SlideShare a Scribd company logo

Exodus intel slideshare 2019

Exodus Intelligence, profile picture
Exodus Intelligence

Exodus Research focuses on identifying and exploiting zero-day and n-day vulnerabilities amid increasing patch failure rates and the proliferation of new code. They provide detailed reports, exploits, and mitigations for clients to enhance their cybersecurity defenses. Their services include vulnerability intelligence feeds, training, and a comprehensive approach to addressing both known and unknown threats.

Software
Related topics:
Vulnerability Management
1 of 15
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Exodus intel slideshare 2019
The Problem How do you detect new attacks when there is no IOC? How do you detect attacks that no commercial security equipment can detect? The greatest threat is the unknown threat Patch efficacy is decreasing / Patch failure rates are increasing
 Zero-day Intelligence  N-day Intelligence 0-Day | N-Day Intelligence
We focus purely on vulnerability discovery and Exploitation Zero-day and N-day (known vulnerabilities) 100B+ Lines of New Code every year Exodus research is focused on exploitable vulnerabilities  Zero-day Intelligence  N-day Intelligence
100B+ Lines of New Code every year Exodus research is focused on exploitable vulnerabilities We provide clients with detailed reports, exploits and mitigation guidance on Zero-day and N-day (known vulnerabilities)  Zero-day Intelligence  N-day Intelligence
Augment / Outsource Vulnerability Research Product Validation Secure Your Network • Leverage a world-class research team • Gain Access to a deep catalog of historical work • Use detailed reports to generate appropriate signatures/ rules • Full subscription cost of Exodus similar to the cost of a single researcher but with 6:1 intel generated • Use exploits to measure security effectiveness of your products • Use exploits to measure security effectiveness of your competitors • Identify issues and effectiveness and update product roadmap accordingly • Use the vulnerability reports to determine mitigations for affected systems on your internal network • Use the exploits to test your existing network defenses to insure proper coverage • Reduce Cyber Exposures/ Attack Surface  Zero-day Intelligence  N-day Intelligence Use Cases 0-Day | N-Day Intelligence
 Zero-day Intelligence  N-day Intelligence Enterprise clients can subscribe to Exodus Intelligence Enterprise Feeds (Zero-Day | N-Day Feeds) :  Exodus vulnerability intelligence feeds are available via portal access, RESTful API and XML with metadata for integration into third-party SIEM products.  Feeds include detailed reports on the vulnerabilities; network packet captures of both malicious and benign traffic; and working exploits in the form of a Metasploit modules 0-Day | N-Day Intelligence
DON’T WAIT FOR A PATCH [Zero-Day Research] 0-Day  Zero-day Intelligence  N-day Intelligence
01 DISCOVER The Exodus team discovers a zero-day vulnerability in the lab. 02 ANALYZE The vulnerability is analyzed to determine whether or not it is critical enough to warrant notifying Exodus’ customers. 03 EXPLOIT The team employs exclusive in-house techniques to create a working exploit tool for the vulnerability. 04 DOCUMENT 05 DISTRIBUTE A thorough report is created that documents every relevant aspect of the threat. The report and accompanying materials are securely distributed to clients via the Exodus web portal.  Zero-day Intelligence  N-day Intelligence 0-Day
 Zero-day Intelligence  N-day Intelligence The vulnerability details are made public due to the release of a vendor patch or the detection of an in-the-wild attack abusing the zero-day flaw. Those responsible for implementing defensive measures must prioritize how to address the multiple vulnerabilities that are frequently patched in one release. Attackers also prioritize which flaws are ideal for exploitation. Both malicious actors and those working to defend begin racing to develop and deploy a working solution. The problem is only one of these groups is constrained by a traditional work schedule. 06 PUBLICIZED 07 PRIORITIZED 08 RACE BEGINS OTHERS 0-Day
 Zero-day Intelligence  N-day Intelligence N-Day Exodus regularly encounters failed patches or discovers adjacent zero-day vulnerabilities Failed Patches leave organizations at risk even if they vigilantly keep up with software updates and security advisories. In 2018 Exodus identified dozens of publicly disclosed vulnerabilities that were reportedly patched but in fact were still vulnerable because the patch did not address the root cause.
 Zero-day Intelligence  N-day Intelligence N-Day We deliver an average of 100+ exploits yearly to our clients with an average of 100 additional proof-of-concepts. Exodus N-Day Feed includes all patch failures identified by Exodus along with mitigation guidance. Failed Patches Exodus researchers take high profile publicly known PATCHED vulnerabilities and reverse engineer the patches to determine the root cause of the vulnerability, then if possible, develop an exploit for the vulnerability. Exodus regularly encounters failed patches or discovers adjacent zero-day vulnerabilities
 Zero-day Intelligence  N-day Intelligence N-Day We deliver an average of 100+ exploits yearly to our clients with an average of 100 additional proof-of-concepts. N-Day Exodus N-Day Feed includes all patch failures identified by Exodus along with mitigation guidance. Failed Patches Exodus researchers take high profile publicly known PATCHED vulnerabilities and reverse engineer the patches to determine the root cause of the vulnerability, then if possible, develop an exploit for the vulnerability. Critically Exploitable Estimations
 Zero-day Intelligence  N-day Intelligence Zero-Day & N-Day Reports and Exploits Training courses focused on vulnerability discovery and exploitation High Quality Analysis and exploits for externally discovered high visibility CVEs Teaming partnerships / technical advisor support roles Proprietary & Targeted vulnerability identification and exploit development for specialized use-cases WHAT WE PROVIDE  SERVICES
 Zero-day Intelligence  N-day Intelligence Thank you!

More Related Content

PDF
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
bugcrowd
 
PDF
The AppSec Path to Enlightenment
Black Duck by Synopsys
 
PPTX
Empowering Application Security Protection in the World of DevOps
IBM Security
 
PDF
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Jerika Phelps
 
PPTX
Software Security Assurance for DevOps
Black Duck by Synopsys
 
PDF
Mobile Application Security Threats through the Eyes of the Attacker
bugcrowd
 
PPTX
FROM OPEN SOURCE COMPLIANCE TO SECURITY
Black Duck by Synopsys
 
PPTX
Software Security Assurance for Devops
Jerika Phelps
 
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
bugcrowd
 
The AppSec Path to Enlightenment
Black Duck by Synopsys
 
Empowering Application Security Protection in the World of DevOps
IBM Security
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Jerika Phelps
 
Software Security Assurance for DevOps
Black Duck by Synopsys
 
Mobile Application Security Threats through the Eyes of the Attacker
bugcrowd
 
FROM OPEN SOURCE COMPLIANCE TO SECURITY
Black Duck by Synopsys
 
Software Security Assurance for Devops
Jerika Phelps
 

What's hot (19)

PDF
Application Security in the Age of Open Source
Black Duck by Synopsys
 
PPTX
Welcome & The State of Open Source Security
Jerika Phelps
 
PDF
PCI and Vulnerability Assessments - What’s Missing?
Black Duck by Synopsys
 
PPTX
Threat Modeling with Threat Dragon
Steven Carlson
 
PDF
Webinar–OWASP Top 10 for JavaScript for Developers
Synopsys Software Integrity Group
 
PPTX
Practioners Guide to SOC
AlienVault
 
PPTX
Mobile security recipes for xamarin
Nicolas Milcoff
 
PPTX
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck by Synopsys
 
PPTX
Keynote - Lou Shipley
Jerika Phelps
 
PPTX
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
WhiteSource
 
PPTX
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016
grecsl
 
PDF
Key Takeaways from Instructure's Successful Bug Bounty Program
bugcrowd
 
PDF
Failure Of Antivirus
amarnath
 
PDF
Winning open source vulnerabilities without loosing your deveopers - Azure De...
WhiteSource
 
PDF
Revitalizing Product Securtiy at Zephyr Health
bugcrowd
 
PDF
Webinar–Best Practices for DevSecOps at Scale
Synopsys Software Integrity Group
 
PPTX
451 and Cylance - The Roadmap To Better Endpoint Security
Adrian Sanabria
 
PPTX
7 Steps to Build a SOC with Limited Resources
LogRhythm
 
PPTX
Practical DevSecOps Using Security Instrumentation
VMware Tanzu
 
Application Security in the Age of Open Source
Black Duck by Synopsys
 
Welcome & The State of Open Source Security
Jerika Phelps
 
PCI and Vulnerability Assessments - What’s Missing?
Black Duck by Synopsys
 
Threat Modeling with Threat Dragon
Steven Carlson
 
Webinar–OWASP Top 10 for JavaScript for Developers
Synopsys Software Integrity Group
 
Practioners Guide to SOC
AlienVault
 
Mobile security recipes for xamarin
Nicolas Milcoff
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck by Synopsys
 
Keynote - Lou Shipley
Jerika Phelps
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
WhiteSource
 
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016
grecsl
 
Key Takeaways from Instructure's Successful Bug Bounty Program
bugcrowd
 
Failure Of Antivirus
amarnath
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
WhiteSource
 
Revitalizing Product Securtiy at Zephyr Health
bugcrowd
 
Webinar–Best Practices for DevSecOps at Scale
Synopsys Software Integrity Group
 
451 and Cylance - The Roadmap To Better Endpoint Security
Adrian Sanabria
 
7 Steps to Build a SOC with Limited Resources
LogRhythm
 
Practical DevSecOps Using Security Instrumentation
VMware Tanzu
 
Ad

Similar to Exodus intel slideshare 2019 (20)

PDF
What Role Do Zero-Day Vulnerabilities Play In Modern Security Solutions?
Rion Technologies
 
PDF
What is a Zero-Day Exploit Understanding the Threat of Unknown Vulnerabilitie...
uzair
 
PPTX
zero day exploits
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
PPTX
Zero-day Vulnerabilities
alihassaah1994
 
PDF
Zero Day Vulnerabilities: A threat to security.
chrish87
 
DOCX
Zero-Day Vulnerability and Heuristic Analysis
Ahmed Banafa
 
PDF
What Is a Zero-Day Vulnerability? How It
BORNSEC CONSULTING
 
PPTX
0Day to HeroDay: Surviving an Attack and Establishing a Security Organization
Ryan Wisniewski
 
PDF
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Napier University
 
PDF
Aujas incident management webinar deck 08162016
Karl Kispert
 
PDF
Stopping zero day threats
Zscaler
 
PDF
[Bucharest] Attack is easy, let's talk defence
OWASP EEE
 
PDF
Rand rr1751
Andrey Apuhtin
 
PDF
Caccia alle Minacce: Intelligence e Hunting nel cyberspace
Speck&Tech
 
PPTX
Patch Management Best Practices 2019
Ivanti
 
PPT
13734729.ppt
AmitPandey388410
 
PDF
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Mark Simos
 
PDF
Security operations center 5 security controls
AlienVault
 
DOCX
Weathering the Storm of IT Security Compliance
Condition Zebra (CONZebra)
 
PDF
Revolutionary, Not Evolutionary
Forcepoint LLC
 
What Role Do Zero-Day Vulnerabilities Play In Modern Security Solutions?
Rion Technologies
 
What is a Zero-Day Exploit Understanding the Threat of Unknown Vulnerabilitie...
uzair
 
zero day exploits
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Zero-day Vulnerabilities
alihassaah1994
 
Zero Day Vulnerabilities: A threat to security.
chrish87
 
Zero-Day Vulnerability and Heuristic Analysis
Ahmed Banafa
 
What Is a Zero-Day Vulnerability? How It
BORNSEC CONSULTING
 
0Day to HeroDay: Surviving an Attack and Establishing a Security Organization
Ryan Wisniewski
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Napier University
 
Aujas incident management webinar deck 08162016
Karl Kispert
 
Stopping zero day threats
Zscaler
 
[Bucharest] Attack is easy, let's talk defence
OWASP EEE
 
Rand rr1751
Andrey Apuhtin
 
Caccia alle Minacce: Intelligence e Hunting nel cyberspace
Speck&Tech
 
Patch Management Best Practices 2019
Ivanti
 
13734729.ppt
AmitPandey388410
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Mark Simos
 
Security operations center 5 security controls
AlienVault
 
Weathering the Storm of IT Security Compliance
Condition Zebra (CONZebra)
 
Revolutionary, Not Evolutionary
Forcepoint LLC
 
Ad

Recently uploaded (20)

PDF
Designing Intelligence for the Shop Floor.pdf
nikglvk
 
PPTX
Patient Appointment Booking in Odoo with online payment
AxisTechnolabs
 
PPTX
Advanced SystemCare Ultimate Crack + Portable (2025)
adanataj41
 
PPTX
Weekly report ppt - harsh dattuprasad patel.pptx
bikerslovers123
 
PDF
iTop VPN Crack Latest Version Full Key 2025
hashmianya37
 
PPTX
history of c programming in notes for students .pptx
Vijayakumari829030
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
PPTX
Embracing Complexity in Serverless! GOTO Serverless Bengaluru
SheenBrisals
 
PPTX
AMADEUS TRAVEL AGENT SOFTWARE | AMADEUS TICKETING SYSTEM
philipnathen82
 
PPTX
WiFi Honeypot Detecscfddssdffsedfseztor.pptx
singlesrihari
 
PPTX
assetexplorer- product-overview - presentation
nonameist3434
 
PDF
AI-Powered Threat Modeling: The Future of Cybersecurity by Arun Kumar Elengov...
Arun Kumar Elengovan
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PPTX
Why Generative AI is the Future of Content, Code & Creativity?
Webuters Technologies Pvt. Ltd
 
PDF
Cost to Outsource Software Development in 2025
Omega Incorporations- Best Software Development Company
 
PDF
17 Powerful Integrations Your Next-Gen MLM Software Needs
ventaforcemlmsoftwar
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PDF
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
Designing Intelligence for the Shop Floor.pdf
nikglvk
 
Patient Appointment Booking in Odoo with online payment
AxisTechnolabs
 
Advanced SystemCare Ultimate Crack + Portable (2025)
adanataj41
 
Weekly report ppt - harsh dattuprasad patel.pptx
bikerslovers123
 
iTop VPN Crack Latest Version Full Key 2025
hashmianya37
 
history of c programming in notes for students .pptx
Vijayakumari829030
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
Embracing Complexity in Serverless! GOTO Serverless Bengaluru
SheenBrisals
 
AMADEUS TRAVEL AGENT SOFTWARE | AMADEUS TICKETING SYSTEM
philipnathen82
 
WiFi Honeypot Detecscfddssdffsedfseztor.pptx
singlesrihari
 
assetexplorer- product-overview - presentation
nonameist3434
 
AI-Powered Threat Modeling: The Future of Cybersecurity by Arun Kumar Elengov...
Arun Kumar Elengovan
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
Why Generative AI is the Future of Content, Code & Creativity?
Webuters Technologies Pvt. Ltd
 
Cost to Outsource Software Development in 2025
Omega Incorporations- Best Software Development Company
 
17 Powerful Integrations Your Next-Gen MLM Software Needs
ventaforcemlmsoftwar
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 

Exodus intel slideshare 2019

  • 2. The Problem How do you detect new attacks when there is no IOC? How do you detect attacks that no commercial security equipment can detect? The greatest threat is the unknown threat Patch efficacy is decreasing / Patch failure rates are increasing
  • 3.  Zero-day Intelligence  N-day Intelligence 0-Day | N-Day Intelligence
  • 4. We focus purely on vulnerability discovery and Exploitation Zero-day and N-day (known vulnerabilities) 100B+ Lines of New Code every year Exodus research is focused on exploitable vulnerabilities  Zero-day Intelligence  N-day Intelligence
  • 5. 100B+ Lines of New Code every year Exodus research is focused on exploitable vulnerabilities We provide clients with detailed reports, exploits and mitigation guidance on Zero-day and N-day (known vulnerabilities)  Zero-day Intelligence  N-day Intelligence
  • 6. Augment / Outsource Vulnerability Research Product Validation Secure Your Network • Leverage a world-class research team • Gain Access to a deep catalog of historical work • Use detailed reports to generate appropriate signatures/ rules • Full subscription cost of Exodus similar to the cost of a single researcher but with 6:1 intel generated • Use exploits to measure security effectiveness of your products • Use exploits to measure security effectiveness of your competitors • Identify issues and effectiveness and update product roadmap accordingly • Use the vulnerability reports to determine mitigations for affected systems on your internal network • Use the exploits to test your existing network defenses to insure proper coverage • Reduce Cyber Exposures/ Attack Surface  Zero-day Intelligence  N-day Intelligence Use Cases 0-Day | N-Day Intelligence
  • 7.  Zero-day Intelligence  N-day Intelligence Enterprise clients can subscribe to Exodus Intelligence Enterprise Feeds (Zero-Day | N-Day Feeds) :  Exodus vulnerability intelligence feeds are available via portal access, RESTful API and XML with metadata for integration into third-party SIEM products.  Feeds include detailed reports on the vulnerabilities; network packet captures of both malicious and benign traffic; and working exploits in the form of a Metasploit modules 0-Day | N-Day Intelligence
  • 8. DON’T WAIT FOR A PATCH [Zero-Day Research] 0-Day  Zero-day Intelligence  N-day Intelligence
  • 9. 01 DISCOVER The Exodus team discovers a zero-day vulnerability in the lab. 02 ANALYZE The vulnerability is analyzed to determine whether or not it is critical enough to warrant notifying Exodus’ customers. 03 EXPLOIT The team employs exclusive in-house techniques to create a working exploit tool for the vulnerability. 04 DOCUMENT 05 DISTRIBUTE A thorough report is created that documents every relevant aspect of the threat. The report and accompanying materials are securely distributed to clients via the Exodus web portal.  Zero-day Intelligence  N-day Intelligence 0-Day
  • 10.  Zero-day Intelligence  N-day Intelligence The vulnerability details are made public due to the release of a vendor patch or the detection of an in-the-wild attack abusing the zero-day flaw. Those responsible for implementing defensive measures must prioritize how to address the multiple vulnerabilities that are frequently patched in one release. Attackers also prioritize which flaws are ideal for exploitation. Both malicious actors and those working to defend begin racing to develop and deploy a working solution. The problem is only one of these groups is constrained by a traditional work schedule. 06 PUBLICIZED 07 PRIORITIZED 08 RACE BEGINS OTHERS 0-Day
  • 11.  Zero-day Intelligence  N-day Intelligence N-Day Exodus regularly encounters failed patches or discovers adjacent zero-day vulnerabilities Failed Patches leave organizations at risk even if they vigilantly keep up with software updates and security advisories. In 2018 Exodus identified dozens of publicly disclosed vulnerabilities that were reportedly patched but in fact were still vulnerable because the patch did not address the root cause.
  • 12.  Zero-day Intelligence  N-day Intelligence N-Day We deliver an average of 100+ exploits yearly to our clients with an average of 100 additional proof-of-concepts. Exodus N-Day Feed includes all patch failures identified by Exodus along with mitigation guidance. Failed Patches Exodus researchers take high profile publicly known PATCHED vulnerabilities and reverse engineer the patches to determine the root cause of the vulnerability, then if possible, develop an exploit for the vulnerability. Exodus regularly encounters failed patches or discovers adjacent zero-day vulnerabilities
  • 13.  Zero-day Intelligence  N-day Intelligence N-Day We deliver an average of 100+ exploits yearly to our clients with an average of 100 additional proof-of-concepts. N-Day Exodus N-Day Feed includes all patch failures identified by Exodus along with mitigation guidance. Failed Patches Exodus researchers take high profile publicly known PATCHED vulnerabilities and reverse engineer the patches to determine the root cause of the vulnerability, then if possible, develop an exploit for the vulnerability. Critically Exploitable Estimations
  • 14.  Zero-day Intelligence  N-day Intelligence Zero-Day & N-Day Reports and Exploits Training courses focused on vulnerability discovery and exploitation High Quality Analysis and exploits for externally discovered high visibility CVEs Teaming partnerships / technical advisor support roles Proprietary & Targeted vulnerability identification and exploit development for specialized use-cases WHAT WE PROVIDE  SERVICES
  • 15.  Zero-day Intelligence  N-day Intelligence Thank you!