Exodus Intelligence provides the US and Canadian governments; our NATO allies; security vendors and commercial clients with in-depth vulnerability intelligence related to unknown (0-day) vulnerabilities and known (N-day) vulnerabilities (including where vendor’ patches are failing to properly fix vulnerabilities). Focusing on defensive cyber-weaponization, Exodus identifies HIGH-RISK TARGETS, focusing on the discovery, exploitation and mitigation of undocumented vulnerabilities and known vulnerabilities (N-day) within systems and software affecting high value assets (critical infrastructure/ business-critical data). Exodus works closely with its clients to structure the continuous delivery of high-value intelligence applicable to an organization's infrastructure & business.
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Exodus intel slideshare 2019
1.
2. The Problem
How do you detect new attacks when
there is no IOC?
How do you detect attacks that no
commercial security equipment can
detect?
The greatest threat is the unknown
threat
Patch efficacy is decreasing / Patch
failure rates are increasing
4. We focus purely on
vulnerability discovery
and Exploitation
Zero-day and N-day (known vulnerabilities)
100B+ Lines of New Code every year
Exodus research is focused on exploitable vulnerabilities
Zero-day Intelligence
N-day Intelligence
5. 100B+ Lines of New Code every year
Exodus research is focused on exploitable vulnerabilities
We provide clients with detailed reports, exploits
and mitigation guidance
on Zero-day and
N-day (known vulnerabilities)
Zero-day Intelligence
N-day Intelligence
6. Augment / Outsource
Vulnerability Research
Product
Validation
Secure Your
Network
• Leverage a world-class
research team
• Gain Access to a deep
catalog of historical work
• Use detailed reports to
generate appropriate
signatures/ rules
• Full subscription cost of
Exodus similar to the cost
of a single researcher but
with 6:1 intel generated
• Use exploits to measure
security effectiveness of
your products
• Use exploits to measure
security effectiveness of
your competitors
• Identify issues and
effectiveness and update
product roadmap
accordingly
• Use the vulnerability
reports to determine
mitigations for affected
systems on your internal
network
• Use the exploits to test
your existing network
defenses to insure proper
coverage
• Reduce Cyber Exposures/
Attack Surface
Zero-day Intelligence
N-day Intelligence
Use Cases
0-Day | N-Day Intelligence
7. Zero-day Intelligence
N-day Intelligence
Enterprise clients can subscribe to Exodus Intelligence
Enterprise Feeds (Zero-Day | N-Day Feeds) :
Exodus vulnerability intelligence feeds are available via portal
access, RESTful API and XML with metadata for
integration into third-party SIEM products.
Feeds include detailed reports on the vulnerabilities; network
packet captures of both malicious and benign traffic; and
working exploits in the form of a Metasploit modules
0-Day | N-Day Intelligence
9. 01 DISCOVER
The Exodus team discovers
a zero-day vulnerability in
the lab.
02 ANALYZE
The vulnerability is analyzed
to determine whether or not
it is critical enough to warrant
notifying Exodus’ customers.
03 EXPLOIT
The team employs exclusive
in-house techniques to
create a working exploit tool
for the vulnerability.
04 DOCUMENT 05 DISTRIBUTE
A thorough report is created
that documents every
relevant aspect of the threat.
The report and accompanying
materials are securely distributed to
clients via the Exodus web portal.
Zero-day Intelligence
N-day Intelligence
0-Day
10. Zero-day Intelligence
N-day Intelligence
The vulnerability details are made public
due to the release of a vendor patch or
the detection of an in-the-wild attack
abusing the zero-day flaw.
Those responsible for implementing defensive
measures must prioritize how to address the
multiple vulnerabilities that are frequently
patched in one release. Attackers also prioritize
which flaws are ideal for exploitation.
Both malicious actors and those working to defend
begin racing to develop and deploy a working
solution. The problem is only one of these groups is
constrained by a traditional work schedule.
06 PUBLICIZED 07 PRIORITIZED
08 RACE BEGINS
OTHERS
0-Day
11. Zero-day Intelligence
N-day Intelligence
N-Day
Exodus regularly encounters
failed patches or discovers
adjacent zero-day
vulnerabilities
Failed Patches
leave organizations at risk
even if they vigilantly keep
up with software updates
and security advisories.
In 2018 Exodus identified
dozens of publicly disclosed
vulnerabilities that were
reportedly patched but in
fact were still vulnerable
because the patch did not
address the root cause.
12. Zero-day Intelligence
N-day Intelligence
N-Day
We deliver an average of 100+ exploits yearly to our clients with an
average of 100 additional proof-of-concepts.
Exodus N-Day Feed
includes all patch failures
identified by Exodus along
with mitigation guidance.
Failed Patches
Exodus researchers take
high profile publicly known
PATCHED vulnerabilities
and reverse engineer the
patches to determine the
root cause of the
vulnerability, then if possible,
develop an exploit for the
vulnerability.
Exodus regularly encounters
failed patches or discovers
adjacent zero-day
vulnerabilities
13. Zero-day Intelligence
N-day Intelligence
N-Day
We deliver an average of 100+ exploits yearly to our clients with an
average of 100 additional proof-of-concepts.
N-Day
Exodus N-Day Feed
includes all patch failures
identified by Exodus along
with mitigation guidance.
Failed Patches
Exodus researchers take
high profile publicly known
PATCHED vulnerabilities
and reverse engineer the
patches to determine the
root cause of the
vulnerability, then if possible,
develop an exploit for the
vulnerability.
Critically Exploitable
Estimations
14. Zero-day Intelligence
N-day Intelligence
Zero-Day & N-Day Reports and Exploits
Training courses focused on vulnerability
discovery and exploitation
High Quality Analysis and exploits for
externally discovered high visibility CVEs
Teaming partnerships / technical advisor
support roles
Proprietary & Targeted vulnerability identification
and exploit development for specialized use-cases
WHAT WE PROVIDE
SERVICES