VUPEN is the leading provider of defensive and offensive cyber security
intelligence and advanced vulnerability research.
While other companies in the vulnerability intelligence industry mainly act as brokers who buy vulnerabilities from third-party researchers and then sell them to their customers, all VUPEN's vulnerability intelligence results exclusively from our internal and in-house research efforts conducted by our team of world-class researchers.
VUPEN's offensive IT intrusion solutions and government grade exploits enable the Intelligence
community and government agencies to achieve their
offensive cyber operations and lawful intercept missions using VUPEN's industry-recognized
vulnerability research and intelligence.
VUPEN's defensive security research enables governments
to measure and manage risks,
eliminate vulnerabilities before they can be exploited, and
protect critical or national infrastructures and assets against known
and unknown exploits and cyber threats.
VUPEN customers include worldwide governments
and major corporations
in finance, technology and
Awards & Industry Recognition
March 2013, VUPEN has once again
won the 1st place at the Pwn2Own 2013
security competition by creating and showing the first
exploit for Internet Explorer 10 Classic (Desktop) and IE 10
Modern UI (Metro)
on Microsoft Surface Pro running a Wndows 8 operating
system. The exploit fully bypassed all Windows 8 security protections and exploit mitigation
technologies including HiASLR, DEP, AntiROP and Protected
Mode sandbox. VUPEN has also created and demonstrated
various exploits for the latest versions of Mozilla Firefox,
Adobe Flash Player, and Oracle Java.
March 2012, VUPEN has
won the 1st place at the Pwn2Own 2012
security competition by creating and showing extremely sophisticated zero-day
exploits which fully compromised up-to-date Google Chrome
and Microsoft Internet Explorer browsers, and
bypassed all security protections and exploit mitigation
technologies such as DEP, ASLR and sandboxes.
To demonstrate its in-depth knowledge of software
vulnerabilities and advanced exploit development
team has also written, on-site during the event and
in less than 24 hours,
6 distinct code execution exploits for previously patched
Internet Explorer, Firefox, and Safari vulnerabilities on
Windows and Mac OS X operating systems.
June 2011, VUPEN has been recognized as "Company of the
Year 2011 in the Vulnerability Research Market" by Frost &
"VUPEN has made great strides in the vulnerability
research market, proving that it is a top competitor against
competing labs. Frost & Sullivan firmly believes that
VUPEN's dedication and entrepreneurial drive to provide the
highest quality security intelligence to meet the needs of
the current security environment has proven VUPEN as a
reputable and innovative vulnerability research company."
says Frost & Sullivan research analyst Richard Martinez.
In March 2011, VUPEN has participated to and
Pwn2Own 2011 security
by discovering and exploiting a critical and previously unknown vulnerability in Apple
Mac OS X Snow Leopard.
During this event, VUPEN has
demonstrated its sophisticated and highly reliable exploits bypassing all
security protections and exploit mitigation technologies.
VUPEN Vulnerability Research Team (VRT) is the most active
security team in the world. Additionally to analyzing and
exploiting recently patched or publicly disclosed flaws, VUPEN
security engineers and researchers are also dedicated to
finding critical and
unpatched vulnerabilities in
prominent and widely deployed software created by Microsoft,
Adobe, Sun, Apple, Oracle, Novell, and others.
VUPEN follows a commercial responsible disclosure policy by
sharing its vulnerability research exclusively with its
customers. VUPEN also reports all discovered vulnerabilities
to the affected vendors under contract with VUPEN, and works
with them to create a timetable pursuant to which the
vulnerability information may be publicly disclosed.