I know it sounds lame but...

there's a guy friend of mine who owns a security company to do pen-testing. He's from Bulgary and he has lot of money to spend so he asked me SERIOUSLY (I wanted to be sure he didn't joke 'coz it was sounding to me like the lamers in Zone-H forum buying exploits) to ask around for buying privates or 0days for his pen-testing. :!:

I checked and he owns that company in real. He has a nice website and I've even checked his company's name under the bulgarian website for registering companies. He is serious. :?

If any of you guys is interested in selling some of his private codes, feel free to drop me an email or a Private message. I will put you in direct contact with him.

And...no I will not earn a penny from this. He's just a friend. :D

Ciao

Yog-Sotho aka Monnezza

it is not the exploits.cx by chance ? :D

btw this would be much attractive if your friend was displaying his prices as iDEFENSE does because that is easy to say I buy exploits, then how many ? depending of the severity ? does he buys only exploits with an old or 0day or unpublished discovery ? etc
I doubt he can pay more than iDEFENSE anyway :)

Man, you really surprise me every time!!

It is indeed that exploits.cx site. Do you read minds? :D

I spoke with him and he sounds very excited, truly convinced of what he's doing and totally addicted to exploits!! ehehehhe!

I agree with you, he should at least give a price range (I'm an export saler... I know this commercial stuff) but I bet if you take direct contact with him, he will be more than happy to tell you these infos.

Besides, he's not as big as eeye but I think he could have enough money (a guy who wants to buy exploits MUST have enough money to spend according to me).

So, who's interested can visit his page at

exploits.cx

Enjoy this kind and nice guy

Yog-Sotho aka Monnezza

Long live to old school minds!!!

I maid the contact , I didnt like it :


<joffer> --- - ### Windows XP (SP2) - Local
<joffer> --- - ### Windows 2003 (SP1) - Local
<joffer> --- - ### Linux 2.4/2.6 kernel local (FC3,FC4 or vanilla)
<joffer> --- - ### FreeBSD 4.11/5.4 kernel local
<joffer> --- - ### Windows XP (SP2) - Remote
<joffer> --- - ### Windows 2003 (SP1) - Remote
<joffer> --- - ### Exim 4.51 - Remote
<joffer> --- - ### Postfix 2.2 - Remote
<joffer> --- - ### Sendmail 8.13.4 - Remote
<c0d3r> <joffer> --- - ### Windows XP (SP2) - Remote
<c0d3r> <joffer> --- - ### Windows 2003 (SP1) - Remote
<c0d3r> you mean a service installed on em
<c0d3r> or the os itself
<joffer> service / os
<joffer> but microsoft service
<joffer> not some other companies software


some parts censored , if I wanted to be a security money maker I prefer iDefence .

I know it sounds lame but...

there's a guy friend of mine who owns a security company to do pen-testing. He's from Bulgary and he has lot of money to spend so he asked me SERIOUSLY (I wanted to be sure he didn't joke 'coz it was sounding to me like the lamers in Zone-H forum buying exploits) to ask around for buying privates or 0days for his pen-testing. :!:

I checked and he owns that company in real. He has a nice website and I've even checked his company's name under the bulgarian website for registering companies. He is serious. :?

If any of you guys is interested in selling some of his private codes, feel free to drop me an email or a Private message. I will put you in direct contact with him.

And...no I will not earn a penny from this. He's just a friend. :D

Ciao

Yog-Sotho aka Monnezza



Erm... its not "Bulgary", its Bulgaria...

Sorry for the off-topic, i hate it when people mistake the name of my country...

Man, I must apologize but I thought in english that was Bulgary (Bulgaria)as for Hungary (Ungheria).

In my language (italian) your country is called like in your language: Bulgaria.

My mistake!

@cod3r: I didn't get what you didn't like. Maybe the fact that he wants exploits for Micro$oft only? Well that's maybe his mainly range of customers. Didn't think about it?! Why buying *nix exploits if your customers use Microsoft's products? ;)

Ciao

that's you YogSotho on the avatar pic smoking a giant shilum ? :D

iDefense buys every exploits , those with cost you tell them what you have they say NO , or they say this much :)
they never say I want this specefic exploit .
but the price sounds good :) I hardly doubt I would recieve/code one of those mentioned :)

iDEFENSE doesnt buy exploits.. they buy your advisory from a to z , they pay just more I think if do you provide tech details as into an exploit, let them contact the app vendor, etc, but they aren't buying exploits...

Criteria
The payment amount is based on the following criteria:

* the kind of information being shared (i.e., vulnerability and/or exploit code)
* the amount of detail provided
* the potential severity level for the information shared
* what applications, operating systems, etc. are affected
* iDEFENSE's verification of accuracy
* what level of exclusivity, if any, is granted to iDEFENSE for the data (see below)
* the number of users of the affected application
* the potential value to iDEFENSE customers
-------------------------------
class , seems they buy exploits , dont they ?

"they pay just more I think if do you provide tech details as into an exploit"

I mean they do not buy old vulnerability exploits, if you come with an interesting new advisory with an exploit , sure they will be interested, but to say they buy exploits is wrong , because you can submit them an exploit of an old high or low , they wont care, that's what interest exploit.cx but not idefense, they buy an advisory yes :)

@class101: yes that happy guy trying to light up that giant home made chillum is Yog-Sotho Da Man! :)

Pot Heads will never die!!

:)

Did u contact that guy my friend? Any news?

Cheers

Yog