No known vulnerabilities? You're probably still vulnerable.
Our 0-day as a service service is the most advanced of our offerings. Whether you're an organization that needs 0-days in specific products or types of products (e.g. intelligence, defense agencies), want to ensure the security of your environment, or have some other need for 0-days (e.g. advertising, other/don't ask questions), Hyperion Gray's team of 0-day hunters live and breathe hunting. We use the latest industry standard and custom tools to find 0-days in web application, CLI, or thick GUI products for either Windows, Linux, Mobile apps, or kernels of these technologies. We need not say much more because if you want this service you likely know what you're doing.
Hyperion Gray uses the most advanced tools available as well as its own custom reverse engineering tools to find vulnerabilities with limited information. Have a perimeter device you think may be insecure? We'll protocol fuzz it with a mutational fuzzer. Have a black box binary application you don't or can't share the source to? We'll reverse it and run instrumented fuzzing using the latest and greatest in fuzzing, reverse engineering and dynamic analysis. Currently this usually involves a mix of AFL/WinAFL, various instrumentation tools like DynamoRIO, Reven, and WinDbg to understand its internals and own it. That is to say - this is our bread and butter, our every day, and quite frankly what we do for fun. We can even analyze black box hardware to ensure you maintain supply chain security. Don't want to say who you work for and/or have special anonymity needs? That's fine. We'll take payment in cryptocurrency and ask few questions (assuming you are asking for something that is legal). No we will not hack your ex-girlfriend's instagram account, this is a serious offering for very serious players in this space.
Meet the team.
Our security experts are extremely talented hackers of the highest level, everyone on our team has experience as security researchers for the most advanced defense and intelligence agencies in the world.
Our senior security architect, Alejandro (Alex) Caceres, has years of experience conducting pen tests for government agencies and the private sector alike. Alex is an active security researcher and trainer:
- Speaker at major conferences like DEFCON and Shmoocon.
- Featured in Forbes magazine.
- Creator of open source security tools.
- Author of security articles on the Gray Area blog
- Creator and instructor of online security training.
We are based in the U.S., Canada, and Australia with the ability to call on linguists for any additional international needs. We are here for you whether it be for remote work or travel.