About Top Services

Vulnerabilities: 0-day Technologies

Nowadays a security vulnerability is what makes the difference on both the defensive and offensive side.

Being aware of the issues that affect the software used in our private and public organizations is essential for blocking incoming attacks, and it's decisive as strategic advantage against the internal and external threats affecting a company or a country.

We provide information and ready-to-use technology for our private undisclosed 0-day security vulnerabilities and techniques covering a wide range of top priority targets, ranging from mobile devices to desktop software and from web to industrial products.

We perform also on-demand research for targets not currently covered by our research and for customized private software, even on-site when necessary.

Our research is available on both exclusive and non-exclusive plans, depending by your needs and resources.

All our solutions are researched and developed in-house. We do NOT acquire or use external third parties resources or technologies.

These services are available for selected companies and governments worldwide.

Contact us (PGP) for additional information and to tell us your needs and requirements, our services are highly customizable to fit your requests.


A security assessment allows your software and hardware products to decrease or even neutralize their security issues, and consequently limiting the risks for your customers.

We provide various solutions to test your products, like the following:

  • White box

    Code auditing and review of the source code you provide and testing of the final product.

  • Black box

    Testing of the same product as is distributed with or without additional knowledge about its internals.

  • On-site testing

    Testing of products that are available only inside your company and laboratory.

  • Custom

    Any detail and rule of the testing is decided with you.

The duration of the assessment is decided according to your preferences, your needs and the project. We can opt for a one week testing, one month, a long-term partnership or anything else which is better for the specific situation.

We have proved experience and we are leaders in the security research performed on the following products:

  • Multiplayer Games

    Our researchers have found the largest amount of server-side vulnerabilities affecting known game engines like Unreal, Source, Crysis, idTech, Lithtech and many other single games.

  • Game-related Software and Digital Content Delivery Systems

    Our researchers have found the largest amount of vulnerabilities affecting various software like Steam, EA Origin, Punkbuster, TeamSpeak, Ventrilo and others.

  • Online Poker and Gambling Software

    We have released various public research covering core software like B3W, Microgaming and Playtech, they are used by important skins like Yachting Poker, PKRaise, Unibet, Titan Poker, William Hill Poker and Bet365 Poker.

  • Industrial Software

    Our researchers have covered the widest range of SCADA and industrial-related software of companies like General Electric, Siemens, ABB, Rockwell, Invensys, Schneider, InduSoft, CoDeSys and many others.

  • Server-side Software

    Our researchers have found vulnerabilities in products of companies like Microsoft, HP, EMC, MySQL, Novell, TrendMicro, Symantec, Sybase, McAfee, Borland, SAP and others.

  • SmartTV Security

    We have released various research on products like Samsung and Philips, probably the most known is the Miracast backdoor affecting all the Philips 2013 models.

Feel free to consult our Research and Press pages for references about our public works.

Contact us for additional information.


We are available for other tasks not covered by the previous services.

We offer professional consultancy on various security aspects and we can work together with your development team to find the best solutions for any security-related problem in any phase of product development, both before and after the release on the market.

We are also available for specific projects.

Contact us for additional information.

News Top Research


The following is the archive of public research we have released in the past years about various topics, covering a wide range of security and design issues.

Although such content is rich of technical information, we try our best to make our papers readable and accessible to the largest audience.

Exploiting Steam Lobbies and Matchmaking

18 Sep 2014

Description of the security vulnerabilities that affected the Steam lobbies and all the games using the Steam Matchmaking functionalities.

Summary: A single attacker was able to easily deny the online experience of many multiplayer games sold on Steam.

Steam Service Security

10 Jul 2014

How a malware or an exploit can use the Steam local service to escalate its privileges.

Summary: Unpatched local privilege escalation issues in the Steam Client Service.

Steam Voip Security

04 Jul 2014

Overview and details about the security issues found in the Steam voice framework.

Summary: Description of various remote security vulnerabilities that affected the voip API used by Steam and various games.

Having fun via WiFi with Philips SmartTV

26 Mar 2014

Video showing a design vulnerability affecting all the 2013 models of Philips SmartTV (6/7/8/9xxx), where the WiFi Miracast feature is enabled by default with the fixed password "miracast" and no PIN or request of permission for the new incoming WiFi connections.

Owning Render Farms via NVIDIA mental ray

10 Dec 2013

This paper details a vulnerability affecting NVIDIA mental ray, which allows an attacker to take control over a mental ray based render farm.

Game Engines: A 0-Day's Tale

20 May 2013

This paper details several issues affecting different game engines. All the vulnerabilities discussed in this paper are 0-days, at time of writing.

An Overview Of Online Poker Security

10 Apr 2013

Security research conducted against a set of online poker solutions, highlighting the current status of this lucrative industry.

"Online Gaming (also known as Online Gambling and iGaming) is a successfully growing market, and Online Poker is its main sector with millions of players all around the world betting with real money..."

Battlefield Play4Free Arguments Injection

22 Mar 2013

In this paper we will detail a remote code execution vulnerability in Battlefield Play4Free exploitable via web browser on some Operating Systems. The vulnerability was first presented by REVULN at Black Hat Europe 2013, as part of a talk covering several interesting aspects related to games security.

Multiplayer Online Games Insecurity (white paper)

22 Mar 2013

White paper of the presentation given at Black Hat Europe 2013

EA Origin Insecurity (when local bugs go remote... again)

15 Mar 2013

In this paper we will uncover and demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known EA Origin platform as attack vector against remote systems.

Call of Duty: Modern Warfare 3 NULL pointer dereference

13 Nov 2012

In this paper we describe a pre-auth server-side NULL pointer dereference vulnerability in Call Of Duty: Modern Warfare 3, which is due to an issue related to the DemonWare query packets. This vulnerability can be exploited to perform Denial of Service (DoS) attacks against game servers.

Steam Browser Protocol Insecurity (when local bugs go remote)

15 Oct 2012

In this paper we will uncover and demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known Steam platform as attack vector against remote systems.


The following are the slides of the talks we performed at some of the conferences listed on the Conferences section.

Reloading Java Exploits

02 Jun 2014

Presented at Hack In The Box Europe 2014.

SmartTV Insecurity

27 May 2014

Presented at PHDays IV 2014.

Securing ICS Applications When Vendors Refuse Or Are Slow To Produce a Security Patch

17 Jan 2014

Presented at S4 (SCADA Security Scientific Symposium) 2014

Smashing Exploit Detectors: The Java Exploits Case

11 Nov 2013

Presented at CounterMeasure 2013

Exploiting Game Engines for Fun and Profit

20 May 2013

Presented at NoSuchCon 2013

Multiplayer Online Games Insecurity

22 Mar 2013

Presented at Black Hat Europe 2013

A 0-day's life: "Offense as Defense"

08 Feb 2013

Presented at Suits and Spooks DC 2013

Owning Multiplayer Online Games

13 Nov 2012

Presented at Power of Community 2012

Services Top Events


We periodically attend various conferences worldwide.

The following are some of the conferences that we have attended so far, in some occasions also as speakers.

The slides of the conferences in which we gave a presentation are available in the Presentations section.

Hack In The Box 2014

29 May 2014 - Amsterdam, Netherlands

Reloading Java Exploits: Long Live Old JRE!

Positive Hack Days (PHDays)

21 May 2014 - Moscow, Russia

Smart TV Insecurity

SCADA Security Scientific Symposium 2014

14 January 2014 - Miami, USA

Securing ICS Applications When Vendors Refuse Or Are Slow To Produce a Security Patch

Countermeasure 2013

07 November 2013 - Ottawa, Canada

Smashing Exploit Detectors: The Java Exploits Case

NoSuchCon 2013

15 May 2013 - Paris, France

Exploiting Game Engines For Fun And Profit

Suits&Spooks 2013 DC

08 Feb 2013 - Washington DC, USA

A 0-days life: Offense as Defense

Black Hat Europe 2013

12 Mar 2013 - Amsterdam, Netherlands

Multiplayer Online Games Insecurity

SCADA Security Scientific Symposium 2013

16 Jan 2013 - Miami, USA

Experimental Project for SCADA/HMI Defense

Power Of Community 2012

08 Nov 2012 - Seoul, South Korea

Owning Multiplayer Online Games

Research Top Careers


We are constantly looking for new individuals to join our team, please check the Services page to know something more about what we do.

Feel free to send us your detailed CV showing your professional experience and references to your public works (blog posts, CVE-IDs, Metasploit modules and exploits, published research and other resources).

Contact us to apply (PGP).

Sales Agents and Resellers

We are looking to establish relationships with sales agents and resellers located around the world who can help market our products in the regions where they live.

Candidates should have:

· Excellent interpersonal and sales skills
· A proven track-record of success in the field
· A strong network of contacts in the regions where they live and work

Contact us to apply (PGP).

Events Top About


REVULN™ is a set of companies focused on performing various types of security research on a wide range of fields.

The first company was founded the 13th September 2012, all our companies are privately held and entirely financed with own internal sources.

We are incorporated in Malta, Belize and Hong Kong.

We operate worldwide, both directly and through our partners.

The founder and sole owner of REVULN™ is Luigi Auriemma.

REVULN Limited
Level 3, Theuma House, 302, St. Paul Street
Valletta VLT1213
- Company No. 57557 -

REVULN Ventures Limited
21 Regent Street
Belize City
- Company No. 149322 -

REVULN Limited
25th Floor, Workington Tower, 78 Bonham Strand, Sheung Wan
Hong Kong
- Company No. 2478498 -


We are long term security partners of Epic Games for which we provide security support, assessment and consulting for their new Unreal Engine 4 product.

More information about the partnership are available on their blog post Epic Games Enlists ReVuln to Augment Security Efforts.


Our company has ever received an important media coverage since the beginning.

The 14 July 2013 we were on the first page of New York Times for an article regarding the scenario of vulnerability brokers and governments: Nations Buying as Hackers Sell Knowledge of Software Flaws, the original frontpage is available here.

We strongly believe that the press is not only a way to diffuse the name of the company, it's moreover the opportunity for our research and work to reach a wide audience and allowing more people to understand and discuss about security.

The following is a brief collection of the media coverage we received.

Careers Top News