Announcing #Pwn2Own Ireland! Our fall contest is on the move (again) as we head to Cork, Ireland. We also welcome @Meta as a sponsor with #WhatsApp being a target at $300,000. Plus the return of the SOHO Smashup. Read all the details at https://lnkd.in/eeEFqrjV #P2OIreland
Trend Micro Zero Day Initiative
Computer and Network Security
Austin, Texas 6,287 followers
Founded in 2005 - Trend Micro’s Zero Day Initiative (ZDI) is the world's largest vendor-agnostic bug bounty program.
About us
Trend Micro's Zero Day Initiative (ZDI) was created to encourage the reporting of 0-day vulnerabilities privately to the affected vendors by financially rewarding researchers. At the time, there was a perception by some in the information security industry that those who find vulnerabilities are malicious hackers looking to do harm. Some still feel that way. While skilled, malicious attackers do exist, they remain a small minority of the total number of people who actually discover new flaws in software. Today, as a part of Trend Micro, the ZDI represents the world’s largest vendor-agnostic bug bounty program. Our approach to the acquisition of vulnerability information is different from other programs. No technical details concerning the vulnerability are sent out publicly until the vendor has released a patch. We do not resell or redistribute the vulnerabilities that are acquired through the ZDI. Interested researchers provide us with exclusive information about previously un-patched vulnerabilities they have discovered. The ZDI then collects background information in order to validate the identity of the researcher strictly for ethical and financial oversight. Our internal researchers and analysts validate the issue in our security labs and make a monetary offer to the researcher. If the researcher accepts the offer, a payment will be promptly made. As a researcher discovers and provides additional vulnerability research, bonuses and rewards can increase through a loyalty program similar to a frequent flier program.
- Website
-
https://www.zerodayinitiative.com
External link for Trend Micro Zero Day Initiative
- Industry
- Computer and Network Security
- Company size
- 11-50 employees
- Headquarters
- Austin, Texas
- Type
- Public Company
- Founded
- 2005
- Specialties
- Reverse Engineering, Security Research, Vulnerability Disclosure, Security, Information Assurance, Exploit Development, and Fuzzing
Locations
-
Primary
11305 Alterra Pkwy
Austin, Texas 78758, US
Employees at Trend Micro Zero Day Initiative
Updates
-
Uncoordinated Vulnerability Disclosure: After more than a decade of CVD, has it benefited vendors or researchers more? Have the number of bugs increased to the point where vendors simply cannot cope with that level of coordination? Dustin C. Childs, CISSP has some thoughts - and lots of questions. https://lnkd.in/e2WgimDZ
Zero Day Initiative — Uncoordinated Vulnerability Disclosure: The Continuing Issues with CVD
zerodayinitiative.com
-
No time to read the blogs and just want the highlights from this month's Patch Tuesday? Dustin C. Childs, CISSP has you covered with the Patch Report for July 2024. https://lnkd.in/eQ4kFCuR
The Patch Report for July 2024
https://www.youtube.com/
-
It's Patch Tuesday once more. While #Adobe had a tiny release, #Microsoft had one of their biggest months ever - including two 0-days under active attack. Join Dustin C. Childs, CISSP as he breaks down all the details. https://lnkd.in/e3CUvXta
-
Our latest blog has ZDI researcher YuLin Sung detailing two Logsign Unified SecOps Platform bugs. These were reported to the ZDI by Mehmet INCE (@mdisec) from PRODAFT.com. The blog details how an authentication bypass can be used to get code execution from a bug that requires authentication. The post includes root cause analysis and PoC. https://lnkd.in/e9yjCkUn
Zero Day Initiative — Getting Unauthenticated Remote Code Execution on the Logsign Unified SecOps Platform
zerodayinitiative.com
-
School's out, and so are the latest patches from Microsoft and Adobe. It's a small release from Redmond, but a monster one from Adobe with over 160 CVEs being addressed. Check out the blog from Dustin C. Childs, CISSPas he breaks down the release and offers guidance on where to prioritize your testing and deployment. https://lnkd.in/ePyn67gK
Zero Day Initiative — The June 2024 Security Update Review
zerodayinitiative.com
-
Couldn't make it to OffensiveCon but still want to see Piotr Bazydło's talk on exploiting Microsoft Exchange PowerShell remoting? Good news, everyone! The video of the talk is now available. Check it out at https://lnkd.in/eiM9NUk2
OffensiveCon24 - Piotr Bazydlo - Half Measures and Full Compromise
https://www.youtube.com/
-
CVE-2024-30043: Piotr Bazydło details this #SharePoint XXE he discovered. He calls it one of the craziest XXEs he has ever seen (and found), both in terms of vulnerability discovery and the method of triggering. He shows how it can be used for info disclosure & NTLM relaying. https://lnkd.in/eQ6wKQAN
Zero Day Initiative — CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud
zerodayinitiative.com
-
It's a smaller #PatchTuesday release, but there's an 0-day in Windows DWM Core Library to cover. Join Dustin C. Childs, CISSP as he covers the full release and points out which vendors patched their #Pwn2Own bugs - and which didn't. https://lnkd.in/e33d64cc
-
In a new guest blog, Cody Gallagher describes the bug he used to exploit #Oracle #VirtualBox at #Pwn2Own Vancouver. He gives an in-depth analysis of how he used a race condition to win $20,000 at the contest. https://lnkd.in/eq3Nc9Fb
Zero Day Initiative — CVE-2024-21115: An Oracle VirtualBox LPE Used to Win Pwn2Own
zerodayinitiative.com