Security VUPEN Threat Protection Program VUPEN provides its customers protection guidance and research reports about critical vulnerabilities up to 9 months in advance before any patches are released. The high quality and in-depth technical details of VUPEN's research reports provide a unique way to mitigate and respond to zero-day attacks. Organizations with critical infrastructures and networks need and appreciate such vulnerability intelligence solutions with added values. Richard Martinez, Frost Sullivan Analyst Contact us VUPEN Security Cap Omega - CS 39521 Rond-point Benjamin Franklin 34960 Montpellier Cedex 2 France Website: Twitter: twitter.comlVU PEN Email: sales@vupen.com Phone: +33 467 130 094 Fax: +33 467 130 095 VUPEN works closely with governments and major corporations to reduce their exposure to zero-day attacks and to address the security risks emanating from cyberspace. The number of targeted and sophisticated cyber attacks taking advantage of unpatched vulnerabilities in major software is significantly increasing. Recent attacks have demonstrated the need for organizations to leverage the most advanced security intelligence to protect critical infrastructures and assets. Major software vendors usually take 6 to 9 months to release a security patch for critical vulnerabilities affecting their products, and this long delay between the discovery of a vulnerability and the release of a patch creates a window of exposure during which criminals can rediscover a previously reported but unpatched vulnerability, and target any organization running the vulnerable software. To respond to this challenge, VUPEN Threat Protection Program (TPP) aims to deliver exclusive research reports and attack detection guidance for undisclosed vulnerabilities discovered in-house by VUPEN security researchers, providing timely, actionable information and guidance to help mitigate risks from unknown vulnerabilities or exploits. This is a proactive approach to aid governments and corporations in making decisions in response to potential threats on a real-time basis and in advance of public disclosure, maintaining a secure environment while the affected vendor is working on a patch. Access to this program is restricted to major corporations and governments under NDA (Non-Disclosure Agreement). Threat Protection Levels Basic Level Enhanced Level Comrehensive Level . 50 credits") . Brief technical description . In-depth technical analysis . Workaround I mitigation") . Proof-of-concept (crash only) . Code execution exploitlzi . Attack Detection guidance?' . 40 credits") . Brief technical description . In-depth technical analysis . Workaround I mitigation") . Proof-of-concept (crash only) . 30 credits") . Brief technical description . In-depth technical analysis . Workaround I mitigation") (1) each research report costs 1 or 2 credits depending on the nature of the vulnerability (2) when available Pricing and Licensing VUPEN Threat Protection Program is priced as a prepaid annual subscription based on the chosen level. About VUPEN Security VUPEN has been recognized as "Entrepreneurial Company of the Year in the Vulnerability Research Market" by Frost Sullivan. VUPEN team includes highly skilled and motivated security researchers dedicated to finding critical and unpatched vulnerabilities in prominent and widely deployed software created by Microsoft, Adobe, Sun, Apple, Oracle, Novell, and others. i SE-3Cl_lri VUPEN Exploits for Law Enforcement Agencies Law enforcement agencies need the most advanced IT intrusion research and the most reliable attack tools to covertly and remotely gain access to computer systems. Using previously unknown software vulnerabilities and exploits which bypass Antivirus products and modern operating system protections such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) could help investigators to successfully achieve this task. Chaouki Bekrar, VUPEN Security CEO Contact us VUPEN Security Cap Omega - CS 39521 Rond-point Benjamin Franklin 34960 Montpellier - France Website: Twitter: twitter.com/VU PEN Email: sales@vupen.com Phone: +33 467 130 094 Fax: +33 467 130 095 While social engineering or physical access is often used by law enforcement agencies and investigators to gain access to computer systems and install monitoring and interception tools on target PCs or mobile devices, using 0-day exploits taking advantage of previously unknown software vulnerabilities can help investigators in speeding up the process while covertly and remotely installing payloads on PCs and mobiles. To respond to this challenge, VUPEN Exploits for Law Enforcement Agencies aim to deliver exclusive exploit codes for undisclosed vulnerabilities discovered in-house by VUPEN security researchers. This is a reliable and secure approach to help LEAs and investigators in covertly attacking and gaining access to remote computer systems. Access to this program is restricted to Intelligence and Law Enforcement Agencies under NDA (Non-Disclosure Agreement) in countries members or partners of NATO, ANZUS and ASEAN. How it works 0 Subscribe and become a LEA member As a member, you will buy a specific number of credits and you will have access to: .a private and secure portal to browse the list of available codes published by VUPEN with minimal technical details such as the targeted software, operating system and reliability - a real-time notification to get alerted as soon as a new vulnerability is discovered by VUPEN and the research code is added to the portal 0 Select a code Each code is available at a specific cost (1, 2, 3 or 4 credits) depending on its coverage, reliability, nature and number of underlying vulnerabilities. 0 Download the code Once you select a code, you will be able to download it from the portal and the related credits will be deduced from your account. Membership benefits . Work with a recognized and trusted provider of IT security intelligence . Access the most advanced and exclusive vulnerability research . Get highly reliable codes defeating modern exploit mitigation technologies Pricing and Licensing VUPEN Exploits for Law Enforcement Agencies are priced as a prepaid annual subscription which includes a specific number of credits. About VUPEN Security VUPEN has been recognized as "Entrepreneurial Company of the Year in the Vulnerability Research Market" by Frost Sullivan. VUPEN team includes highly skilled and motivated security researchers dedicated to finding critical and unpatched vulnerabilities in prominent and widely deployed software created by Microsoft, Adobe, Sun, Apple, Oracle, Novell, and others. i securi VUPEN Exploits for Law Enforcement Agencies Law enforcement agencies need the most advanced IT intrusion research and the most reliable attack tools to covertly and remotely gain access to computer systems. Using previously unknown software vulnerabilities and exploits which bypass Antivirus products and modern operating system protections such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) could help investigators to successfully achieve this task. Chaouki Bekrar, VUPEN Security CEO Contact us VUPEN Security Cap Omega - CS 39521 Rond-point Benjamin Franklin 34960 Montpellier - France Website: Twitter: twitter.com/VUPEN Email: sales@vupen.com Phone: +33 467 130 094 Fax: +33 467 130 095 While social engineering or physical access is often used by law enforcement agencies and investigators to gain access to computer systems and install monitoring and interception tools on target PCs or mobile devices, using 0-day exploits taking advantage of previously unknown software vulnerabilities can help investigators in speeding up the process while covertly and remotely installing payloads on PCs and mobiles. To respond to this challenge, VUPEN Exploits for Law Enforcement Agencies aim to deliver exclusive exploit codes for undisclosed vulnerabilities discovered in-house by VUPEN security researchers. This is a reliable and secure approach to help LEAs and investigators in covertly attacking and gaining access to remote computer systems. Access to this program is restricted to Intelligence and Law Enforcement Agencies under NDA (Non-Disclosure Agreement) in countries members or partners of NATO, ANZUS and ASEAN. How it works 0 Subscribe and become a LEA member As a member, you will buy a specific number of credits and you will have access to: .a private and secure portal to browse the list of available codes published by VUPEN with minimal technical details such as the targeted software, operating system and reliability - a real-time notification to get alerted as soon as a new vulnerability is discovered by VU PEN and the research code is added to the portal 0 Select a code Each code is available at a specific cost (1, 2, 3 or 4 credits) depending on its coverage, reliability, nature and number of underlying vulnerabilities. 0 Download the code Once you select a code, you will be able to download it from the portal and the related credits will be deduced from your account. Membership benefits . Work with a recognized and trusted provider of IT security intelligence . Access the most advanced and exclusive vulnerability research . Get highly reliable codes defeating modern exploit mitigation technologies Pricing and Licensing VUPEN Exploits for Law Enforcement Agencies are priced as a prepaid annual subscription which includes a specific number of credits. About VUPEN Security VUPEN has been recognized as "Entrepreneurial Company of the Year in the Vulnerability Research Market" by Frost Sullivan. VUPEN team includes highly skilled and motivated security researchers dedicated to finding critical and unpatched vulnerabilities in prominent and widely deployed software created by Microsoft, Adobe, Sun, Apple, Oracle, Novell, and others.