Zerodium is a reputable place where you can sell zero day exploits.
Hackers and security researchers know that Zerodium is a way to cash in on vulnerabilities that they discover in operation systems, software and hardware and devices.
There are a number of ways that you can make money from discovering vulnerabilities.
- You can disclose the vulnerability to the software or hardware vendor. Many companies offer a “Bug Bounty” program where they pay for such discoveries. This is the “White Hat” thing to do.
- You can sell the exploit on the black market. The exploit will certainly be used for nefarious purposes and you are likely to be criminally liable for any bad things that happen. But such “black hat” buyers are likely to pay the highest dollar for exploits.
- You can sell the vulnerability to Zerodium or a similar organization. These companies are considered “grey hat”.
Zerodium has a strong track record of protecting their sources. The company pays an attractive bounty and is only interested in high risk vulnerabilities and fully functional and reliable exploits.
For example, if you find a way to penetrate a newer iPhone, you can certainly sell the hack to Zerodium for a nifty 7 figure sum.
What does Zerodium do with vulnerabilities that it purchases?
Zerodium is very selective on who they resell the vulnerabilities to. Their customers are governments and large defense companies who have the ability and willingness to pay very high sums for for such information.
Zerodium has an internal team of researchers who analyze, test, secures, and documents the vulnerability before providing it to the end user/customer.
Zero day exploits usually have a short shelf life. Eventually the vulnerabilities are found and patched. But the persons who originally identify the exploit can certainly cash in at Zerodium or similar sites.