Disney: “Remember, Phil. It’s a cartoon about a man raised by gorillas. Nothing too crazy.”

The advice in this thread will make you unrecognizable in 30 days. You owe it to yourself to read it. Trust us. 🧵

In our latest blog post, you can learn more about reversing Python pickles and how it's made easier with #r2pickledec, a new decompiler plug-in for #Radare2 from our bemodtwz! blog.doyensec.com/2023/06/01/r2p… #Doyensec #appsec #python

#Defcon as you go home, please remember to take the hacker ethos with you. Look out for those who are overlooked, forgotten, mistreated. It's not about your name, your gender, your color or your income. It's about sharing information, doing cool shit, and taking care of each

CVE-2020-19909 is everything that is wrong with CVEs Another 9.8 CRITICAL curl problem. All made up. daniel.haxx.se/blog/2023/08/2…

🚨🚨WE URGE EVERYONE TO UPDATE THEIR APPLE DEVICES AS SOON AS POSSIBLE. We have found an actively exploited #zero #click vulnerability that was used to deliver #NSO group’s #Pegasus #spyware. citizenlab.ca/2023/09/blastp…

Using silent SMS to localize LTE users mandomat.github.io/2023-09-21-loc…

Onto another aspect of the Flipper Zero... and not really knowing what it does. The Frequency Analyzer seems pretty opaque. When it works, it works, but under what conditions does it work?

PoIEx, a new #Doyensec tool, identifies "Points of Intersection" where code & IaC definitions meet. Visualize & explore IaC, plus create & share real-time notes w/ teammates in VS Code. Try it out today‼️ blog.doyensec.com/2024/01/30/poi… github.com/doyensec/PoiEx #CloudSecurity #appsec

Has reliance on SSO left orgs with a single point of exploitation? Our latest research by Anaximander explores various IdP compromise scenarios as well as how to harden and detect attacks in Teleport installations. #doyensec #teleport #security blog.doyensec.com/2024/06/20/com…

CSRF in modern web apps? It's still possible! Our latest research by Maxence SCHMITT dives into using Client-Side Path Traversal to perform CSRF. Check out our latest blogpost and brand new #Burp extension for finding bugs. #doyensec #appsec #CSPT2CSRF blog.doyensec.com/2024/07/02/csp…

Just posted! Check out our Viktor Chuchurski's presentation on DB race conditions from OWASP® Foundation's Global AppSec. Our latest post gives all the details, slides and a playground to test your skills at finding these issues! blog.doyensec.com/2024/07/11/dat… #doyensec #appsec #owasp #security

Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confus… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code

Attacking UNIX Systems via CUPS, Part I evilsocket.net/2024/09/26/Att…

🎉Announcing the latest research from our intern maiky! In it, you'll learn all about Decompression Attacks, get to practice in custom-built labs and get some free Semgrep rules for detecting flaws. Check it out today! blog.doyensec.com/2024/12/16/uns… #appsec #doyensec #semgrep

Ahoy! 🦜 Our first "!exploitable" post provides a technical dive 🤿 into the sea 🌊 of IoT exploitation. Read it today to learn how our team 🏴‍☠️ developed an exploit while floating in the Mediterranean! blog.doyensec.com/2025/02/11/exp… #doyensec #appsec #security #iot #exploits

🚀#InQL v6.0 is here! Full Kotlin rewrite w/ improved performance & responsiveness! 🆕 Built-in GraphiQL and #GraphQL Voyager visualization regardless of the target 🆕Circular references detector 🆕Improved batch queries screen 🚀 SPEED! #doyensec #appsec github.com/doyensec/inql/…

📢 Upset about losing CVE data? Our maitai & Savio dropped new 🔥 critical #ComfyUI vulnerabilities, including this RCE, to cheer you up 😉. These are published as part of our coordinated disclosure process. doyensec.com/resources/Doye… #doyensec #appsec #security

In our final ksmbd research post, 73696e65 provides a detailed walkthrough for exploiting a local privilege escalation vulnerability. If you're interested in learning more about exploitation on modern systems - check it out! blog.doyensec.com/2025/10/08/ksm… #doyensec #appsec #security

🚨 Details on a serious #vulnerability from our maitai's research. An information disclosure in error messages allows a remote attacker to identify security tokens/credentials when #squid is used. Perfect for SSRF!🚨 #doyensec #appsec #security github.com/squid-cache/sq…