[cookiemonsta]

where do people even go to start to sell an exploit? how does that kind of stuff work?

[brbsix]

I assume you're wondering about the black market? Traditionally, Russian and Eastern European carder forums. In the golden age of Western Union and Moneygram... More recently, dark web markets over TOR with multi-sig cryptocurrency escrow.

[benmmurphy]

for exploits that don't target a single deployed instance there is a 'grey/white' market. off the top of my head: ZDI (more defence oriented. i think they distribute just signatures for intrusion detection), Zerodium (more offence oriented), Exodus Intel EIP (not really sure.. they distribute a feed)

[DigitalJack]

same place as silk road.

[amelius]

Not sure if this is a good idea. Probably lots of undercover three-letter government agents lurking there.

[logfromblammo]

Why is that a bad idea? If you sell to one of them, you will most certainly get paid in full and on time.

Or were you thinking that they would try to bust you for illegal hacking instead?