The collective

Four people, one bench, a great deal of patience.

Ghost Circuit is an independent security research collective working under a shared handle. We are not a vendor and we sell nothing — we analyze the connected devices around us and disclose what we find so they get safer for everyone.

How we operate

Operating principles

01

Vendor-first disclosure

We notify the affected party before anyone else and give a fair window to remediate — typically 90 days.

02

No live targets

Research happens on devices we own, in an isolated lab. We never test against third-party infrastructure or production systems.

03

Reproduce or retract

If we cannot reproduce a finding end to end, we do not publish it. Every advisory ships with a minimal proof of concept on file.

04

Open by default

Published research is released under CC BY 4.0 so defenders, students, and vendors can learn from it freely.

Who we are

The bench

We publish under a single handle, but the work is done by a small, named-by-pseudonym team. Each member owns a discipline and reviews the others' findings before anything ships.

@vex

Firmware & bootchain

Reverse engineers embedded firmware and secure-boot implementations. Maintains the collective's emulation harness for blind firmware execution.

  • ARM
  • Secure boot
  • Emulation

@null_harbor

Industrial control

Background in plant automation. Builds safety-aware test rigs so OT findings can be proven without ever touching production systems.

  • Modbus
  • PLC
  • Protocol fuzzing

@amp

Hardware & RF

Lives at the soldering bench. Specializes in debug-interface recovery, board bring-up, and Bluetooth and Zigbee radio analysis.

  • JTAG/SWD
  • BLE
  • Bench work

@rune

Side channel & crypto

Studies what hardware leaks. Runs the collective's power-analysis and fault-injection setup and reviews cryptographic implementations.

  • Power analysis
  • Glitching
  • Crypto review

Track record

A short history

  1. 2017

    Collective forms around a shared lab and a habit of taking hardware apart.

  2. 2019

    First coordinated industrial-control advisory; adopt a formal 90-day disclosure policy.

  3. 2022

    Build the automated firmware emulation harness still in use today.

  4. 2024

    Cross the 100-advisory mark across consumer, automotive, and OT targets.

  5. 2026

    Four core members, dozens of coordinating vendors, one consistent method.

Coordinating a disclosure?

Whether you are a vendor responding to one of our advisories or a researcher with a related finding, we are reachable through an encrypted channel.

Get in touch