren't supporting any products directly, we aren't distracted with development efforts -- especially for implementation-specific solutions."
esecurityplanet.com
June 21, 2012
Prepare Your Vulnerabilities, Exodus ...
“As Exodus Intelligence does not support any products of our own, we are interested not only in code execution issues, but also vulnerabilities that other acquisition programs may not be (local vulnerabilities, memory disclosures, techniques),” the company’s representatives explained.
softpedia.com
June 18, 2012
Former Zero Day Initiative Researchers ...
The new team at Exodus includes Aaron Portnoy, the former head of the ZDI vulnerability program, and Brandon Edwards, another veteran of the ZDI team. The exact nature of the company’s new bug-buying program is still under wraps, but the Exodus site says that they also will have a security intelligence service that will provide customers with customized information on new vulnerabilities and threats.
threatpost.com
June 18, 2012
TippingPoint ZDI defectors launch ...
"This data feed consists of detailed analysis of zero-day vulnerabilities, their relative risk, proprietary vulnerability research, and recommendations for mitigation," the company said.
zdnet.com
June 18, 2012
Former HP TippingPoint Researchers ...
Researchers previously employed by HP TippingPoint's Zero Day Initiative (ZDI) have formed a new company that will provide a vulnerability intelligence service, in part by buying the rights to zero-day software flaws.
darkreading.com