Selling 0-Days to Governments and Offensive Security Companies

Presented at Black Hat USA 2019, Aug. 8, 2019, 11 a.m. (50 minutes).

Selling 0-days is a fascinating process that not a lot of people are familiar with. This talk will discuss a vulnerability brokerage company called Q-recon and provide a glimpse of how this market works. In the presentation the following questions will be answered from three different angles (researcher/broker/client):<br><ol><li>Who (researcher profile) is selling 0-days to governments / offensive security companies?</li><li>What is the process of selling 0-days?</li><li>How to sell 0-days?</li></ol><br>At the end of the presentation, I will give a few tips for researchers that want to sell 0-days to offensive security companies/governments.

Presenters:

• Maor Shwartz - Vulnerability broker, Q-recon
  Maor Shwartz worked as a vulnerability broker for 4 years at Q-recon Beyond Security. Today he helps researchers sell their 0-days to offensive security companies and governments for free. He also works as a Cyber researcher in SOMPO.

Links:

• https://www.blackhat.com/us-19/briefings/schedule/#selling-0-days-to-governments-and-offensive-security-companies-14453
• https://www.blackhat.com/us-19/briefings/schedule/#selling-0-days-to-governments-and-offensive-security-companies-144531563894979
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2019/Selling 0-Days to Governments and Offensive Security Companies.mp4
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2019/Selling 0-Days to Governments and Offensive Security Companies.en.transcribed.srt (subtitles)
• https://www.youtube.com/watch?v=JkQxS1l9IPI
• https://www.youtube.com/watch?v=ZDHHGZlEfsQ

Similar Presentations:

• 31C3 (2014) / Beyond PNR: Exploring airline systems
• Black Hat USA 2019 / Behind the Scenes of Intel Security and Manageability Engine
• Black Hat USA 2019 / Death to the IOC: What's Next in Threat Intelligence