Scribd
Upload
74 views6 pages

Module-0 3

This document discusses different marketplaces for vulnerabilities. It outlines three main options: 1) Bug bounty programs that pay hackers to report vulnerabilities to companies like Google and Microsoft, paying between $500 to $100,000. 2) Companies like ZDI and iDefense that pay $2,000 to $25,000 for reported vulnerabilities. 3) A black market where vulnerabilities can be sold illegally, like the website HackZone.ru that was selling credit cards. It also discusses pay-per-install services that infect machines with malware or keyloggers and charge clients per installation on a victim's computer.

Uploaded by

Harpreet Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
74 views6 pages

Module-0 3

This document discusses different marketplaces for vulnerabilities. It outlines three main options: 1) Bug bounty programs that pay hackers to report vulnerabilities to companies like Google and Microsoft, paying between $500 to $100,000. 2) Companies like ZDI and iDefense that pay $2,000 to $25,000 for reported vulnerabilities. 3) A black market where vulnerabilities can be sold illegally, like the website HackZone.ru that was selling credit cards. It also discusses pay-per-install services that infect machines with malware or keyloggers and charge clients per installation on a victim's computer.

Uploaded by

Harpreet Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Module 0.

The Marketplace
for
Vulnerabilities
Hacker zoloto offered credit cards for sale on the
Web site HackZone.ru.
Marketplace for
Vulnerabilities
Option 1: bug bounty programs (many)
Google Vulnerability Reward Program: up to 100K $
Microsoft Bounty Program: up to 100K $
Mozilla Bug Bounty program: 500$ - 3000$
Pwn2Own competition: 15K $

Option 2:
ZDI, iDefense: 2K 25K $
Marketplace for
Vulnerabilities
Option 3: black market

Source: Andy Greenberg (Forbes, 3/23/2012 )


Marketplace for owned
machines
clients
spa
keylogge
m
r
Pay-per-install (PPI) services bot

PPI operation: PPI


1. Own victims machine service
2. Download and install clients code
3. Charge client

Victims
urce: Cabalerro et al. (www.icir.org/vern/papers/ppi-usesec11.pdf)
Marketplace for owned
machines
clients
spa
keylogge
m
r
bot

Cost: US - 100-180$ / 1000


PPI
machines
service
Asia - 7-8$ / 1000
machines
Victims
urce: Cabalerro et al. (www.icir.org/vern/papers/ppi-usesec11.pdf)

You might also like