Doyensec
@doyensec.bsky.social
Doyensec works at the intersection of software development and offensive engineering. We discover vulnerabilities others cannot, and help mitigate the risk.
We’re excited to share the first video in our Eval Villain series from our Dennis Goodlett.
This powerful security tool is designed to uncover client-side vulnerabilities and help defenders spot risky patterns.
youtu.be/2dUoOyYKkzU
#doyensec #appsec #security #evalvillain #xss
This powerful security tool is designed to uncover client-side vulnerabilities and help defenders spot risky patterns.
youtu.be/2dUoOyYKkzU
#doyensec #appsec #security #evalvillain #xss
Introducing Eval Villain
YouTube video by Doyensec
youtu.be
December 9, 2025 at 11:54 PM
We’re excited to share the first video in our Eval Villain series from our Dennis Goodlett.
This powerful security tool is designed to uncover client-side vulnerabilities and help defenders spot risky patterns.
youtu.be/2dUoOyYKkzU
#doyensec #appsec #security #evalvillain #xss
This powerful security tool is designed to uncover client-side vulnerabilities and help defenders spot risky patterns.
youtu.be/2dUoOyYKkzU
#doyensec #appsec #security #evalvillain #xss
🚀 inQL v6.0.1 is out!
Our GraphQL security tool got big upgrades.⚡
• Schema Brute-Forcer
• Server Engine Fingerprinting
• Automatic Variable Generation
• Performance boosts & other improvements
Details: blog.doyensec.com/2025/12/02/i...
#doyensec #graphql #appsec #security
Our GraphQL security tool got big upgrades.⚡
• Schema Brute-Forcer
• Server Engine Fingerprinting
• Automatic Variable Generation
• Performance boosts & other improvements
Details: blog.doyensec.com/2025/12/02/i...
#doyensec #graphql #appsec #security
December 2, 2025 at 6:36 PM
🚀 inQL v6.0.1 is out!
Our GraphQL security tool got big upgrades.⚡
• Schema Brute-Forcer
• Server Engine Fingerprinting
• Automatic Variable Generation
• Performance boosts & other improvements
Details: blog.doyensec.com/2025/12/02/i...
#doyensec #graphql #appsec #security
Our GraphQL security tool got big upgrades.⚡
• Schema Brute-Forcer
• Server Engine Fingerprinting
• Automatic Variable Generation
• Performance boosts & other improvements
Details: blog.doyensec.com/2025/12/02/i...
#doyensec #graphql #appsec #security
We’re proud that #Doyensec was selected to help secure the IETF — and to share the first batch of vulnerabilities we uncovered. Read more in the newly published advisories 👇
github.com/ietf-tools/x...
github.com/ietf-tools/x...
#appsec #security
github.com/ietf-tools/x...
github.com/ietf-tools/x...
#appsec #security
November 13, 2025 at 7:34 PM
We’re proud that #Doyensec was selected to help secure the IETF — and to share the first batch of vulnerabilities we uncovered. Read more in the newly published advisories 👇
github.com/ietf-tools/x...
github.com/ietf-tools/x...
#appsec #security
github.com/ietf-tools/x...
github.com/ietf-tools/x...
#appsec #security
Going to be near Dublin this Wednesday (10/22)? come join #Doyensec for an evening of drinks ( 🍻/☕ ), networking, and great conversations about all things #appsec & #cybersecurity.
RSVP here: docs.google.com/forms/d/1fa4...
#Infosec #Pwn2Own #BSidesDublin #OWASPIreland #security
RSVP here: docs.google.com/forms/d/1fa4...
#Infosec #Pwn2Own #BSidesDublin #OWASPIreland #security
Live in or passing through #Dublin enroute to #pwn2own ? If you're in #appsec join #doyensec to talk #security over drinks (🍺 or ☕️) Oct. 22nd! Want to talk about our job openings or upcoming projects, that's great too!
RSVP here: docs.google.com/forms/d/1fa4...
cc: @bsidesdublin.bsky.social
RSVP here: docs.google.com/forms/d/1fa4...
cc: @bsidesdublin.bsky.social
October 20, 2025 at 2:53 PM
Going to be near Dublin this Wednesday (10/22)? come join #Doyensec for an evening of drinks ( 🍻/☕ ), networking, and great conversations about all things #appsec & #cybersecurity.
RSVP here: docs.google.com/forms/d/1fa4...
#Infosec #Pwn2Own #BSidesDublin #OWASPIreland #security
RSVP here: docs.google.com/forms/d/1fa4...
#Infosec #Pwn2Own #BSidesDublin #OWASPIreland #security
🚨 Just released - details on a serious vulnerability from our Leonardo Giovannini's research! An Information Disclosure allowing a remote attacker to identify security tokens/credentials when #squid is used for load balancing.🚨
#doyensec #appsec #security #vulnerability
github.com/squid-cache/...
#doyensec #appsec #security #vulnerability
github.com/squid-cache/...
SQUID-2025:2 Information Disclosure in Error handling
Due to a failure to redact HTTP Authentication credentials
Squid is vulnerable to an Information Disclosure attack.
__________________________________________________________________
###...
github.com
October 17, 2025 at 5:23 PM
🚨 Just released - details on a serious vulnerability from our Leonardo Giovannini's research! An Information Disclosure allowing a remote attacker to identify security tokens/credentials when #squid is used for load balancing.🚨
#doyensec #appsec #security #vulnerability
github.com/squid-cache/...
#doyensec #appsec #security #vulnerability
github.com/squid-cache/...
Live in or passing through #Dublin enroute to #pwn2own ? If you're in #appsec join #doyensec to talk #security over drinks (🍺 or ☕️) Oct. 22nd! Want to talk about our job openings or upcoming projects, that's great too!
RSVP here: docs.google.com/forms/d/1fa4...
cc: @bsidesdublin.bsky.social
RSVP here: docs.google.com/forms/d/1fa4...
cc: @bsidesdublin.bsky.social
October 14, 2025 at 3:33 PM
Live in or passing through #Dublin enroute to #pwn2own ? If you're in #appsec join #doyensec to talk #security over drinks (🍺 or ☕️) Oct. 22nd! Want to talk about our job openings or upcoming projects, that's great too!
RSVP here: docs.google.com/forms/d/1fa4...
cc: @bsidesdublin.bsky.social
RSVP here: docs.google.com/forms/d/1fa4...
cc: @bsidesdublin.bsky.social
In our final ksmbd research post @73696e65.bsky.social provides a detailed walkthrough for exploiting a local privilege escalation vulnerability. If you're interested in learning more about exploitation on modern systems - check it out!
blog.doyensec.com/2025/10/08/k...
#doyensec #appsec #security
blog.doyensec.com/2025/10/08/k...
#doyensec #appsec #security
October 8, 2025 at 4:26 PM
In our final ksmbd research post @73696e65.bsky.social provides a detailed walkthrough for exploiting a local privilege escalation vulnerability. If you're interested in learning more about exploitation on modern systems - check it out!
blog.doyensec.com/2025/10/08/k...
#doyensec #appsec #security
blog.doyensec.com/2025/10/08/k...
#doyensec #appsec #security
🧞Your wish has been granted - the latest @pagedout.bsky.social edition is out! In it, our Szymon Drosdzol takes a quick look at #vibecoding, walking through the creation of an AI agent 🤖. Check it out today!
#doyensec #appsec #ai #Security
pagedout.institute
#doyensec #appsec #ai #Security
pagedout.institute
Paged Out!
Deeply technical zine. And it's free.
pagedout.institute
October 6, 2025 at 2:59 PM
🧞Your wish has been granted - the latest @pagedout.bsky.social edition is out! In it, our Szymon Drosdzol takes a quick look at #vibecoding, walking through the creation of an AI agent 🤖. Check it out today!
#doyensec #appsec #ai #Security
pagedout.institute
#doyensec #appsec #ai #Security
pagedout.institute
📢 Our latest blog post shows why VBScript’s Randomize + Rnd are terrible for cryptographic token generation. See how attackers can easily recover seeds and secrets.
🔗 blog.doyensec.com/2025/09/25/y...
#doyensec #appsec #security #crypto
🔗 blog.doyensec.com/2025/09/25/y...
#doyensec #appsec #security #crypto
September 25, 2025 at 4:40 PM
📢 Our latest blog post shows why VBScript’s Randomize + Rnd are terrible for cryptographic token generation. See how attackers can easily recover seeds and secrets.
🔗 blog.doyensec.com/2025/09/25/y...
#doyensec #appsec #security #crypto
🔗 blog.doyensec.com/2025/09/25/y...
#doyensec #appsec #security #crypto
🚨Security Advisory🚨
Systemic SQL Injection vulnerability in pREST!
Initial report details published: github.com/prest/prest/...
#Doyensec #AppSec #Security #PostgreSQL #SQLInjection
Systemic SQL Injection vulnerability in pREST!
Initial report details published: github.com/prest/prest/...
#Doyensec #AppSec #Security #PostgreSQL #SQLInjection
Systemic SQL Injection
# Summary
pREST provides a simple way for users to expose access their database via a REST-full API. The project is implemented using the Go programming language and is designed to expose access t...
github.com
September 19, 2025 at 2:52 PM
🚨Security Advisory🚨
Systemic SQL Injection vulnerability in pREST!
Initial report details published: github.com/prest/prest/...
#Doyensec #AppSec #Security #PostgreSQL #SQLInjection
Systemic SQL Injection vulnerability in pREST!
Initial report details published: github.com/prest/prest/...
#Doyensec #AppSec #Security #PostgreSQL #SQLInjection
We'd like to welcome our newest addition Marcelino "Marce" Siles Rubia! Another success story from our #internship program! The future of #appsec is looking bright 😎 at #doyensec !
September 4, 2025 at 6:53 PM
We'd like to welcome our newest addition Marcelino "Marce" Siles Rubia! Another success story from our #internship program! The future of #appsec is looking bright 😎 at #doyensec !
📢 It's here! Part 2 of Norbert Szetei's (@73696e65.bsky.social) research into ksmbd. See how customized fuzzing & the appropriate sanitizers led to discovering 23 Linux kernel CVEs, including use-after-frees & out-of-bounds reads/writes.
blog.doyensec.com/2025/09/02/k...
#doyensec #appsec #security
blog.doyensec.com/2025/09/02/k...
#doyensec #appsec #security
September 2, 2025 at 7:59 PM
📢 It's here! Part 2 of Norbert Szetei's (@73696e65.bsky.social) research into ksmbd. See how customized fuzzing & the appropriate sanitizers led to discovering 23 Linux kernel CVEs, including use-after-frees & out-of-bounds reads/writes.
blog.doyensec.com/2025/09/02/k...
#doyensec #appsec #security
blog.doyensec.com/2025/09/02/k...
#doyensec #appsec #security
📖 Read about a real-world C# #cryptography vulnerability we've discovered in the wild, in our latest blog post! No math required (unless you're into that sort of thing)!
blog.doyensec.com/2025/08/19/t...
#doyensec #appsec #security #csharp
blog.doyensec.com/2025/08/19/t...
#doyensec #appsec #security #csharp
August 19, 2025 at 1:05 PM
📖 Read about a real-world C# #cryptography vulnerability we've discovered in the wild, in our latest blog post! No math required (unless you're into that sort of thing)!
blog.doyensec.com/2025/08/19/t...
#doyensec #appsec #security #csharp
blog.doyensec.com/2025/08/19/t...
#doyensec #appsec #security #csharp
Are you located in the US/EU? passionate about #appsec? Maybe you follow #bugbountytips or are an avid #ctf player and are ready to take the next step. If so, we're looking for our next #intern, so consider applying today - hackers.doyensec.com.
#doyensec #security #internship
#doyensec #security #internship
August 7, 2025 at 7:57 AM
Are you located in the US/EU? passionate about #appsec? Maybe you follow #bugbountytips or are an avid #ctf player and are ready to take the next step. If so, we're looking for our next #intern, so consider applying today - hackers.doyensec.com.
#doyensec #security #internship
#doyensec #security #internship
🚨Security Advisories🚨: multiple vulnerabilities in Retool, including host header injection and CSRF - discovered by Doyensec and the Robinhood Red Team!
docs.retool.com/disclosures/...
docs.retool.com/disclosures/...
#doyensec #appsec #security #retool #robinhood
docs.retool.com/disclosures/...
docs.retool.com/disclosures/...
#doyensec #appsec #security #retool #robinhood
July 17, 2025 at 7:36 PM
🚨Security Advisories🚨: multiple vulnerabilities in Retool, including host header injection and CSRF - discovered by Doyensec and the Robinhood Red Team!
docs.retool.com/disclosures/...
docs.retool.com/disclosures/...
#doyensec #appsec #security #retool #robinhood
docs.retool.com/disclosures/...
docs.retool.com/disclosures/...
#doyensec #appsec #security #retool #robinhood
Our latest 🚨Security Advisory🚨 includes multiple vulnerabilities affecting the immersed platform. The findings include an RCE via Session Overwriting, an RCE via CSRF and a Privilege Escalation flaw. Read the details here:
www.doyensec.com/resources/Do...
#doyensec #appsec #security
www.doyensec.com/resources/Do...
#doyensec #appsec #security
July 10, 2025 at 7:45 PM
Our latest 🚨Security Advisory🚨 includes multiple vulnerabilities affecting the immersed platform. The findings include an RCE via Session Overwriting, an RCE via CSRF and a Privilege Escalation flaw. Read the details here:
www.doyensec.com/resources/Do...
#doyensec #appsec #security
www.doyensec.com/resources/Do...
#doyensec #appsec #security
Just published - Our new white paper comparing Semgrep's Code and Community editions! We dove into both versions of this popular tool to see what the differences were and how they performed against each other. Check it out!
www.doyensec.com/resources/Co...
#doyensec #appsec #security #semgrep
www.doyensec.com/resources/Co...
#doyensec #appsec #security #semgrep
June 26, 2025 at 6:27 PM
Just published - Our new white paper comparing Semgrep's Code and Community editions! We dove into both versions of this popular tool to see what the differences were and how they performed against each other. Check it out!
www.doyensec.com/resources/Co...
#doyensec #appsec #security #semgrep
www.doyensec.com/resources/Co...
#doyensec #appsec #security #semgrep
Several members of the @doyensec.bsky.social team are heading to @tumpicon.org 🇮🇹 for our Norbert Szetei's (@73696e65.bsky.social) presentation on his awesome ksmbd security research. If you're around, make sure to talk to Luca Carettoni & the team!
#doyensec #appsec #TumpiCon
tumpicon.org
#doyensec #appsec #TumpiCon
tumpicon.org
TumpiCon 2025
tumpicon.org
June 25, 2025 at 1:35 PM
Several members of the @doyensec.bsky.social team are heading to @tumpicon.org 🇮🇹 for our Norbert Szetei's (@73696e65.bsky.social) presentation on his awesome ksmbd security research. If you're around, make sure to talk to Luca Carettoni & the team!
#doyensec #appsec #TumpiCon
tumpicon.org
#doyensec #appsec #TumpiCon
tumpicon.org
🚀 We have just released a new Security Advisory for @NASA's CFITSIO library 🛰️. Click the link for details on the Heap Overflow, Type Confusion, Out-of-Bound Writes & other vulnerabilities discovered by our Adrian Denkiewicz !
www.doyensec.com/resources/Do...
#doyensec #appsec #security
www.doyensec.com/resources/Do...
#doyensec #appsec #security
June 17, 2025 at 1:04 PM
🚀 We have just released a new Security Advisory for @NASA's CFITSIO library 🛰️. Click the link for details on the Heap Overflow, Type Confusion, Out-of-Bound Writes & other vulnerabilities discovered by our Adrian Denkiewicz !
www.doyensec.com/resources/Do...
#doyensec #appsec #security
www.doyensec.com/resources/Do...
#doyensec #appsec #security
🚨Just posted🚨: Learn about real-world API authorization vulnerabilities we frequently see with the slides from Szymon Drosdzol's recent presentation at the CONFidence conference in Krakow.
doyensec.com/resources/CO...
#doyensec #appsec #security
doyensec.com/resources/CO...
#doyensec #appsec #security
June 5, 2025 at 1:49 PM
🚨Just posted🚨: Learn about real-world API authorization vulnerabilities we frequently see with the slides from Szymon Drosdzol's recent presentation at the CONFidence conference in Krakow.
doyensec.com/resources/CO...
#doyensec #appsec #security
doyensec.com/resources/CO...
#doyensec #appsec #security
We'd like to welcome 👋 Marcelino Siles Rubia as our latest Application Security Intern. Welcome aboard! 🎉
#doyensec #appsec #internship
#doyensec #appsec #internship
June 2, 2025 at 8:10 AM
We'd like to welcome 👋 Marcelino Siles Rubia as our latest Application Security Intern. Welcome aboard! 🎉
#doyensec #appsec #internship
#doyensec #appsec #internship
Attending CONFidence conference in Krakow 🇵🇱 this weekend? Be sure to check out our Szymon
Drosdzol's presentation - API Authorization Antipatterns: confidence-conference.org/lecture-2025...
#doyensec #appsec #confidencecon
Drosdzol's presentation - API Authorization Antipatterns: confidence-conference.org/lecture-2025...
#doyensec #appsec #confidencecon
lecture 2025 - CONFidence
lecture 2025
confidence-conference.org
May 30, 2025 at 1:58 PM
Attending CONFidence conference in Krakow 🇵🇱 this weekend? Be sure to check out our Szymon
Drosdzol's presentation - API Authorization Antipatterns: confidence-conference.org/lecture-2025...
#doyensec #appsec #confidencecon
Drosdzol's presentation - API Authorization Antipatterns: confidence-conference.org/lecture-2025...
#doyensec #appsec #confidencecon