Selling 0-Days to Governments and Offensive Security Companies
Offered By: Black Hat via YouTube
Course Description
Overview
          Explore the intricacies of selling 0-day vulnerabilities to governments and offensive security companies in this 50-minute Black Hat conference talk. Gain insight into the operations of Q-recon, a vulnerability brokerage company, and learn about the fascinating process of vulnerability trading. Discover the differences between government and corporate clients, various researcher types, and the intricacies of the vulnerability market. Delve into topics such as payment structures, warranty models, terms of sale, market demand, validation processes, and legal considerations. Understand the role of vulnerability brokers, their services, and the benefits of working with them. Conclude with practical advice on getting started in the field, participating in CTFs, and accessing free services for client validation.
        
Syllabus
Welcome
Introduction
White Hats
Difference between governments and companies
Different types of researchers
How does the chart work
What we learned
What is the process
Payment
Warranty and Sell Model
Terms of Sale
Market Demand
Validation
Backend
Validation Period
Test Environment
Freeze Payments
Property Rights
Support
Governing Law
Contacting Clients
Official Point of Contact
Government
Pros and Cons
Personal Connection
Vulnerability Brokers
Services Map
Benefits of Working with Brokers
Brokers Fees
Summary
Feedbacks
Biggest Take Away
Start Working
CTFs
Get Help
Free Services
Client Validation
Taught by
Black Hat
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network
