Staying One Step Ahead: The Impact of Abacus Group’s Cybersecurity Research & Development Team

Written by Travis DeForge, Director of Cybersecurity at Abacus Group

When working with an outside service provider, firms must prioritize protecting both their clients and their own organization from additional cybersecurity risk. As a trusted partner to our clients, Abacus Group goes beyond MSSP best practices, meeting compliance standards and providing leading cybersecurity services. One of the most unique capabilities that Abacus Group has developed in recent years is a dedicated team of world-class cybersecurity researchers, engineers, and developers who weave bleeding-edge techniques and technologies into every facet of our cybersecurity programs.  

What began initially as a team conducting the most technically complex projects on our Red Team– such as reverse engineering hardware, binary analysis, and exploit development – has evolved into a force multiplier that increases the security posture of all our clients. Let’s break down some of the key contributions this team has made and what’s on the horizon:

Reverse Engineering to Identify Never-Before-Seen Vulnerabilities 

Earlier this year, the R&D Team started reverse engineering the IT hardware and architecture that is used for our client base to discover zero-day vulnerabilities. “Zero-Days” refers to security vulnerabilities that have never been found before, meaning that at the time of discovery, no patches were available as the vendor was unaware. An example of a zero-day vulnerability that had widespread implications was Log4Shell (CVE-2021-44228), which was exploited widely by cyber criminals in November of 2021 to compromise hundreds of organizations.

As the R&D Team identifies these often critical vulnerabilities, they formally report them to the appropriate vendors such as Microsoft, Cisco, and ScreenConnect. These companies then work collaboratively with Abacus Group to understand the findings and push out patches to remediate them before they are disclosed publicly or exploited in the wild. In Q3 2025 alone, the team identified three critical zero-days in well-known products that are now being patched by vendors before cybercriminals had the chance to discover them for nefarious purposes.

Detection Engineering Informed by Frontline Incident Response 

With the recent acquisition of Entara, Abacus Group welcomed a mature Incident Response team into our ecosystem, which works on the front lines battling sophisticated malicious actors, such as Scattered Spider, on a daily basis. With over 190,000 hours of recovery under their belt, this team is often among the first to encounter new malware or strategies threat actors are using to bypass existing security controls. To leverage these insights, our team instituted a process for the Incident Response team to provide the binary files of these malicious programs to the R&D team. The team then analyzes them and creates custom detection rules that our Security Operation Center (SOC) uses to keep our clients safe from the most advanced threats. In Q3 2025, over 150 custom detection rules were created by the R&D team, which is a benefit to every client ingesting Abacus Group’s security services.  

Capability Development to Combat Shifting Cyber Risks  

Over the years, the R&D Team has developed numerous offensive capabilities for the Cybersecurity Red Team to leverage during penetration testing and social engineering engagements. Among the most popular and insightful to our clients has been the capability to use generative artificial intelligence to clone people’s voices in real time while conducting sophisticated social engineering tests. Recently, the R&D team has taken this one step further and refined the capability, allowing our team to conduct live deepfake video calls, even further exemplifying the bleeding-edge nature of our work. 

Beyond social engineering, the team also created an internal tool for our Application Penetration Testing team to leverage called Copperhead. Application pentesting by its nature is extremely complex, as every web application, API, mobile application, or large language model is uniquely created for a specific use case. This has historically made it extremely difficult to automate any aspects of application testing while maintaining a high depth of quality. Copperhead allows the team to build custom modules following an initial test, which can then be retested on demand. This provides our clients’ software teams with near immediate regression testing capabilities to ensure that a previously fixed vulnerability isn’t inadvertently reintroduced by future updates.  

Upcoming Projects and Objectives 

The goal of the R&D team is to both innovate new processes and tools that will allow us to more securely and efficiently support our clients, in addition to dedicating our team to identifying critical vulnerabilities that could impact the industry as a whole. Looking ahead, the R&D Team will be crafting new cybersecurity offerings that include robust testing baselines for systems that are currently unseen, uncommon, or bleeding-edge, ensuring our clients receive coverage even against emerging technologies that have yet to enter mainstream deployment. While these innovations accelerate delivery and expand our cybersecurity offerings, the R&D team will continue to reverse-engineer the most widely deployed enterprise hardware, including firewall devices, managed switches, and access points, to uncover hidden vulnerabilities before they can be weaponized. Together, these initiatives will strengthen our position as a proactive, security-first partner for organizations seeking to stay ahead of the threat landscape.

Ready to strengthen your firm’s defenses with a partner that goes beyond traditional MSSP services? Contact us today to learn how our cybersecurity expertise can protect your business against evolving threats.