At Black Hat USA 2025, Trend Micro’s Zero Day Initiative presented the ZDI Vanguard Award to TecSecurity founder Rocco Calvi (@TecR0c) for Most Prolific Researcher – recognising the researcher with the highest number of contracted vulnerability cases with ZDI. The award was presented at Trend Micro’s booth as part of ZDI’s 20th anniversary celebrations.

By the Numbers

The award reflects over 300 remote code execution vulnerabilities reported to ZDI across a range of target categories:

This post details the exploitation of two critical deserialization vulnerabilities in Inductive Automation’s Ignition software — CVE-2023-39475 and CVE-2023-39476. Both vulnerabilities carry a CVSS score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and enable unauthenticated remote code execution against affected installations.

The proof-of-concept exploit, DoubleTrouble, is available on GitHub.

Background

These vulnerabilities were discovered during preparation for Pwn2Own Miami 2023. Unfortunately, the competition rules were changed on January 4th, rendering our submission invalid before the event took place.

The Microsoft Security Response Center (MSRC) announced the 2023 Most Valuable Security Researchers, recognising the top vulnerability researchers who reported high-impact security issues across Microsoft products during the July 2022 – June 2023 reporting period.

TecSecurity founder Rocco Calvi (@TecR0c) was named one of the top three Microsoft Office researchers for the year:

Congratulations to the top Office researchers this year: Mat Powell working with Trend Micro Zero Day Initiative, zcgonvh, Rocco Calvi (@TecR0c)!

In preparation for the Pwn2Own Toronto 2022 hacking contest organized by the Zero Day Initiative, Rocco Calvi (@TecR0c) from TecSecurity dedicated his efforts to uncovering remote code execution vulnerabilities and crafting the corresponding exploits. Pwn2Own is a prestigious competition that rewards security researchers who demonstrate these skills against various targets. Discovered vulnerabilities are then shared with the appropriate vendors to enhance security.

Regrettably, we could not participate in the Pwn2Own competition due to the requirement for a physical flash drive to be connected to the target device. Nonetheless, we made a valuable contribution to the event by coordinating the disclosure of a vulnerability we discovered in a router’s secure sharing feature with the vendor. This feature, based on the DLNA standard, enables users to share media such as music, photos, and videos across a home network using the MiniDLNA service (formerly known as ReadyMedia).