The slides from my talk "Practical recon techniques for bug hunters & pentesters" presented at bugcrowd LevelUp 0x02 in PDF format are here speakerdeck.com/yamakira/pract… #osint #appsec #recon

#6 finally done, that was so nice! #flareon5

Sneak peek under the hood of Electra's kexecute blog.binary.house/2018/10/sneak-…

We have been busy lately...so it's about time to welcome 73696e65 for joining the Doyensec team! 🙂 Welcome onboard Norbert!

Norbert 73696e65 wrapped up his first #DoyensecResearch week with a nice bug in Django - a SQL injection in GIS functions (CVE-2020-9402) djangoproject.com/weblog/2020/ma… #Django #infosec

The Biggest Ideas in the Universe! Informal videos in which I try to explain big ideas one by one. Here is the announcement and intro video: preposterousuniverse.com/blog/2020/03/1…

Google recently awarded $10k for an exotic stored XSS on Google Scholar using polymorphic images. Another “magic” show performed by our own phosphore! Read how on our latest blog post: blog.doyensec.com/2020/04/30/pol… #xss #bugbounty #magic

We put together our very own "Awesome" list on GitHub about Electron security! A frequently-updated repo with presentations, bug write-ups, and all kinds of content to help during Electron security testing github.com/doyensec/aweso…

Fuzzilli v0.9.1 is out: github.com/googleprojectz… Many thanks to everyone who helped make this release possible! :)

Our new blog post is out! 73696e65 talks about his journey fuzzing Javascript engines with state of the art tools. We explore Dharma before setting up Samuel Groß's Fuzzilli, modifying it, and collecting CVEs in JerryScript blog.doyensec.com/2020/09/09/fuz… 🐛#fuzzing #fuzzilli #dharma

Can you survive a nuclear war? Yes, you can. As long as you are not in the physical blast zone your main goal is to create distance between yourself and the radiation and then wait it out. 220308 Episode 51 Nuclear War PUBLIC odysee.com/@Chris_Martens…

Our latest blog post takes the pain out of VirtualBox device driver fuzzing. We provide all the details necessary along with custom code patches to get you started! Check it out here: blog.doyensec.com/2022/04/26/vbo…

The latest coordinated disclosure from our researchers (Norbert Szetei 73696e65 & Viktor Chuchurski Viktor Chuchurski) details a SQLi and DoS via Prototype Pollution in #TypeORM! Time to update! More details: doyensec.com/research.html#… #doyensec #TypeScript #Electron #NodeJS #appsec

Our 73696e65's latest research has resulted in at least 1⃣5⃣ CVEs in ksmbd🤯, including multiple use-after-frees, bounds checks, type confusion and overflows‼️ Check it out today! doyensec.com/research.html#… #doyensec #appsec #security #linux

Several members of the #doyensec team are here in Berlin 🇩🇪attending offensivecon this weekend! Ping us or just say "hallo" in person, if you'd like to talk #appsec or grab a coffee. We're looking forward to some amazing talks! #offensivecon #security

#flareon4 finally done just in time, that was a nightmare. Props to Earl Marcus and Esmid, you guys are awesome!

The Art of Fuzzing (Slides and Demos) - sec-consult.com/en/blog/2017/1…

Linux Exploitation Course: A Course on Intermediate Level #Linux #Exploitation by amon github.com/nnamon/linux-e…

My first #FLAREOn4 badge received too, thank you @FireEye

Another company which creates a huge "power" asymmetry between governments and individuals. Shame! Inside the secretive industry that helps government hackers get around encryption. motherboard.vice.com/en_us/article/…