Positive Security
Holistic IT security research & consulting
Positive Security
Holistic IT security research & consulting
Quick -  Proper - Thorough
Our work is thorough - we are driven by curiosity to explore the whole picture.
About

Who we are

We're a team of highly skilled IT security professionals dedicated to tackling the most diverse and complex problems in the industry.

Learn More
Services

What we do

With a holistic mindset, we provide a wide range of offensive and defensive IT security services. From hacking your website, company or IoT device, to implementing security features in your app, we help you drive positive change in your organization.

Learn More
Blog
MS Teams: 1 feature, 4 vulnerabilities
December 22, 2021

Microsoft Team's link preview feature is susceptible to spoofing and vulnerable to Server-Side Request Forgery. Team's Android users can be DoS'ed and, in the past, their IP address could be leaked.

Windows 10 RCE: The exploit is in the link
December 7, 2021

Chaining a misconfiguration in IE11/Edge Legacy with an argument injection in a Windows 10/11 default URI handler and a bypass for a previous Electron patch, we developed a drive-by RCE exploit for Windows 10. The main vulnerability in the ms-officecmd URI handler has not been patched yet and can also be triggered through other browsers (requires confirmation of an inconspicuous dialog) and desktop applications that allow URI opening.

Linux marketplaces vulnerable to RCE and supply chain attacks
June 22, 2021

We're disclosing patched vulnerabilities in KDE Discover and the Gnome Shell Extensions website, as well as unpatched vulnerabilities in the PlingStore app and Pling-based Linux marketplace websites (e.g. appimagehub.com, store.kde.org, gnome-look.org).

More posts

Contact Us

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Or send an email to hi@positive.security