Positive Security
Holistic IT security research & consulting
Positive Security
Holistic IT security research & consulting
Quick -  Proper - Thorough
Our work is thorough - we are driven by curiosity to explore the whole picture.

Who we are

We're a team of highly skilled IT security professionals dedicated to tackling the most diverse and complex problems in the industry.

Learn More

What we do

With a holistic mindset, we provide a wide range of offensive and defensive IT security services. From hacking your website, company or IoT device, to implementing security features in your app, we help you drive positive change in your organization.

Learn More
urlscan.io's SOAR spot: Chatty security tools leaking private data
November 2, 2022

We explore the security service urlscan.io and showcase through various "dorks" that their searchable scan database is a treasure trove of URLs pointing to sensitive user information, allowing account takeover, and much more. Part of the data has been leaked in an automated way by other security tools (SOARs) that accidentally made their scans public.

From XSS to RCE (dompdf 0day)
March 16, 2022

Using a still unpatched vulnerability in the PHP library dompdf (used for rendering PDFs from HTML), we achieved RCE on a web server with merely a reflected XSS vulnerability as entry point.

Find You: Building a stealth AirTag clone
February 21, 2022

We built an AirTag clone capable of silently and continuously tracking someone. The device accomplishes this by sending just one beacon per generated public key, thereby staying invisible to tracking notifications for iOS users and Apple’s Tracker Detect Android app.

More posts

Contact Us

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Or send an email to hi@positive.security