Here you will find answers to questions related to payments, working with us, the work process etc.
We verify the authenticity of the published vulnerability and make you an offer based on current needs and market conditions. It is important to note that unless otherwise stated, all research is purchased by us on exclusive terms, you are not allowed to sell or publish research elsewhere.
It is necessary to write to our mail with filled specification sheet. If we are currently interested in the proposed vulnerability, we will give you a preliminary offer. Then you will need to attach the POC video, as well as additional details: what provoked the vulnerability, what specific conditions are required for exploitation and so on. After agreeing on the amount of the deal, you send us the source code and technical details for verification.
Payment is possible via international bank transfers, cryptocurrencies, and in some special cases by specific payment means convenient for the resercher.
It is important to remember that some payments are made in several stages to make sure that the exploit remains valid for a certain period of time.
When forming an offer, TN considers many factors. Some of them are:
- prevalence of vulnerable software
- required operating conditions
- need for user interaction
- execution quality (execution stability, number of vulnerable software versions, presence/absence of ROP chains, etc.)
A rough estimate of various vulnerabilities can be found in the corresponding section.
No. We exclusively obtain vulnerabilities that are confirmed to be exploitable and come with a fully operational exploit compatible with the most recent stable versions of the relevant software, system, or device. Don't hesitate to reach out if you believe your research might meet our criteria.
No, only fully functional exploits and their chains will be considered at this time.
Yes, we are willing to consider any research for purchase, including innovative operating techniques, ways to hide from AV/EDR and the like.
Please email us with any such proposals — submit@tn-sec.com
TN compares favourably with its competitors in terms of the wide range of software and devices for which exploits are purchased. It is very likely that what you are offering will still find a buyer. Send all details to e-mail — submit@tn-sec.com
We pay a much higher bounty for your research. Often these sums are orders of magnitude higher than what vendor is prepared to offer.
We frequently recruit vulnerability researchers to become part of our in-house zero-day research team. At TN Security, our researchers engage in advanced vulnerability research and exploit development. They discover zero-day vulnerabilities, produce detailed root-cause analyses, contextualize the vulnerabilities and attack methods, and detect trends in both emerging and established attack surfaces. Explore our careers page to discover job openings in this field.
TN's customers are government agencies. We conduct thorough compliance and due-dilligence procedures to ensure that the exploit does not fall into the wrong hands.
TN Security conducts comprehensive reviews, testing, and validation of all acquired vulnerability research. Subsequently, this research is tailored, documented, and delivered to institutional clients.
We buy exploits on a very wide range of software and devices. In most cases, the estimate will be well above what the competition will offer.
Yes, our e-mail address and PGP key are listed in contact section. Our key is also available on the keyserver at pgp.mit.edu
Yes, TN is available for contract work, please contact us with a description of the project and we can provide rates.
All interactions only take place after both parties have signed the relevant agreements. We are an official legal entity registered in the UK.
Ensuring the privacy of our researchers is a top priority for us. We commit to never sharing any personal information about researchers, including names, aliases, email addresses, banking details, or any other sensitive data, with third parties, including our customers. Additionally, internal access to your information is limited to those who genuinely require it, and your personal data is solely utilized for payment processing purposes.
Sure! You can receive a preliminary offer for your research without revealing its full details. Just provide us with basic technical information. Upon evaluating this information, if your research aligns with our criteria, we'll send you a preliminary offer. However, the final offer will only be confirmed after we have thoroughly reviewed, assessed, and approved the complete research.
Any company or individual can submit zero-day research and participate in work with us.
A zero-day exploit targets a vulnerability that the vendor hasn't yet started to address, often because they're unaware of the issue. Exodus specializes in discovering these vulnerabilities and crafting exploits to showcase the potential impact of such weaknesses.
In the variety of software for which exploits are purchased. We are likely to find a buyer for even the most exotic research.