BBV - Hacking the 0day Market


Duration: 09:00 AM to 09:45 AM

The 0day vulnerability market developed over the years in a way that is unsafe, chaotic and rather inefficient. Bad business practices, lack of professionalism and low levels of trust are still spread in this market even today and can seriously hamper the ability of law enforcement and intelligence agencies to acquire and maintain strategic cyber capabilities in order to fight organized crime, terrorism and hostile geopolitical actors.

Having a deep understanding of these issues and of their solutions, Crowdfense is “hacking the 0day market” in order to improve it for all the parties involved (researchers, customers, brokers, integrators and end users), by introducing new quality standards and best practices related to products, services and to the sustainability of the underlying business processes.

This session will share how Crowdfense is doing this, why, what are the results, some statistics about the 0day market and what could be the next steps.

About Trainer :

Andrea Zapparoli Manzoni manages Crowdfense Limited, which he designed in 2017 with a multidisciplinary team of ethical hackers, lawyers and vulnerability researchers.

The company’s main goal is to develop and apply new standards and processes to the vulnerability trading industry, which has become too strategic and complex to be managed with the old ““crafts of the trade”” methods. After more than two decades working in, studying in and consulting in the industry, Manzoni realized that there had to be a smarter and safer way to buy and sell active cyber-defense capabilities and decided to launch the Crowdfense Vulnerability Research Hub.

Manzoni most recently served as the Head of Cyber Security for KPMG Advisory in Italy. Prior to KPMG, he managed his own cyber-security company, founded in 2007, that was dedicated to vulnerability analysis, threat intelligence, strategic consulting and cyber training. Before launching his firm, he spent nearly a decade working as an IT security trainer, cyber-crime analyst, senior consultant and CISO for several national and international entities.

Mazoni studied political science and international relations in Milan and at U.C. Berkeley while hacking his first computers out of passion and curiosity in the late ‘80s and early ‘90s. After that, he attended Italian military school, where he became an assault infantry officer (C.C.).

He developed a strong focus on active cyber-defense and information warfare starting in 2010. From 2012 to 2014, he was a member of the National Security Observatory within the Military Centre for Strategic Studies in Rome, which paved the way for the development of the Italian National Cyber Strategy (2013).

Since 2012, he has served as a board member of Clusit (Italian ICT Security Association). In 2011, he started an in-depth analysis of the most severe national and international cyber-attacks (researching and classifying more than 7,700 attacks over 84 months). This work is published in Clusit’s yearly ““Report on ICT Security.”” To his great surprise, over the last seven years, this research has become a reference for private and public organizations in Italy and abroad.

He is also the author of many cyber-security guidelines and best practices, including Italy’s ““National Cybersecurity Framework”” and ENISA ““Cyber Security and Resilience for Smart Hospitals.””

His depth of experience drove the design, management and launch of Crowdfense — the world’s most advanced Vulnerability Research Hub.