Exploit Acquisition Platform - Pakistan

Tier3 offers the premium bug bounty platform founded by local cybersecurity experts in Pakistan with unparalleled experience in vulnerability research and zero-day exploits. We have now a flourishing community of independent cyber security researchers working together in Pakistan to provide the most advanced and powerful cybersecurity capabilities to our institutional clients.

Tier3 pays BIG bounties to security researchers to acquire their original and previously unreported zero-day research. While the majority of existing bug bounty programs accept almost any type of vulnerabilities and PoCs but pay very little, at Tier3 we focus on high-risk vulnerabilities with fully functional exploits and we pay the highest rewards in the market.

We acquire zero-day exploits and innovative security research related to the following products

Operating Systems

Remote code execution or local privilege escalation, or VM escape:
- Microsoft Windows
- Linux / BSD
- Apple macOS
- ESXi / HyperV

Web Browsers

Remote code execution, or sandbox bypass/escape, or both:
- Google Chrome
- Microsoft Edge
- Mozilla Firefox
- Apple Safari

Productivity / Client Apps

Remote code execution or information disclosure:
- MS Office (Word/Excel)
- MS Outlook / Mail App
- Adobe - PDF
- Mozilla Thunderbird
- Archivers (7-Zip/WinRAR/Tar)

Mobiles / Smartphones / IOT

Remote code execution, or privilege escalation, or any other research:
- Apple iOS
- Apple watchOS
- Android
- Windows Mobile
- IOT Devices

Web Servers

Remote code execution or information disclosure:
- Apache HTTP Server
- Microsoft IIS Server
- nginx web server
- PHP / ASP
- OpenSSL / mod_ssl

Email Servers

Remote code execution or information disclosure:
- MS Exchange
- Dovecot
- Postfix
- Exim
- Sendmail

Web Apps / Cloud

Remote code execution or information disclosure:
- cPanel / Plesk / Webmin
- WordPress Core
- Joomla / Drupal
- vBulletin / MyBB / phpBB
- Roundcube / Horde

Research / Techniques

Research, exploits or new techniques related to:
- WiFi / Baseband RCE
- Routers / IoT RCE
- AntiVirus RCE/LPE
- Tor De-anonymization
- Mitigations Bypass

Submission Process

Tier3 reviews and validates all submissions within one week or less. Payments are made in one or multiple installments by bank transfer or cryptocurrencies. The first payment is sent within one week or less.

Our submission process is very simple and straightforward. All research and exploits must be sent to Tier3 using PGP encrypted email. Visit our contact us page for more information.

Submissions can be in any format as long as all the supplied files and/or messages are PGP encrypted. All submissions must includes a fully functional exploit with source code (if any), a technical analysis including a description of the root cause of the bug(s) and exploitation method(s), required configuration and limitations, and any other information necessary to evaluate your submission.
1

Preliminary Contact

Share minimal details about your exploit with our team.
* NO POC Required
2

Preliminary Offer

We make you initial offer.
3

Code Submission

Researcher submits full technical details for evaluation.
4

Evaluation and Payment

We evaluate the code and make a Final Offer. Once offer is accepted payment is made within 1 week.

Important Notice

Tier3 does not have any sales partners or resellers, meaning that our solutions are only available through our direct sales channel.