|
Supplement your internal vulnerability research with VUPEN
During the last few years, a
significant increase in attacks
exploiting vulnerabilities in commonly
used programs such as Adobe Reader, Adobe Flash and
Microsoft Office and Internet Explorer is being observed.
This is currently the primary initial
infection vector used to compromise
computers that have Internet access.
Although there are many ways to
protect against these attacks and
threats, exploit-based signatures and
filters will only detect a specific or
public exploit while a vulnerability-based
signature operates at a higher level
and it can detect not only a specific
exploit for a vulnerability, but
potentially any actual and future
exploit or variant that will attempt
to attack that vulnerability.
VUPEN Security provides in-depth binary analysis
of the most
significant public vulnerabilities
based on disassembly, reverse
engineering, protocol analysis, and
code audit. The service allows
security vendors to supplement their
internal research efforts and quickly
develop both vulnerability-based and
exploit-based signatures to
proactively protect their customers
from attacks and emerging threats.
Only Available for Recognized Security
Vendors
Because of
the
sensitive
nature of
the
information
provided
through
this
service,
VUPEN
Security
has
defined
strict
eligibility
criteria
for
participants.
VUPEN
Security
solely
reserves
the right
to
determine
whether an
organization
or
corporation
meets the
criteria.
Eligible
organizations
are
trusted security
vendors
providing defensive software
or
hardware
(Antivirus, IPS, IDS).
VUPEN Binary Analysis & Exploits
Service includes:
 |
|
In-Depth Binary Analysis of
Vulnerabilities
In-depth technical analysis including
description of the root cause of the
vulnerability, assembly code, registers, code flow paths and branches
In-depth description of the affected
protocols or involved file formats
Exploitation techniques, reliability,
mitigations
and limitations
Detection
guidance (exploit-based and
vulnerability-based detections)
Deep references (links to third party
articles, specifications, formats) |
| |
|
|
 |
|
Exploits & Proof-of-concept Codes
VUPEN develops and provides exploit
codes or PoCs which allow security
vendors to:
Reduce costs related to internal
research, vuln. analysis, or reverse
engineering of patches
Cut-time and quickly develop vuln-based
and exploit-based signatures or
detections
Verify the effectiveness of existing
signatures and detections
Distinguish real threats from false
positives
Improve quality of their security
solutions and increase competitive
advantages |
| |
|
|
 |
|
Packet Captures
In addition to exploits and/or PoCs
which allow subscribers to replicate
potential attacks,
VUPEN also provides packet captures (pcap)
of the involved exploit to easily replay packets |
| |
|
|
 |
|
Technical Support
As a subscriber, you will also
have a direct access to the VUPEN
Vulnerability Research
Team, the most active security team in
the world. |
Why subscribe to this service?
With 20
to 25 binary analysis and private
exploits/PoCs released each month, the
VUPEN In-Depth Binary Analysis and
Exploits service allows security
vendors to quickly and easily develop
exploit-based and vulnerability-based
signatures for their security
products, and proactively detect the
most critical vulnerabilities before
being exploited in the wild.
|
