Hackers Received Their "Oscar". The Pentest Award Honored the Best Bug Bounty Hunters
Hackers came out on top at this year's awards.
Hackers came out on top at this year's awards.
This year, the online cyber range Standoff Hackbase became a partner of the Pentest Award for the first time. The team behind the red teaming platform curated one of the key nominations: "Infrastructure Penetration."
This nomination combines work on finding and exploiting vulnerabilities in network infrastructure, services, and IoT devices. The focus is on the complexity and originality of the approaches implemented by the participants.
"When choosing the winners together with the jury, we analyzed dozens of reports on found vulnerabilities. Not only technical complexity was important, but also the ability to take a non-standard path: demonstrating successful exploitation outside of a web context and the depth of the researchers' analysis. Such initiatives help develop the professional cybersecurity community and set a quality bar for future projects," said Andrey Pugachev, an expert from the Standoff cyber range architecture group at Positive Technologies.
The winner in the nomination was Mikhail Sukhov (Im10n) with his research on FreeIPA, in which he demonstrated how DCSync led to vulnerability CVE-2025-4404. This vulnerability can be used for privilege escalation and gaining access within a victim's infrastructure.
"To exploit the vulnerability, an attacker would need access to a computer account in the FreeIPA domain. Having gained maximum privileges on the compromised node, they could read the contents of the file that stores the keys for accessing the system. As a result of a successful attack, the attacker gains the ability to escalate their privileges to domain administrator, manage user accounts and rights, and access any of the organization's information," shared Mikhail Sukhov.
Second place in the nomination went to Georgy Gennadyev (D00Movenok) with a case study on reverse engineering, bypassing security protections, and taking over a domain using built-in Windows tools. Irabva took third place for a penetration test of a large industrial company.
Standoff Hackbase is an online cyber range with realistic copies of systems and software from various industries where one can practice finding vulnerabilities 24/7. It allows users to upgrade their skills, try unconventional approaches, and reach the top of the Standoff leaderboard.
