Question 1

How does the Strobes research team discover vulnerabilities?

Accepted Answer

Our team combines automated fuzzing, manual code review, reverse engineering, and attack surface analysis to discover vulnerabilities in widely-used software. We follow responsible disclosure practices and coordinate with vendors before publishing.

Question 2

Do you accept external vulnerability submissions?

Accepted Answer

Yes. If you have discovered a vulnerability and need help with analysis, PoC development, or coordinated disclosure, reach out to our research team. We collaborate with independent researchers and credit all contributors.

Question 3

How quickly are new CVEs analyzed after disclosure?

Accepted Answer

Critical vulnerabilities (CVSS 9.0+) with active exploitation are typically analyzed within 24-48 hours. High-severity CVEs follow within a week. Our AI agents accelerate triage by automatically correlating EPSS scores, CISA KEV status, and exploit availability.

Question 4

Can I use the research findings in my own security program?

Accepted Answer

All published research is available for defensive use. Detection rules, IOCs, and YARA signatures can be directly imported into your security tools. Strobes platform customers get these integrated automatically.

Question 5

How does this research feed into the Strobes platform?

Accepted Answer

Research findings directly update our vulnerability intelligence database, EPSS correlation models, and AI agent decision-making. Platform users benefit from faster, more accurate prioritization based on real-world exploit intelligence gathered by our research team.

Original Vulnerability Research & Threat Intelligence

Published Research & Analysis

XZ Utils Backdoor: A Supply Chain Attack Dissected

Ivanti Connect Secure: Chaining Auth Bypass to RCE

JetBrains TeamCity: Pre-Auth RCE and CI/CD Takeover

APT29 Infrastructure Mapping: Tracking Midnight Blizzard

ConnectWise ScreenConnect: Auth Bypass at Scale

npm Package Hijacking: Anatomy of a Dependency Confusion Attack

Subdomain Takeover at Scale: Automating Discovery and Validation

Jenkins CLI Arbitrary File Read: From LFI to RCE

Ransomware-as-a-Service: LockBit 3.0 Technical Teardown

GoAnywhere MFT: Pre-Auth Admin Account Creation

Meet the Researchers

Akhil Reni

Siva Krishna Samireddy

Prakash

Research Program Questions

Related Resources

Platform Overview

AI Agents

Blog

Wantourresearchteamworkingforyou?