Research & Development

Innovation & Expertise

ABOUT OUR RESEARCH

At KMSEC, research is at the core of everything we do. We continuously push the boundaries of offensive security, developing novel techniques and custom tooling to uncover vulnerabilities that traditional methods miss. Our experience spans binary analysis, concolic execution, advanced web exploitation, and hardware-level security. We believe in sharing our findings and contributing to the global security community.

Explore our active projects like Zorya and XEGMAP below, or engage with our team to discuss specialized research requirements.

INITIATE RESEARCH DIALOGUE ➔

Research Focus Areas

JNI / Android

JNI Focused Reverse Engineering

Our research into Java Native Interface (JNI) focuses on the security implications of cross-language execution. We analyze how memory management and type safety are handled at the boundary between the JVM and native C/C++ code, identifying vulnerabilities in high-stakes Android applications and middleware.

DEEP DIVE WITH US ➔
Binary Analysis

Binary Symbolic Execution

We leverage SMT solvers and symbolic execution to mathematically prove the reachability of security-critical states. By modeling binary instructions as logical formulas, we automate the discovery of complex vulnerabilities that are invisible to fuzzing and manual review.

SOLVE WITH US ➔
Concurrency

Hybrid Concurrency Analysis

Modern concurrent languages like Go and Rust introduce unique bug classes. Our research combines static happens-before analysis with dynamic lockset tracking to identify non-deterministic data races and deadlocks in distributed systems and cloud infrastructure.

TRACE WITH US ➔
Web Exploitation

Contemporary Web Exploitation

Beyond the OWASP Top 10, we investigate emerging web attack vectors. This includes research into parser differentials, HTTP request smuggling in complex proxy chains, and novel exploitation techniques in cloud-native microservices.

EXPLORE WITH US ➔
Android / Automation

Advanced APK Analysis

Building specialized engines for the automated de-obfuscation and structural analysis of complex Android application packages, targeting proprietary packers and anti-analysis mechanisms.

ANALYZE WITH US ➔
AI / LLM Security

LLM Security Analysis

Exploring novel attack vectors against Large Language Models, focusing on prompt injection, indirect context contamination, and the security of LLM-integrated autonomous agents.

SECURE WITH US ➔

Interested in a technical deep dive or collaborative research in these areas?

INITIATE RESEARCH DIALOGUE 🔬

Active Research Projects

Symbolic Reasoning

Zorya: Concolic Execution Framework

As Go becomes the primary choice for critical server components and cloud infrastructure, traditional security tools struggle with its complex runtime primitives. Zorya targets Go binaries and leverages a hybrid concolic engine that translates machine code into Ghidra's P-Code intermediate representation, resolves deep path dependencies, and identifies concurrency flaws—such as data races and logic-state vulnerabilities—that other frameworks miss.

Symbolic Execution Concolic Testing Ghidra P-Code Z3 SMT Rust/Go
BLACK HAT ASIA ARSENAL ➔ ZORYA-VOLOS REPOSITORY ➔

ZORYA: SCALING CONCOLIC EXECUTION FOR LARGE SCALE BINARY ANALYSIS ➔

ID: arXiv:2605.03492
DATE: May 2026

AUTOMATED DETECTION OF CONCURRENCY BUGS IN COMPILED BINARIES ➔

ID: arXiv:2512.10799
DATE: December 2025
Binary Topology

XEGMAP: Advanced Binary Mapping & Visualization

XEGMAP is an advanced mapping and visualization engine designed to bridge the gap between low-level assembly and architectural understanding. By translating binary control flow into searchable, multi-layered graph models, XEGMAP allows researchers to visualize hidden component relationships and identify cross-boundary attack surfaces that are invisible to traditional linear analysis.

Binary Visualization Reverse Engineering Graph Theory Control Flow Mapping
PHASE 1 ALPHA COMING SOON
Strategic Partnerships

Collaborative Innovation

KMSEC actively seeks partnerships with academic institutions, industry leaders, and innovative startups to push the boundaries of offensive security research. We believe in a collaborative approach to tackle the most challenging problems in cybersecurity, fostering an ecosystem of shared knowledge and advanced solutions.

PARTNER WITH US 🤝