Initial Contact
Send a brief technical summary — target, vulnerability class, and proof of exploitability. No full exploit code at this stage.
Exploit
Acquisition
We acquire zero-day exploits, individual primitives, partial chains, and full capabilities across all major platforms. Payouts range from $10,000 to $7 million depending on target, reliability, and operational value.
Submit ResearchWhat We Buy
We buy individual primitives, not just finished chains. A sandbox escape, kernel info leak, or type confusion primitive is valuable on its own. Full chains pay the most, but we acquire at every stage of development.
All submissions require exclusivity — we do not acquire exploits that have been sold elsewhere or previously disclosed. Current versions of target software only. No theoretical vulnerabilities, no DoS-only, no phishing.
We Accept
- Individual primitives — info leaks, type confusions, UAFs
- Partial chains and sandbox escapes
- Full exploit chains (highest payouts)
- Zero-days with no prior disclosure
- Current versions of target software
We Don’t Accept
- Theoretical or unproven vulnerabilities
- Previously disclosed or patched bugs
- Non-exclusive or previously sold exploits
- Denial-of-service only
- Exploits requiring physical access
Platforms & Payouts
Prices are indicative maximums. Actual payouts depend on exploit quality, reliability, stealth characteristics, and current demand. Partial chains and individual components are also considered.
Mobile
up to $7MHigh demandiOS Zero-Click Full Chain
$5M – 7MHigh demandiOS One-Click Full Chain
$3M – 5MHigh demandAndroid Zero-Click Full Chain
$3M – 5MAndroid One-Click Full Chain
$1M – 3MiOS/Android Persistence Module
$500k – 1MBaseband RCE
$500k – 1MDesktop OS
up to $1.5MHigh demandWindows RCE + LPE Chain
$500k – 1.5MHigh demandmacOS RCE + Sandbox Escape
$500k – 1.5MWindows LPE / Kernel Code Execution
$200k – 500kmacOS LPE / Kernel Code Execution
$200k – 500kLinux Kernel LPE (recent mainline)
$100k – 300kBrowsers
up to $1.5MHigh demandChrome RCE + Sandbox Escape
$500k – 1.5MHigh demandSafari/WebKit RCE + Sandbox Escape
$500k – 1.5MChrome/V8 RCE (renderer only)
$200k – 500kSafari/WebKit RCE (renderer only)
$200k – 500kNetwork & Infrastructure
up to $500kHigh demandCisco IOS/IOS-XE RCE
$200k – 500kFirewall/VPN Appliance RCE
$150k – 500kEnterprise Email Server RCE
$150k – 400kVirtualization / Hypervisor Escape
$200k – 500kHow It Works
Evaluation
Our research team assesses impact, reliability, and operational value. We respond within 72 hours with a preliminary offer or follow-up questions.
Agreement
We negotiate final terms and execute a formal acquisition agreement covering exclusivity, payment, and confidentiality.
Delivery & Payment
You provide the full exploit package — source, writeup, root cause, and methodology. Payment releases upon validation via wire or crypto.
Submit Research
Send a brief technical summary — target platform, exploit type, and constraints. Do not include full technical details in initial contact.
PGP keys available upon request.
info@irisc2.com