With this "Vulnerability Extermination" service we find security defects in banking, commerce, business, mobile, virtualization, security and other software that you develop or use before anyone else finds them.
Some of our most demanding customers hire us for finding critical vulnerabilities in products built by security-knowledgeable people, reviewed with best automated tools and analyzed by other experts.
And they like what we find.
In a simulation of a real "Advanced Persistent Threat" attack against your information system, we become your friendly attacker and try to penetrate into the most
critical parts of your networks, databases, services and applications in a controlled and managed fashion.
A test like this is the only way to see how well you're really prepared for a targeted attack.
We help you reach informed security-related decisions in application development, when setting up online services and protecting your IT infrastructure.
"We routinely engage ACROS Security when we need a security review of our most popular products."
(CSO at global software vendor with multi-billion revenue)
"We've been leveraging ACROS to perform pentests on most of our acquisitions and we've been very happy with their services."
(Project contact at leading global online company with hundreds of millions of registered users)
It has always been our strategy not to specialize in any particular technology. We're constantly surprising our customers with security defects in desktop or mobile applications, on any operating system, in office devices, network equipment and appliances, complex web applications and online banking systems, anywhere from smartcard applets and web applications to virtualization engines and language interpreters.
Many of the world's largest software vendors have fixed vulnerabilities we reported to them and thanked us for helping them keep their users secure.
About ACROS Security
ACROS Security is specialized in providing advanced security analyses of products and systems. Our in-depth security research pushes the boundaries of global knowledge, keeps our customers ahead of competitors and users safe from attackers.
We work for leading financial institutions, software vendors, online service providers, cloud providers, virtualization solutions providers and others who consider security of their products, information and services critical.
...for updates on our security research.
ACROS in the Media (highlights)
The Register, "Upset Equation Editor was killed off? Now you can tell Microsoft to go forth and multiply: App back from the dead"
Help Net Security, "Abandoned by Microsoft, Equation Editor gets “security-adopted” by micropatch pros"
SecurityWeek, "Microsoft Manually Patched Office Component: Researchers"
Ars Technica, "How to fix a program without the source code? Patch the binary directly"
SecTor, "If Vendors Won't Patch Their Software, This Firm Will"
Help Net Security, "Actively exploited zero-day in IIS 6.0 affects 60,000+ servers"
Help Net Security, "Reinventing software patching, curing big security holes" (podcast)
BetaNews, "0patch pushes out another Windows patch, but will leave the real work to Microsoft"
SC Magazine, "Third party develops temporary patch for Microsoft flaw that Google disclosed"
Softpedia, "Unpatched Windows Vulnerability Made Public by Google Gets a 3rd-Party Fix"
>> More media references...
0patch blog: Micropatching Brings The Abandoned Equation Editor Back To Life
0patch blog: 42 Days After Our Micropatch, The Office DDE Vulnerability Gets An Official Fix
ACROS presented "We're micropatching 0days and so can you" at the InfoSek Conference 2017. Slides are here
0patch blog: Microsoft's Manual Binary Patch For CVE-2017-11882 Meets 0patch
0patch blog: Did Microsoft Just Manually Patch Their Equation Editor Executable? Why Yes, Yes They Did. (CVE-2017-11882)
0patch blog: 0patching a Pretty Nasty Microsoft Word Type Confusion Vulnerability (CVE-2017-11826)
0patch blog: Office DDE Exploits and Attack Surface Reduction
0patch blog: 0patching the Office DDE / DDEAUTO Vulnerability... ehm... Feature
0patch blog: Micropatching a Hypervisor With Running Virtual Machines (CVE-2017-4924)
0patch blog: Exploit Kit Rendezvous and CVE-2017-0022
0patch blog: 0patching the RSRC Arbitrary NULL Write Vulnerability in LabVIEW (CVE-2017-2779)
>> More news...
0patch is a platform for instantly distributing, applying and removing microscopic binary patches to/from running processes without having to restart these processes (much less reboot the entire computer). Brought to you by ACROS Security.