A zero-day is a software vulnerability that is actively exploited before the vendor releases a patch. The name refers to the fact that developers have had zero days to fix the issue. Zero-days are the most dangerous class of vulnerability because there is no official fix available when attacks begin. Sherlock Forensics provides emergency zero-day response starting at $2,500 CAD with a 4-hour SLA.

How fast can you respond?

Sherlock Forensics offers a 4-hour SLA for emergency zero-day assessments. From the moment you contact us, our team begins triaging your exposure. For full impact analysis, we deliver within 24 hours. We maintain an on-call rotation specifically for zero-day events.

How do I know if I am affected?

When a zero-day drops, the first step is identifying whether your systems run the affected software and version. Sherlock Forensics performs rapid asset inventory and version mapping across your infrastructure. We cross-reference CVE details, vendor advisories and threat intelligence feeds to determine your exposure within hours.

What should I do when a zero-day is announced?

Immediately isolate affected systems from the network if possible. Do not apply unofficial patches from unknown sources. Contact your security team or a trusted incident response provider like Sherlock Forensics. Document everything. Check vendor advisories for official guidance. Monitor for indicators of compromise specific to the vulnerability.

Emergency Response

Zero-Day Emergency Response

A critical vulnerability just dropped. Your team is scrambling. We are already working.

Sherlock Forensics provides zero-day emergency response services for organizations affected by newly disclosed vulnerabilities. Led by Ryan Purita (CISSP, ISSAP, ISSMP), the service includes emergency assessment with a 4-hour SLA starting at $2,500 CAD, full impact analysis within 24 hours at $5,000 CAD and custom remediation support. Established circa 2004 in Vancouver, BC.

When a zero-day hits, every hour counts. While your team is still reading the advisory, we are already mapping your exposure, checking for indicators of compromise and building a remediation plan. We have done this for Log4Shell. We have done this for MOVEit. We have done this for SolarWinds. We will do it for the next one too.

Call 604.229.1994 View Response Tiers

Response Tiers

Choose Your Response Level

4-HR SLA

Emergency Assessment - $2,500 CAD

Rapid triage within 4 hours of engagement. We identify whether your systems are affected, check for active exploitation and deliver an initial risk assessment with immediate mitigation steps. This is your first line of defense when a zero-day drops and you need answers fast.

24-HR SLA

Full Impact Analysis - $5,000 CAD

Comprehensive analysis delivered within 24 hours. Includes full asset inventory, version mapping, indicator of compromise scanning, lateral movement assessment and a detailed report with prioritized remediation actions. We tell you exactly what is exposed, what may already be compromised and what to fix first.

CUSTOM

Remediation Support - Custom

Hands-on remediation for complex environments. Our team works alongside yours to patch systems, harden configurations, deploy mitigations and verify fixes. Scoped based on infrastructure size and vulnerability severity. Includes post-remediation validation testing.

Process

How Zero-Day Response Works

1. Alert and Triage

You contact us or we contact you. Our threat intelligence team monitors vulnerability feeds, vendor advisories and exploit databases around the clock. When a critical zero-day drops, we proactively reach out to clients who may be affected. Subscribers to our zero-day alert list receive notifications within minutes of disclosure.

2. Exposure Mapping

We map your attack surface against the vulnerability. This means identifying every instance of the affected software, checking version numbers, reviewing configurations and determining which systems are internet-facing. For supply chain vulnerabilities, we trace transitive dependencies to find hidden exposure.

3. Compromise Assessment

We check whether the vulnerability has already been exploited in your environment. This includes scanning for known indicators of compromise, reviewing logs for suspicious activity, checking for unauthorized file modifications and looking for persistence mechanisms that attackers commonly deploy after initial exploitation.

4. Mitigation and Remediation

We deliver specific, actionable remediation steps prioritized by risk. For critical systems, we provide temporary mitigations that reduce exposure while permanent fixes are deployed. Every recommendation includes implementation guidance so your team can act immediately.

Track Record

Past Zero-Day Responses

Log4Shell (CVE-2021-44228)

December 2021. A remote code execution vulnerability in Apache Log4j affecting virtually every Java application on the internet. We began client notifications within 2 hours of public disclosure and completed exposure assessments for all managed clients within 48 hours. Multiple organizations had vulnerable instances they did not know existed in transitive dependencies.

MOVEit (CVE-2023-34362)

May 2023. A SQL injection vulnerability in Progress MOVEit Transfer exploited by the Cl0p ransomware group. We identified affected clients, verified file transfer integrity and implemented network-level mitigations before the vendor patch was available. Zero clients experienced data exfiltration.

SolarWinds (SUNBURST)

December 2020. A supply chain attack that compromised SolarWinds Orion updates to deliver backdoor malware to 18,000 organizations. We performed forensic analysis of Orion installations, identified compromised builds and guided remediation including full infrastructure credential rotation for affected clients.

Stay Informed

Subscribe to Zero-Day Alerts

Get notified when critical zero-day vulnerabilities are disclosed. We send alerts only for high-severity issues that require immediate action. No spam, no marketing, just the vulnerabilities that matter.

Frequently Asked Questions

Zero-Day Response FAQs

What is a zero-day?: A zero-day is a software vulnerability that is actively exploited before the vendor releases a patch. The name refers to the fact that developers have had zero days to fix the issue. Zero-days are the most dangerous class of vulnerability because there is no official fix available when attacks begin.
How fast can you respond?: Our emergency assessment tier has a 4-hour SLA. From the moment you contact us, our team begins triaging your exposure. For full impact analysis, we deliver within 24 hours. We maintain an on-call rotation specifically for zero-day events and monitor threat intelligence feeds continuously.
How do I know if I am affected?: When a zero-day drops, the first step is identifying whether your systems run the affected software and version. We perform rapid asset inventory and version mapping across your infrastructure. We cross-reference CVE details, vendor advisories and threat intelligence feeds to determine your exposure within hours. Many organizations discover affected software in places they did not expect, particularly in transitive dependencies and embedded components.
What should I do when a zero-day is announced?: Immediately isolate affected systems from the network if possible. Do not apply unofficial patches from unknown sources. Contact your security team or a trusted incident response provider. Document everything. Check vendor advisories for official guidance. Monitor for indicators of compromise specific to the vulnerability. If you do not have an internal security team, call Sherlock Forensics at 604.229.1994 for immediate assistance.

Emergency Response

When the next zero-day drops, will you be ready?

Emergency assessments from $2,500 CAD with a 4-hour SLA. Call us or subscribe to zero-day alerts.

Call 604.229.1994

Talk to Our Response Team

Whether you are dealing with an active zero-day or want to establish a retainer for future incidents, we are ready to help.

Call 604.229.1994

Phone: 604.229.1994
Burnaby Office: Burnaby, BC, Canada
Coquitlam Office: Coquitlam, BC, Canada
Emergency SLA: 4-hour response for assessment tier