Selling 0-Days to Governments and Offensive Security Companies

Black Hat USA 2019

Presented by: Maor Shwartz
Date: Wednesday August 07, 2019
Time: 13:30 - 14:20
Location: South Seas ABE

Selling 0-days is a fascinating process that not a lot of people are familiar with. This talk will discuss a vulnerability brokerage company called Q-recon and provide a glimpse of how this market works. In the presentation the following questions will be answered from three different angles (researcher/broker/client):

• Who (researcher profile) is selling 0-days to governments / offensive security companies?
• What is the process of selling 0-days?
• How to sell 0-days? At the end of the presentation, I will give a few tips for researchers that want to sell 0-days to offensive security companies/governments.

Maor Shwartz

Maor Shwartz worked as a vulnerability broker for 4 years at Q-recon Beyond Security. Today he helps researchers sell their 0-days to offensive security companies and governments for free. He also works as a Cyber researcher in SOMPO.

Maor Shwartz

Maor Shwartz worked as a vulnerability broker for 4 years at Q-recon Beyond Security. Today he helps researchers sell their 0-days to offensive security companies and governments for free. He also works as a Cyber researcher in SOMPO.