One interesting little organisation to come to the attention of the information security industry since HBGary Federal got popped is a US-based company named Endgame Systems.
It's a slightly shadowy information security company based in the US that appears to offer its services almost exclusively to the US military and intelligence apparatus.
It was founded in 2008 by a bunch of senior ex-ISS execs and founders like Chris Rouland and Thomas Noonan.
Well, thanks to the "liberation" of HBGary's e-mail by Anonymous and the leak-sifters over at Cryptome, we've now all got access to everything from a high-level overview of Endgame's "capabilities" to its pricelist and a sample report.
All three documents are instructive reading.
It seems Endgame does everything from selling stacks of 0day for use in "information operations," as well as unspecified tools used in "information assurance". The company tracks botnets, too, with some interesting results that are linked to below.
But what caught my eye was slide seven of a presentation, which you can find here [.zip], in which the company boasts of "active vulnerability assessment" and "identification of known vulnerable systems".
Massive, international vulnerability recon and intelligence for US military and intelligence applications, all done in the private sector.
The service sounds a lot like Metlstorm's "low hanging kiwi fruit"* project from a couple of years ago, only these guys charge millions for it [.pdf]. Have a look at a sample report from the company here [.zip].
This sort of information comes in handy. You never know when you'll need to know version of Apache Aeroflot's facilities at Moscow Sheremetevo Airport are running. (1.3.33 on Win32, in case you're wondering.)
HBGary's spools just keep coughing up interesting stuff. I'll be fascinated to see what else surfaces.
* A brief blurb on Metl's project can be found on this page. It's referred to as "low scuttling chilli crab". It's a Singapore thing.