Redefining Security

About Stobaugh Group

Stobaugh Group is a Cyber Security Research and Consultation company, specializing in Vulnerability Assessment & Penetration Testing (VAPT) and Vulnerability Research.

More specifically, our current skill sets are as follows:

• Android & Mobile Security: We possess unparalleled expertise in the Android ecosystem, unearthing critical vulnerabilities and crafting robust defensive strategies.

• Open-Source Intelligence (OSINT/OSI): We wield the power of OSINT to gather vital intelligence, anticipate evolving threats, and stay ahead of the curve.

• Vulnerability Assessment & Penetration Testing (VAPT): We don the black hat, simulating real-world attacks to expose weaknesses and harden your defenses from the inside out. We offer both On-site, and physical testing as well as Android Devices and apps, Web apps and APIs, Automotive technology, IoT Devices, and more.

• Reverse Engineering: We delve into the intricate workings of software, demystifying its secrets and uncovering potential security backdoors.

• Social Engineering/PsyOps: We understand the human element of security, empowering organizations and individuals to build an impenetrable wall against manipulation and deception.

• Cyber Security Research: We consistently remain engaged in some form of research as much as realistically possible. Our goal is to be working on something, all the time, so we are learning something, all the time.

• Physical Security Hardening: We are exceptionally skilled at finding ways to breach physical security, let us help you ensure your infrastructure is secure.

• .Net Development\Testing: Leveraging the expertise of a highly skilled .NET developer turned hacker, we possess a distinctive capability to identify novel Windows vulnerabilities at the system level while simultaneously crafting tailored tools and applications to enhance our VAPT services. 

Our Collective Discoveries

October 2022- AOSP PM (Package Manager) flaw - Public Disclosure in Jan 2023 - 2 Work-around follow-up exploits made for OEM patches. Fin = Mar 2023

January 2023 - Microsoft Visual Studio Nuget RCE - Public Disclosure in December 2023 

July 2023 - CVE 2023 30731 "Combo-kill" Samsung Security Update - Oct 2023 

August 2023- Google Bard/Gemini API Reverse Engineering - Google Honorable Mentions