ReverseForge is a boutique, two-person security research lab focused on low‑level reverse engineering, vulnerability discovery, and exploit development.
We break things to make them safer — from Android firmware to Web applications and embedded IoT devices.
-
🎯 What we do
- Zero‑day vulnerability research
- Reverse engineering of binaries, protocols & firmware
- Penetration testing (Android, Web, IoT, Cloud)
- Responsible disclosure & CVE publication
-
📂 What you'll find here
- Full write‑ups & Proofs of Concept
- Custom tooling (Frida scripts, Ghidra loaders, emulators…)
- Curated datasets for fuzzing & analysis
| 📱 Android | 🌐 Web | 📡 IoT / Embedded |
|---|---|---|
| APK/DEX decompilation | Modern webapp pentesting (SPA, APIs) | Firmware extraction & analysis |
| Native library (ARM/x86) reversing | Client‑side logic flaws, XSS, SSRF | UART, JTAG, SPI, I2C debugging |
| Custom ROMs & kernel modules | GraphQL, OAuth, WebSocket hacking | Bluetooth/BLE, Zigbee, LoRa |
| Magisk, EdXposed, LSPosed modules | Supply‑chain attacks | Side‑channel & fault injection |
⚡ Motivation: We believe public, detailed vulnerability write‑ups raise the bar for the whole security community.
 |
 |
|---|---|
| Your Name Co‑Founder, Reverser |
Friend's Name Co‑Founder, Penetration Tester |
| @your_username | @friend_username |
We are a two‑person powerhouse — every vulnerability is found, analyzed, and documented by both of us. Contributions are always signed as ReverseForge.
| Repository | Description |
|---|---|
| 🛡️ advisories | Official write‑ups for disclosed vulnerabilities (CVE‑assigned) |
| 💉 pocs | Functional Proofs of Concept, exploit scripts & payloads |
| 📙 reverse‑playbooks | Step‑by‑step guides & cheat sheets for Android, IoT, and Web |
| CVE ID | Severity | Product | Date |
|---|---|---|---|
| CVE-2025-50681 | 🟡 Medium (5.4) | igmpproxy | 12/19/2025 |
| CVE-2025-63757 | 🟠 High (7.5) | FFMPEG | 12/18/2025 |
| CVE-2026-3291 | 🟡 Medium (6.9) | Samsung Print Service Plugin | 05/06/2026 |
| See the full list in the advisories repo. |
- 🔐 Responsible disclosure – we follow a 90‑day policy (or vendor‑agreed timeline).
- 💬 Want to collaborate? Open an issue or drop an email.
⚡ Crafted with caffeine & curiosity by the ReverseForge team