FAQ

Frequently Asked Questions

Are you wondering how to legally sell your zero-day (0-day) exploits or research? Let us help you.
Here is a collection of frequently asked questions (FAQ) that can help you navigate the world of 0-day brokerage.

Yes. To ensure a smooth and efficient evaluation process, we provide a standardised submission template through our Vulnerability Research Hub (VRH).

By using this template, you can:

  • Clearly communicate all required technical details

  • Accelerate the validation, negotiation, and confirmation of your submission

  • Avoid common pitfalls and missing information

 Simply register on the Vulnerability Research Hub (VRH) platform to access the template and begin your submission.

At Crowdfense, your privacy and security are paramount. We adhere to strict confidentiality protocols to ensure your identity and personal information are fully protected at every stage.

  • We never share your personal data, including name, alias, email, bank details, or any identifying information, with any third party, including our clients.

  • Internal access is strictly limited to essential personnel on a need-to-know basis.

  • Your information is used exclusively for operational purposes, such as processing payments.

Our technical safeguards include:

  • PGP-encrypted communication for all emails and messages

  • Encrypted data at rest within the VRH platform

  • Hardware Security Modules (HSMs) to protect cryptographic keys

  • Regular security audits and penetration testing of our infrastructure

By combining operational discretion with advanced technical protections, Crowdfense provides researchers with one of the most secure environments in the industry.

Crowdfense usually pays researchers through international bank transfers. Where confidentiality is a concern, we can also provide payments using cryptocurrencies, such as Bitcoin (BTC).

In some cases, bounties are paid in multiple instalments, especially when a minimum exploit lifespan is required.

We also regularly launch high-priority and private bounties through the Vulnerability Research Hub (VRH), offering extra bonuses for time-sensitive or particularly valuable submissions.

Stay active on the VRH to avoid missing exclusive opportunities!

Once your submission has been technically assessed and approved, we will send you a final acquisition offer along with a formal purchase agreement.

By signing the agreement, you confirm the exclusive sale of your research to Crowdfense (unless otherwise negotiated). This includes the full transfer of all related intellectual property rights, meaning the research becomes the sole and exclusive property of Crowdfense.

After the sale:

  • You may not resell, share, publish, or disclose any part of the research

  • You are legally bound to maintain strict confidentiality indefinitely

This ensures the integrity and exclusivity of the capabilities we deliver to our trusted partners.

The final acquisition offer from Crowdfense is based on both the impact of the vulnerability and the technical quality of the exploit. To maximise your reward, consider the following factors:

Vulnerability Scope & Impact

  • Targeting widely used products or platforms increases value

  • Higher severity bugs (e.g., RCEs, sandbox escapes) are rewarded more than lower-impact ones (e.g., LPEs)

  • Bugs that require minimal configuration changes or user interaction are more attractive

  • Broader coverage across multiple versions or systems boosts payout potential

Exploit Quality

  • High reliability and stability across different environments

  • Bypasses for modern exploit mitigations (e.g., DEP, ASLR, CFG)

  • Support for process continuation or clean post-exploitation state

  • Clean implementation, no hardcoded offsets, no brittle ROP chains

  • Fully documented technical analysis and root cause breakdown

The more impactful, versatile, and professionally packaged your submission is, the more valuable it becomes.

No, Crowdfense only acquires vulnerabilities that are proven to be practically exploitable and accompanied by a fully functional, reliable exploit targeting the latest stable versions of the affected software, system, or device.

We require working proof-of-concept code that demonstrates real-world exploitation potential.

However, if you believe your research holds exceptional value or could be developed into a complete exploit, feel free to contact us. We’re always open to discussing promising edge cases.

Yes, Crowdfense accepts both standalone and chained exploits.

We are open to acquiring:

  • Individual exploit components, such as a browser RCE without a sandbox escape, or a sandbox escape on its own

  • Full exploit chains, combining multiple stages (e.g., RCE + sandbox escape + privilege escalation)

As long as the submitted component demonstrates real-world impact and meets our quality standards, it will be evaluated and priced accordingly.

Yes. In addition to zero-day vulnerabilities and full exploits, Crowdfense is actively interested in acquiring:

  • Novel exploitation techniques

  • Mitigation bypasses (e.g., defeating DEP, ASLR, CFG, PAC, etc.)

  • Innovative research that advances offensive capabilities

If you’ve developed a unique method or breakthrough in exploit development, we’re open to evaluating it and making a competitive offer.

Contact us directly to discuss your findings in a confidential setting.

If you’ve discovered a high-quality vulnerability that falls outside our listed scope, we’re still open to evaluating it on a case-by-case basis.

In such situations, the review process may take longer, as we need to assess potential buyer interest and ensure it aligns with our acquisition policies and procedures.

Have something valuable that’s not currently in scope?
Reach out to us via email; we may still be able to help.

We acquire high-impact vulnerabilities that pose significant security risks and are accompanied by a fully functional, reliable exploit (preferably with a PoC or weaponised chain).

Eligible submissions typically target:

  • Modern desktop and mobile operating systems

  • Widely deployed enterprise software

  • Embedded, IoT, and network devices

For detailed scope, platform coverage, and specific requirements, please refer to our Exploit Acquisition Program.

We acquire vulnerability research and exploits affecting modern, widely used operating systems, applications, and devices, including mobile, desktop, embedded, and enterprise platforms.

Our focus is primarily on zero-day vulnerabilities; however, from time to time, we may also acquire recent n-day vulnerabilities (typically up to six months old) for mobile platforms, depending on their impact and exploitability.

For a detailed list of in-scope targets and requirements, please refer to our Exploit Acquisition Program.

The Vulnerability Research Hub (VRH) is Crowdfense’s exclusive, private platform designed for top-tier security researchers. It provides a secure and confidential environment to:

  • Anonymously submit and manage zero-day vulnerabilities and exploit chains

  • Collaborate with our technical team throughout the evaluation process

  • Track submission status and access exclusive private bounties and bonuses

Whether you're submitting a single exploit or building a long-term relationship, VRH is your gateway to maximise rewards and engage safely with the world’s most trusted acquisition platform.

To learn more, visit our researchers page or sign-up on VRH.

Submitting your vulnerability research to Crowdfense is a secure and streamlined process designed to protect your work, ensure fair evaluation, and deliver prompt rewards.

All submissions are handled through our Vulnerability Research Hub (VRH), our private, encrypted platform built exclusively for trusted researchers.

Submission Process Overview

01. Enrol on VRH
Sign up on the Vulnerability Research Hub (VRH) to initiate the submission process in a secure and confidential environment.

02. Preliminary Contact
Submit minimal technical details and a video proof-of-concept (PoC) demonstrating the exploit’s capabilities.

03. Technical Evaluation & Negotiation
Crowdfense reviews the submission and gathers further information about the exploit’s features, constraints, and impact.
If aligned with client interest, a preliminary offer is extended to the researcher.

04. Contract Signature
Once the offer is accepted, both parties enter into a formal acquisition agreement, which defines the terms of exclusivity, ownership, and payment.

05. PoC Submission & Acceptance Testing
You provide the full exploit package, including:

  • Source code
  • Technical analysis
  • Root cause explanation
  • Exploitation methodology

Crowdfense then performs a thorough validation and acceptance test.

06. Payment
Upon successful validation, the agreed payment is released using your preferred method (e.g., bank transfer or cryptocurrency).

The payout depends on several key factors, including:

  • Target popularity: Vulnerabilities in widely deployed software or hardware receive significantly higher rewards.

  • Bug impact and scope: The more critical the vulnerability (e.g., RCE vs. LPE), and the broader the affected products or platforms, the higher the value.

  • Exploit quality: We assess the reliability, sophistication, and completeness of your exploit:

    • Bypasses exploit mitigations

    • Works across multiple versions/platforms

    • Requires minimal/no user interaction

    • No hardcoded offsets or fragile techniques

    • Supports process continuation (where applicable)

Example:

An unauthenticated remote code execution (RCE) vulnerability with a robust, cross-version exploit will earn significantly more than a local privilege escalation (LPE) with limited reach.

Crowdfense consistently pays the highest bounties in the industry, with payouts designed to match the real-world impact of your research.

Yes, and unlike many other platforms, Crowdfense never requires you to disclose your full research, source code, or intellectual property before a formal agreement is in place.

To receive a preliminary offer, simply submit via our secure Vulnerability Research Hub (VRH)

  • Minimal technical specifications

  • A video proof-of-concept (PoC)

These details are sufficient for Crowdfense and our clients to conduct a preliminary evaluation and assess interest.

If your submission meets our criteria, we’ll issue a pre-offer. The complete research package, including source code, documentation, and technical analysis, is only required after both parties sign a formal acquisition contract.

This ensures you maintain complete control of your intellectual property until terms are clearly defined and agreed upon.

Any individual researcher or company with original zero-day research is welcome to participate in our Exploit Acquisition Program.

We work with both independent experts and established teams from around the world. As long as the submission is legitimate, high-quality, and meets our criteria, you’re eligible to engage with us and be rewarded accordingly.

While vendors may offer limited rewards and impose disclosure constraints, Crowdfense provides a more rewarding, efficient, and researcher-centric alternative.

Key benefits:

  • Significantly higher payouts: We offer the highest bounties in the industry, far exceeding typical vendor rewards.

  • No public disclosure pressure: Unlike vendors, we don’t require you to follow coordinated disclosure timelines or share your work publicly.

  • Full confidentiality: Your identity and submission are handled with strict discretion.

  • Streamlined process: Our Vulnerability Research Hub (VRH) makes it easy to securely submit, track, and get paid for your research.

By reporting to Crowdfense, you maintain control, confidentiality, and maximum reward for your work.

At Crowdfense, we offer the highest payouts in the industry for high-impact vulnerabilities. We believe top-tier researchers deserve top-tier rewards, and we back that belief with real, competitive compensation.

Our Vulnerability Research Hub (VRH) provides a secure, streamlined, and transparent submission process, guiding you from the initial report to final payout with complete confidentiality and expert support.

Whether you're submitting a single exploit or building a long-term relationship, Crowdfense ensures that your work is valued, protected, and rewarded.

We often seek vulnerability researchers to join our internal zero-day research team. Crowdfense researchers conduct cutting-edge vulnerability research and exploit development. They find zero-day vulnerabilities, write in-depth root-cause analyses, contextualise the vulnerabilities and attack vectors, and identify patterns in emerging and established attack surface areas. Visit our careers page to find employment opportunities.

Crowdfense collaborates with government institutions, including national security, intelligence, and law enforcement agencies (LEAs), as well as trusted system integrators that require access to advanced zero-day exploits and cybersecurity capabilities.

We maintain rigorous export control, compliance, and due diligence protocols, applying the highest vetting standards in the industry. This ensures that every partnership is conducted with complete transparency, accountability, and legal oversight.

Crowdfense does not use the acquired vulnerabilities directly. Instead, we act as a trusted intermediary: after thorough technical validation and documentation, each approved submission is delivered to the client who contracted us to procure such capabilities.

We ensure that:

  • The research meets strict quality, reliability, and impact standards

  • It is tailored to the client's requirements and operational context

  • All transfers are conducted under strict legal, compliance, and export control frameworks

Our role is to bridge top-tier offensive research with vetted partners, ensuring responsible use of advanced cyber capabilities.

Unlike public bug bounty platforms, Crowdfense offers private, high-stakes acquisitions focused exclusively on zero-day and high-impact vulnerabilities.

Key differences:

  • Unmatched payouts: We pay the highest bounties in the industry, often significantly exceeding what traditional platforms offer.

  • Private and exclusive: We operate a confidential, invite-only environment, ensuring that your research is handled securely and discreetly.

  • No vendor disclosure: We do not require coordination with affected vendors or public disclosure timelines.

  • Streamlined process: Our Vulnerability Research Hub (VRH) provides a smooth, secure experience from submission to payment.

If you're working at the cutting edge of offensive research, Crowdfense is where your work gets the recognition and reward it truly deserves.

Crowdfense is the world-leading vulnerability research and acquisition platform, specialising in high-quality zero-day exploits and advanced offensive security research.

Led by seasoned cybersecurity professionals, we work with a global network of elite independent researchers, offering a trusted environment to submit and monetise cutting-edge discoveries safely.

Through our Exploit Acquisition Program and Vulnerability Research Hub (VRH), Crowdfense provides:

  • The highest bounties in the industry

  • A streamlined, confidential submission process

  • Direct access to vetted institutional clients

We are the bridge between top-tier research and trusted government and institutional partners, delivering strategic cyber capabilities where they matter most.