Customers responsible for maintaining awareness regarding unknown threats to their enterprise networks are able to subscribe to the Exodus Intelligence enterprise zero-day feed (Enterprise Zero-Day Feed). This offering gives the customer access to a minimum of 50 unique zero-day reports and corresponding exploit code for vulnerabilities discovered by the Exodus team throughout a one year period. Typically, flaws included in such a subscription affect high-profile vendors such as Microsoft, Adobe, EMC, Novell, IBM, and others.
Included with a subscription to this offering, customers are kept apprised of exclusive vulnerabilities and threats in Industrial Control Systems. Typically, the flaws included affect high-profile vendors such as Siemens, General Electric, Rockwell Automation, and others.
A given package delivered through any of the aforementioned subscriptions consists of an XML file with metadata for integration into third-party SIEM products, a detailed report on the vulnerability, network packet captures of malicious and benign traffic, and working exploit code in the form of a Metasploit module.
The written report itself is typically 15 to 30 pages in PDF form covering all aspects of the vulnerability, including:
- Affected products, versions, supported architectures, and hashes of binary files
- Target market share, common usage, and typical deployment configurations
- Technical information on the vulnerable components and enumeration of attack vectors
- Disassembly and/or source code walkthroughs showing the flaw in the code
- Detailed information on attack vectors and corresponding malicious network traffic
- Guidance on how to detect an attack in progress as well as artifacts left behind in the case of a successful compromise
- An explanation of the complete exploitation process, including bypassing mitigations
- Insight into the requirements, reliability, difficulty, and likelihood of an attacker successfully exploiting the issue
- Guidance on reducing or eliminating susceptibility to the flaw in place of an official patch from the affected vendor
The included network packet captures in PCAP form demonstrate both malicious attempts to exploit the issue and benign traffic intended to ensure a customer’s defenses do not produce false positives.
Finally, each Exodus Intelligence vulnerability report is accompanied by exploit code that demonstrates the impact of the vulnerability. These are working exploits and not simply proof of concept code. Typically, the exploit code is distributed in the form of a Metasploit module to allow for easy integration and testing.