// offensive security · vulnerability research

Make the impossible possible_

PKSecurity is a vulnerability research company that discovers security flaws in the world's most-used software — backed by unrivaled creativity and elite technical skill.

Explore our work Get in touch
0day
vulnerability discovery
Pwn2Own
competition track record
CVE
disclosed research
[01] About

We break things so others can build secure ones.

Founded by proud, top-notch vulnerability experts, PKSecurity tackles the cutting edge of cyber intelligence. Our researchers analyze vulnerabilities across mobile, desktop, and web applications — with a track record in vulnerability reporting, domestic and international hacking competitions, and Pwn2Own.

  • 01

    Unrivaled creativity

    We find what others miss — exploit chains, logic flaws, novel primitives.

  • 02

    Elite engineering

    From kernel internals to JavaScript engines, our researchers dig deep.

  • 03

    Quietly devastating

    The published work is impressive. The unpublished work is something else.

[02] Services

What we do.

Vulnerability Research

We investigate unknown vulnerabilities across operating systems, browsers, and the software you ship — uncovering bugs before adversaries do.

// 0-day discovery

Exploit Development

High-quality exploits and proof-of-concept demonstrations engineered to defeat modern mitigations and prove real-world impact.

// weaponized PoC

1-Day Report Service

Monthly analysis reports on patched vulnerabilities in commercial software — root cause, exploitation potential, and defensive recommendations.

// monthly intel

Training

Hands-on hacking and security courses delivered by working researchers — practical curricula for teams that need to think like attackers.

// offensive curriculum
[03] Research

Selected publications.

A glimpse of public work. Read the blog ↗

2024.05 Hypervisor

Virtualbox Guest-To-Host Escape with a Single Vulnerability
2023.10 Office

2023 Microsoft Office XSS
2023.07 WebKit

Root Cause Analysis — CVE-2023-32439 Type Confusion in WebKit
2023.01 Pwn2Own

2022 Microsoft Teams RCE
[04] Careers

We're hiring researchers who break things for a living.

Preference for candidates with 1-day exploit development or 0-day discovery experience.

// open

Android RCE Vulnerability Researcher

Find and exploit remote code execution paths across the Android attack surface.

Apply →
// open

Android Kernel Vulnerability Researcher

Hunt low-level bugs in the Android kernel and its vendor drivers.

Apply →
// open

Android App Vulnerability Researcher

Audit privileged Android applications and supporting system services.

Apply →
// open

IoT Vulnerability Researcher

Reverse and exploit embedded devices, firmware, and proprietary protocols.

Apply →
[06] Contact

Let's talk.

Engagements, research collaborations, training inquiries, or just to introduce yourself — we read every message.

// email info@pksecurity.io // x @pksecurity_io // blog blog.pksecurity.io