What is VRulent?

VRulent is determined to provide the best and most competitive rewards to security researchers for their hard work. We acquire undisclosed and unreported zero-day exploits that affect all major mobile and desktop operating systems, network devices, embedded systems, and popular desktop/mobile applications. We will reward researchers for all types of exploits ranging from local privilege escalations, sandbox escapes, zero-click remotes, etc. At the end of the day, our goal is to pay top dollar for exploits to high-risk vulnerabilities.

What is the process for submitting research?

If you have zero-day research you wish to submit then complete the "Submit Research" form or contact us at [email protected]. Send us the high-level details of the research you want to sell, and we will determine our interest in your work and send a conditional offer. Afterwards, submit to us the complete technical details of your research and exploit/proof-of-concept for evaluation. Based on the reliability, coverage, limitations, etc. we will send a final offer to you for acquisition of your research and exploit. If you accept the offer then VRulent will pay you within 1 week.

How is submitted research evaluated for acquisition?

Overall, we test to ensure the quality of the exploit prior to acquisition. We want to determine the reliability of the exploit, which is typically done through automated testing or manual analysis where automation is not possible. Next we determine the coverage the exploit has over the target. For example, does the exploit only work for a specific minor version, or can it be ported to work reliably on other major versions? Finally we determine the limiting factors that are imposed onto the exploit for it to succeed. For example, does the exploit only work when run in an obscure or non-traditional environment? Does it have to run 30 minutes before we see a result? These are the types of criteria that we use to determine the overall quality of the exploit. Finally, after the evaluation, we will send a final offer to you based on our results and value.

What happens if you determine to not acquire the research?

We delete everything you provide us. The trust in our process is extremely important to us and we NEVER want a situation where that trust is in question. Your research is your own until acquisition and we ensure proper non-disclosure agreements are in place before performing any in-depth technical information exchange.

Which payment methods are made available?

Payments are typically made via Bank Wire Transfer. Digital currency payments is available upon request.

How can I contact you?

For exploit research and sales inquiries please contact us at [email protected].
Our PGP key