Positive Technologies Offensive Team
Joined July 2020
- Tweets 249
- Following 143
- Followers 18,768
- Likes 176
174 Photos and videos
👨🏻💻 Did you know that it’s possible to perform RCE in Internet Explorer via clickjacking? Igor Sak-Sakovsky's (@Psych0tr1a) new article will explain how!
swarm.ptsecurity.com/the-cli…
16
28
2,347
🐘 PHP JPEG bugs: how image parsing leads to memory corruption.
Our researcher Nikita Sveshnikov discovered two JPEG-related memory-safety bugs in PHP’s ext/standard: CVE-2025-14177 in getimagesize and a heap buffer overflow in iptcembed.
swarm.ptsecurity.com/hack-th…
22
74
8,457
🧑🚒 Our researcher Mikhail Sukhov shares his knowledge and experience in analyzing FreeIPA environments.
He also introduces his new tool, IPAHound 💪
Go ’n see the details ➡️ swarm.ptsecurity.com/thinkin…
1
44
144
8,955
🔥 Read the new article by our researcher Timofey Duditsky.
The write-up dives into the AMD Platform Configuration Blobs mechanism, shows how it works, and reveals the vulnerability CVE-2025-54502.
swarm.ptsecurity.com/slowbur…
12
30
3,616
📢 Positive Hack Talks is heading to Kuala Lumpur 🇲🇾!
📍 Kuala Lumpur, Malaysia
🗓 May 5, 2026
Join us for a free in-person hacker event — everyone’s welcome!
CFP & attendee registration now open ⬇️
phtalks.ptsecurity.com/kuala…
10
24
1,837
Two bugs. One chain. Full RCE.
New research by Aleksandr Zhurnakov on Dell Wyse Management Suite shows how business logic flaws can be chained into complete system compromise.
Read the full writeup!
swarm.ptsecurity.com/busines…
1
80
344
25,104
🐘 Attack arithmetic: how an integer overflow in PostgreSQL libpq leads to denial of service.
Our researcher Aleksey Solovev discovered the vulnerability CVE-2025-12818, which may cause a product using the libpq PostgreSQL library to crash.
swarm.ptsecurity.com/attack-…
11
28
3,880
🚨 Our researcher Alexander Zhurnakov identified two vulnerabilities in Dell Wyse Management Suite prior to version 5.5.
In certain configurations, they can be chained to achieve unauthenticated remote code execution.
Upgrade now → dell.com/support/kbdoc/en-us…
1
32
93
9,934
🏆Two of our research articles are shortlisted for PortSwigger's Top 10 Web Hacking Techniques of 2025 poll!
1⃣ Impossible XXE in PHP
2⃣ Blind trust: what is hidden behind the process of creating your PDF file?
Last day to vote if you found them useful!
portswigger.net/polls/top-10…
5
16
2,043
📞 Microsoft fixed an authenticated RCE in Windows Telephony Service (CVE-2026-20931), discovered by our researcher Sergey Bliznyuk @justbronzebee
Read the write-up: swarm.ptsecurity.com/whos-on…
4
113
389
34,395
📑 A new article from our researchers Aleksey Solovev, Nikita Sveshnikov and Vladimir Razov — "Blind trust: what is hidden behind the process of creating your PDF file?".
swarm.ptsecurity.com/blind-t…
28
104
11,862
📱 New article by our researcher @Fi5t: Injection for an athlete.
Read about a vulnerability discovered in the Garmin Connect mobile application:
swarm.ptsecurity.com/injecti…
11
24
3,355
🌎 Positive Hack Talks lands in Brazil 🇧🇷!
📍 São Paulo
🗓️ Dec 10, 2025
REMINDER: PHT is a fun and free cybersec event, see last pics: phtalks.ptsecurity.com/saopa…
⬆️ Register to attend or speak. Vamos!
4
10
2,924
New article by @a13xp0p0v: "Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel."
Alexander used his pet project kernel-hack-drill to exploit a hard race condition that received the Pwnie Award 2025.
swarm.ptsecurity.com/kernel-…
1
22
43
6,854
🚨 We've launched dbugs.ptsecurity.com, a new home for vulnerabilities. More than CVEs. More than MITRE.
✅ Trends & Insights
✅ AI-generated, multi-source vulnerability descriptions
✅ Researcher credits
✅ [drop your own tip in the comments]
Follow the project: @ptdbugs
10
27
5,391
👑 Our researcher has discovered LPE in VMWare Tools (CVE-2025-22230 & CVE-2025-22247) via VGAuth!
Write-up by the one who broke it: Sergey Bliznyuk (@justbronzebee)
swarm.ptsecurity.com/the-gue…
1
42
110
9,990
😈 Read the new article "Daemon Ex Plist: LPE via MacOS Daemons" by our researcher Egor Filatov.
This research reveals a vulnerability affecting popular apps like Mozilla VPN, Tunnelblick & more.
swarm.ptsecurity.com/daemon-…
31
61
7,884
🧠 Our researcher Sergey Tarasov discovered a vulnerability (CVE-2025-49689) in NTFS on MS Windows.
The article dives into the exploitation path, file system internals, VHD format, and more.
🔗 Read the article: swarm.ptsecurity.com/buried-…
20
56
4,447
🦊 Mozilla Foundation fixed CVE-2025-6430, discovered by our researcher Daniil Satyaev!
This vulnerability allows the Content-Disposition: attachment header to be ignored if the page is opened using <embed> or <object>, resulting in files being displayed instead of downloaded.
3
43
239
21,445
⚡️ FreeIPA fixed critical CVE-2025-4404, discovered by our researcher Mikhail Sukhov!
This vulnerability allows an authenticated attacker to escalate privileges from host to domain admin.
🔗 Advisory: freeipa.org/release-notes/4-…
31
79
7,183