Doyensec
LightNews LightNews
banner
doyensec.bsky.social
Doyensec
@doyensec.bsky.social
58 followers 4 following 63 posts
Doyensec works at the intersection of software development and offensive engineering. We discover vulnerabilities others cannot, and help mitigate the risk.
Posts Replies Media Videos
doyensec.bsky.social
We’re super excited to welcome Yassine Bengana to the Doyensec team! 🎉

He’s bringing serious AppSec skills and great vibes — can’t wait to see the cool stuff we’ll break (and build) together 🔥

#AppSec #infosec #Doyensec
November 5, 2025 at 7:00 PM
doyensec.bsky.social
The #Doyensec team is back from another great retreat! This time we toured Ireland 🇮🇪 and even met a working 🐑 sheep dog ! What a great chance for our remote team to connect IRL! Also, a big thank you 🙏 to our tour guide Antonio!
#security #appsec #remote
October 30, 2025 at 6:43 PM
doyensec.bsky.social
Live in or passing through #Dublin enroute to #pwn2own ? If you're in #appsec join #doyensec to talk #security over drinks (🍺 or ☕️) Oct. 22nd! Want to talk about our job openings or upcoming projects, that's great too!

RSVP here: docs.google.com/forms/d/1fa4...

cc: @bsidesdublin.bsky.social
People chatting about appsec over drinks
October 14, 2025 at 3:33 PM
doyensec.bsky.social
In our final ksmbd research post @73696e65.bsky.social provides a detailed walkthrough for exploiting a local privilege escalation vulnerability. If you're interested in learning more about exploitation on modern systems - check it out!

blog.doyensec.com/2025/10/08/k...

#doyensec #appsec #security
October 8, 2025 at 4:26 PM
doyensec.bsky.social
📢 Our latest blog post shows why VBScript’s Randomize + Rnd are terrible for cryptographic token generation. See how attackers can easily recover seeds and secrets.
🔗 blog.doyensec.com/2025/09/25/y...

#doyensec #appsec #security #crypto
September 25, 2025 at 4:40 PM
doyensec.bsky.social
We'd like to welcome our newest addition Marcelino "Marce" Siles Rubia! Another success story from our #internship program! The future of #appsec is looking bright 😎 at #doyensec !
September 4, 2025 at 6:53 PM
doyensec.bsky.social
📢 It's here! Part 2 of Norbert Szetei's (@73696e65.bsky.social) research into ksmbd. See how customized fuzzing & the appropriate sanitizers led to discovering 23 Linux kernel CVEs, including use-after-frees & out-of-bounds reads/writes.

blog.doyensec.com/2025/09/02/k...
#doyensec #appsec #security
Person typing on the keyboard with sparks coming from the screen.
September 2, 2025 at 7:59 PM
doyensec.bsky.social
📖 Read about a real-world C# #cryptography vulnerability we've discovered in the wild, in our latest blog post! No math required (unless you're into that sort of thing)!

blog.doyensec.com/2025/08/19/t...

#doyensec #appsec #security #csharp
August 19, 2025 at 1:05 PM
doyensec.bsky.social
Are you located in the US/EU? passionate about #appsec? Maybe you follow #bugbountytips or are an avid #ctf player and are ready to take the next step. If so, we're looking for our next #intern, so consider applying today - hackers.doyensec.com.
#doyensec #security #internship
August 7, 2025 at 7:57 AM
doyensec.bsky.social
🚨Security Advisories🚨: multiple vulnerabilities in Retool, including host header injection and CSRF - discovered by Doyensec and the Robinhood Red Team!

docs.retool.com/disclosures/...

docs.retool.com/disclosures/...

#doyensec #appsec #security #retool #robinhood
July 17, 2025 at 7:36 PM
doyensec.bsky.social
Our latest 🚨Security Advisory🚨 includes multiple vulnerabilities affecting the immersed platform. The findings include an RCE via Session Overwriting, an RCE via CSRF and a Privilege Escalation flaw. Read the details here:

www.doyensec.com/resources/Do...

#doyensec #appsec #security
July 10, 2025 at 7:45 PM
doyensec.bsky.social
Just published - Our new white paper comparing Semgrep's Code and Community editions! We dove into both versions of this popular tool to see what the differences were and how they performed against each other. Check it out!
www.doyensec.com/resources/Co...

#doyensec #appsec #security #semgrep
Hands typing at a keyboard with sparks coming out of the screen.
June 26, 2025 at 6:27 PM
doyensec.bsky.social
🚀 We have just released a new Security Advisory for @NASA's CFITSIO library 🛰️. Click the link for details on the Heap Overflow, Type Confusion, Out-of-Bound Writes & other vulnerabilities discovered by our Adrian Denkiewicz !

www.doyensec.com/resources/Do...

#doyensec #appsec #security
June 17, 2025 at 1:04 PM
doyensec.bsky.social
Thanks to inspiration and support from Teleport, Doyensec is proud to release the Security Policy Evaluation Framework, an open source tool for testing security policy engines!

github.com/gravitationa...

#doyensec #appsec #rigo #cedar #openfga #security
June 10, 2025 at 1:27 PM
doyensec.bsky.social
🚨Just posted🚨: Learn about real-world API authorization vulnerabilities we frequently see with the slides from Szymon Drosdzol's recent presentation at the CONFidence conference in Krakow.

doyensec.com/resources/CO...

#doyensec #appsec #security
June 5, 2025 at 1:49 PM
doyensec.bsky.social
We'd like to welcome 👋 Marcelino Siles Rubia as our latest Application Security Intern. Welcome aboard! 🎉

#doyensec #appsec #internship
A picture of Marcelino on a background showing "tech worker" items on a desktop.
June 2, 2025 at 8:10 AM
doyensec.bsky.social
Several members of the #doyensec team are here in Berlin 🇩🇪attending 🎯Offensive Con 🎯 this weekend! Ping us or just say "hallo" in person, if you'd like to talk #appsec or grab a coffee. We're looking forward to some amazing talks!
#offensivecon #security
May 15, 2025 at 5:52 PM
doyensec.bsky.social
🚨 Advisory Alert!🚨 We've just published our Aleandro Prudenzano's advisory (in cooperation with Edoardo Geraci) regarding a heap overflow in HAProxy. Read all the details here: www.doyensec.com/research.htm...

#doyensec #appsec #security #haproxy
May 13, 2025 at 1:44 PM
doyensec.bsky.social
We'd like to welcome the latest member of our team - Diego Perez, our new Application Security Intern! Welcome aboard! 🎉

#doyensec #appsec #security #internships
May 12, 2025 at 6:39 PM
doyensec.bsky.social
Going beyond SSO, our Francesco Lacerenza decided to take a deep dive into SCIM in our latest blog post. Read it today to learn how including this user identity standard in your next test's scope can reap big rewards!

blog.doyensec.com/2025/05/08/s...

#doyensec #appsec #security #scim
May 9, 2025 at 9:38 AM
doyensec.bsky.social
Our Norbert Szetei's latest research has resulted in at least 1⃣5⃣ CVEs in ksmbd🤯, including multiple use-after-frees, bounds checks, type confusion and overflows‼️ Check it out today!

www.doyensec.com/research.htm...

#doyensec #appsec #security #linux
May 6, 2025 at 6:50 PM
doyensec.bsky.social
Thanks to all the people who make @BSSidesSF happen every year. We're always happy to sponsor such a great conference! All of the #Doyensec team who attended had a great time! See you next year!
#bsides #bsidessf
May 1, 2025 at 8:39 AM
doyensec.bsky.social
Also, congratulations to the winner of our Flipper Zero prize - happy hacking!

#doyensec #flipperzero #bsidessf #bsides
April 27, 2025 at 4:14 PM
doyensec.bsky.social
If you're attending #BSidesSF, make sure to stop by the Doyensec booth and say hello! You'll find several our team members in the vendor area and throughout the conference!
#doyensec #appsec #security #bsides
April 27, 2025 at 4:14 PM
doyensec.bsky.social
The #Doyensec team is proud to sponsor BSidesSF again this year ! If you're in the 🌉San Francisco🌉 area this weekend come meet several of our team members in person 🫂! Plus, stop by our booth for a chance to win a Flipper Zero 🐬!

#appsec #security #bsidessf #flipperzero
April 24, 2025 at 6:21 PM