Who We Are,

Stobaugh Group is a Security Research and Consultation company, specializing in Vulnerability Assessment & Penetration Testing (VAPT), Physical Security Assessment, Vulnerability & Security Research, OSINT, & Threat Hunting.

Our primary headquarters is in the Dallas-Fort Worth Metroplex, Texas however we serve all 50 states and US territories.

More specifically, some of our key specialty services are as follows:

• Android & Mobile Security: We possess unparalleled expertise in the Android ecosystem, unearthing critical vulnerabilities that help developers & engineers craft more robust defensive strategies.

• Open-Source Intelligence (OSINT/OSI): We wield the power of OSINT to gather vital intelligence, anticipate evolving threats, and stay ahead of the curve.

• Vulnerability Assessment & Penetration Testing (VAPT): We don the black hat, simulating real-world attacks to expose weaknesses and harden your defenses from the inside out. We offer both on-site, and physical testing as well as testing for Mobile Devices and Apps, Web Apps and APIs, Automotive Technology, IoT Technology, and more.

• Reverse Engineering: Our team can delve into the intricate workings of software, demystifying its secrets and uncovering potential security backdoors.

• Social Engineering/PsyOps: We understand the human element of security. We provide comprehensive training and awareness programs to strengthen your organization's human security posture.

• On-Going and Tailored Research: We consistently remain engaged in some form of research as much as realistically possible. Our goal is to be working on something, all the time, so we are learning something, all the time. We welcome any opportunity to collaborate or assist in research operations in cyber or security related fields.

• Physical Security Hardening: Our team is exceptionally skilled at finding ways to breach physical security, let us help you ensure your infrastructure is secure on the physical level.

•  Mobile Device, PC & Network Forensics: Including Data recovery, access recovery, digital footprint recovery, and breach investigations.

Notable Achievements

• • October 2022 - 0-day Discovery - AOSP PM (Package Manager) flaw - Public Disclosure in Jan 2023 - 2 Work-around follow-up exploits made for OEM patches. Fin = Dec 2023

  •    January 2023 - 0-day Discovery - ACTIVE 0-DAY!  Microsoft Visual Studio Nuget RCE - Public Disclosure in December of 2023 (See applicable case study in our Notable Research section for more information) 

  •   July 2023 - 0-day Discovery - CVE 2023 30731 "Combo-kill" Samsung Security Update - Oct 2023 

  •  August 2023 - Google Bard/Gemini API Reverse Engineering - Google Honorable Mentions

  •  Q1 & Q2 2024 - Stobaugh Group collectively exceeded quarterly expectations for Q1 2024 & was 1 contract short of meeting Q2 2024 goals (Set in Q4 2023) for contracts signed.

  • July 2024 - Signed first partnership with TriVigil©  to help secure the educational & academic sector!

  • October 2024 - More Big news coming soon! 🎉 🤝