Details
Exploits can be used by FAEs during demos and directly by customers who subscribed to our exploit service.
Every exploit comes in the form of a URL pointing to one of our
servers which is generated by support and is valid for a single
infection. Upon visiting the link with a vulnerable device and browser,
the target is exploited.
Requirements/Conditions/Restraints
In order to protect our infrastructure servers, all kind of exploit
content and payload (i.e., the agent that is to be installed), some
security measures are implemented on the servers and some best practices
must be followed by FAEs and customers. Security measures on the
servers include:
- Server-side checks. When an exploit URL is
visited, the server will perform checks to ensure that the browser
and the device are indeed exploitable before serving the exploit
code.
- Expiration date. One week after an URL is generated, the link will expire and will no longer serve the exploit.
- Single infection. Whenever the exploit code is
actually served to a target, the URL will automatically be voided
and will no longer serve the exploit. If the exploit works correctly,
the target will also be infected.
Instructions
In addition, FAEs and customers who use exploits must adhere to the
following guidelines whenever an exploit is used in a demo or is sent to
a target:
- the exploit URL (in the case of browser exploit) must never be
posted publicly on a website, discussion board, mailing list or social
network of any sort.
- the exploit URL (in the case of browser exploit) must never be
posted on Facebook or Twitter, even through private message. These
social networking sites often scan the links submitted through them for
malware and could detect our exploits and agents.
- if needed, the exploit URL (in the case of browser exploit) may be shortened by using http://tinyurl.com
as an URL shortening service. If, for any reason, there is a need to
use another service please contact support in order to assess whether
that service is suitable or not. An exploit URL should never be
shortened with bit.ly and goo.gl,
since these services offer a publicly accessible statistics page that
shows how many times and from which countries a given URL was visited
and also automatically scan URLs looking for malware.
Failure to comply with the above guidelines might result in our
servers being detected, agent samples leaked and/or customer and target
identities compromised.