FAQ

Where is Shellcode based? 

Our company was founded in Dubai UAE and is currently located in Rabat Morocco and Dubai UAE. 

When selling Shellcode zero-day exploits, what risk should I consider?

By submitting on Shellcode, we ensure the researcher's safety and privacy.

Zero-day acquisition is now a standard and well accepted procedure in many nations. Not only is it far more profitable than dealing with suppliers and bug bounties, but it's also safer.

How do you guarantee the researchers' anonymity when acquiring zero-day exploits?

We guarantee the researchers' privacy by having simple and safe processes. We exclusively get zero-day exploits via email.

Using PGP, we encrypt every message we send and receive from researchers using asymmetric encryption. The only time clear-text communications are delivered is when a researcher wishes to withhold his public PGP key. Remember that in order for a researcher to obtain a pre-offer for his exploit, he must use PGP encryption. 

Can I still submit to Shellcode even if I couldn't find the target software that correspond to my exploit in the price list?

Yes, if it meets our quality expectations you can submit your exploit since the list of target software in the "price list" is non exhaustive and not complete.