Reverse
Deconstruct proprietary software, protocols, parsers, and trust boundaries.
Offensive security research · Melbourne, AU
Vulnerability research and exploit development targeting the software people, businesses, and critical systems depend on.
Research practice
We combine manual reverse engineering, purpose-built automation, and exploit engineering to turn subtle implementation flaws into clear, reproducible security impact.
Deconstruct proprietary software, protocols, parsers, and trust boundaries.
Use targeted tooling and manual review to surface high-impact flaws.
Turn primitives into reliable proof-of-concept exploits and full chains.
Provide verified capability to trusted clients, or coordinate disclosure and publication when appropriate.
Field notes

A deep dive into CVE-2023-39475 and CVE-2023-39476 — two critical (CVSS 9.8) deserialization vulnerabilities in Inductive Automation's Ignition SCADA platform that allow …
Read analysis
How we discovered and exploited CVE-2023-28760, a stack-based buffer overflow in the MiniDLNA service on the TP-Link Archer AX20 router, during preparation for Pwn2Own Toronto …
Read analysis
Rocco Calvi (@TecR0c) received the ZDI Vanguard Award for Most Prolific Researcher at Black Hat USA 2025, recognising 300+ remote code execution vulnerabilities reported through …
Read analysisDisclosure feed
Research track record
Recipient of the 2025 ZDI Vanguard Award, recognising more than 300 remote code execution vulnerabilities reported through the Zero Day Initiative.
Read the storyResearch & engagements
For vulnerability research, exploit development, R&D projects, or tailored offensive security requirements.
rocco@tecsecurity.io