Original Research. Real Vulnerabilities.
CVE Discovery is original vulnerability research — not scanning, not known-exploit validation. Our researchers conduct deep binary analysis, reverse engineering, and fuzzing campaigns to uncover previously unknown vulnerabilities in software, firmware, and hardware.
We combine vulnerability research and reverse engineering to take a target from first principles through to working proof-of-concept. Engagements are commissioned by organisations who want to know if their own products are exploitable, or who need to understand the vulnerability depth in software they depend on.
All discoveries are handled under coordinated disclosure protocols. We manage vendor communication, CVE assignment, and embargo timelines — ensuring findings are responsibly disclosed and your organisation is not exposed prematurely.
Can This Be Exploited?
Target Selection & Scoping
We identify high-value research targets based on your attack surface, sector-specific threat landscape, or commissioned research objectives. Targets include commercial software, firmware, embedded systems, and custom applications.
Reverse Engineering & Analysis
Our researchers use static and dynamic analysis — disassembly, decompilation, fuzzing, and binary diffing — to map application logic, identify trust boundaries, and locate vulnerability classes.
Vulnerability Development & Proof of Concept
Identified vulnerabilities are developed into working proof-of-concept exploits to confirm exploitability and establish real-world impact. This stage determines CVSS scoring and remediation priority.
Coordinated Disclosure
We coordinate responsible disclosure with the affected vendor through established CVD processes. We handle vendor communication, timeline management, and CVE assignment, keeping you informed throughout.
What We Reverse-Engineer
- Binary reverse engineering (x86, x64, ARM)
- Firmware extraction and analysis
- Fuzzing and automated vulnerability discovery
- Protocol analysis and custom parser research
- Memory corruption exploitation (heap, stack, UAF)
- Logic and authentication vulnerability research
- Zero-day research for commissioned targets
- CVE assignment and coordinated disclosure
From Binary to CVE
Vulnerability Research Report
Full technical documentation of identified vulnerabilities — root cause analysis, exploitation conditions, and CVSS scoring.
Proof-of-Concept Code
Working PoC demonstrating exploitability, provided under strict handling protocols to prevent misuse.
Reverse Engineering Artefacts
Annotated disassembly, IDA/Ghidra databases, and analysis notes that persist after the engagement.
Disclosure Management
End-to-end vendor coordination, CVE assignment facilitation, and embargo management through to public disclosure.
Remediation Guidance
Developer-facing remediation recommendations covering both the specific vulnerability and the class of weakness it represents.