TecSecurity is an Australian offensive security firm dedicated exclusively to vulnerability research and exploit development. We don’t sell firewalls, run SOCs, or deploy agents. Every member of the team does one thing: break software.

What We Do

Our research team specialises in uncovering security flaws in widely deployed commercial software. We operate across the full vulnerability lifecycle, from initial discovery through to weaponised proof of concept.

Discovery – We audit complex, real-world codebases to identify vulnerabilities that automated tooling misses. Our researchers work at the binary level, reversing and deconstructing proprietary software to surface flaws in parsing logic, memory management, and trust boundaries.

Analysis – Finding a crash is not enough. We triage every candidate bug to determine its true severity, confirm whether it crosses a meaningful security boundary, and assess the practical attack surface it exposes.

Exploitation – We build reliable, production-quality exploits that demonstrate real-world impact. This includes crafting initial proof-of-concept code, hardening unreliable primitives into stable chains, and adapting working exploits across hardware revisions, firmware versions, and software builds.

Chaining – Many high-impact attacks require stitching together multiple vulnerabilities. We design and validate multi-stage exploit chains that combine discrete flaws into cohesive, end-to-end attack paths.

Track Record

Our work is published through the Zero Day Initiative and coordinated with vendors including Google, Meta, Microsoft, Adobe, Siemens, Autodesk, Schneider Electric, and others. To date we have disclosed hundreds of vulnerabilities across desktop applications, industrial control systems, IoT devices, and document processing software.

Browse our Advisories for the full disclosure history, or see our publicly released Exploits.

Recognition

TecSecurity founder Rocco Calvi received the ZDI Vanguard Award for Most Prolific Researcher at Black Hat USA 2025, recognising 300+ remote code execution vulnerabilities reported through the Zero Day Initiative – the world’s largest vendor-agnostic vulnerability acquisition programme.

Rocco was previously named a 2023 Microsoft Most Valuable Researcher by the Microsoft Security Response Center (MSRC) and ranked as a top three Microsoft Office researcher for the year.

PGP Key

For encrypted communications, use the following PGP public key:

Contact

For research inquiries, coordinated disclosure, or engagement opportunities: