Doyensec

@Doyensec

Doyensec works at the intersection of software development and offensive engineering. We discover vulnerabilities others cannot, and help mitigate the risk.

San Francisco / Warsaw

Joined May 2016

9Following

4KFollowers

Pinned

Doyensec@Doyensec · Jun 20, 2024

Has reliance on SSO left orgs with a single point of exploitation? Our latest research by @lacerenza_fra explores various IdP compromise scenarios as well as how to harden and detect attacks in @goteleport installations. #doyensec #teleport #security blog.doyensec.com/2024/06/20/com…

Doyensec's tweet image. Has reliance on SSO left orgs with a single point of exploitation? Our latest research by @lacerenza_fra explores various IdP compromise scenarios as well as how to harden and detect attacks in @goteleport installations.
#doyensec #teleport #security

blog.doyensec.com/2024/06/20/com…

5.0K

Pinned

Doyensec@Doyensec · May 15

Several members of the #doyensec team are here in Berlin 🇩🇪attending @offensive_con this weekend! Ping us or just say "hallo" in person, if you'd like to talk #appsec or grab a coffee. We're looking forward to some amazing talks! #offensivecon #security

Doyensec's tweet image. Several members of the #doyensec team are here in Berlin 🇩🇪attending @offensive_con this weekend! Ping us or just say "hallo" in person, if you'd like to talk #appsec or grab a coffee. We're looking forward to some amazing talks!
#offensivecon #security

3.0K

Doyensec@Doyensec · Jul 17

🚨Security Advisories🚨: multiple vulnerabilities in Retool (@retool), including host header injection and CSRF - discovered by Doyensec and the Robinhood (@RobinhoodApp) Red team! docs.retool.com/disclosures/cv… docs.retool.com/disclosures/cv… #doyensec #appsec #security #retool #robinhood

Doyensec's tweet image. 🚨Security Advisories🚨: multiple vulnerabilities in Retool (@retool), including host header injection and CSRF - discovered by Doyensec and the Robinhood (@RobinhoodApp) Red team!

docs.retool.com/disclosures/cv… docs.retool.com/disclosures/cv…
#doyensec #appsec #security #retool #robinhood

983

Doyensec@Doyensec · Jul 10

Our latest 🚨Security Advisory🚨 includes multiple vulnerabilities affecting the immersed platform (@immersedXR). The findings include an RCE via Session Overwriting, an RCE via CSRF and a Privilege Escalation flaw. doyensec.com/resources/Doye… #doyensec #appsec #security

Doyensec's tweet image. Our latest 🚨Security Advisory🚨 includes multiple vulnerabilities affecting the immersed platform (@immersedXR). The findings include an RCE via Session Overwriting, an RCE via CSRF and a Privilege Escalation flaw.

doyensec.com/resources/Doye…

#doyensec #appsec #security

1.0K

Doyensec@Doyensec · Jun 26

📢Just published - Our new white paper comparing @semgrep's Code and Community editions! We dove into both versions of this popular tool to see what the differences were and how they performed against each other. doyensec.com/resources/Comp… #doyensec #appsec #security #semgrep

Doyensec's tweet image. 📢Just published - Our new white paper comparing @semgrep's Code and Community editions! We dove into both versions of this popular tool to see what the differences were and how they performed against each other.
doyensec.com/resources/Comp…

#doyensec #appsec #security #semgrep

2.0K

Doyensec@Doyensec · Jun 25

Several members of the @doyensec team are heading to @TumpiConIT 🇮🇹 for our Norbert Szetei's (@73696e65) presentation on his awesome ksmbd security research. If you're around, make sure to talk to @lucacarettoni & the team! #doyensec #appsec #TumpiCon tumpicon.org

Doyensec's tweet image. Several members of the @doyensec team are heading to @TumpiConIT 🇮🇹 for our Norbert Szetei's (@73696e65) presentation on his awesome ksmbd security research. If you're around, make sure to talk to @lucacarettoni &amp; the team!
#doyensec #appsec #TumpiCon

tumpicon.org

604

Doyensec@Doyensec · Jun 17

🚀We have just released a new Security Advisory for @NASA's CFITSIO library 🛰️. Click the link for details on the Heap Overflow, Type Confusion, Out-of-Bound Writes and other vulnerabilities discovered by our @a_denkiewicz ! doyensec.com/resources/Doye… #doyensec #appsec #security

Doyensec's tweet image. 🚀We have just released a new Security Advisory for @NASA's CFITSIO library 🛰️. Click the link for details on the Heap Overflow, Type Confusion, Out-of-Bound Writes and other vulnerabilities discovered by our @a_denkiewicz !

doyensec.com/resources/Doye…

#doyensec #appsec #security

2.0K

Doyensec@Doyensec · Jun 10

Thanks to inspiration and support from @goteleport, #doyensec is proud to release the Security Policy Evaluation Framework, a tool for testing security policy engines! cc:@OpenPolicyAgent,@OpenFGA,@AWSSecurityInfo github.com/gravitational/… #appsec #rigo #cedar #openfga #security

Doyensec's tweet image. Thanks to inspiration and support from @goteleport, #doyensec is proud to release the Security Policy Evaluation Framework, a tool for testing security policy engines!
cc:@OpenPolicyAgent,@OpenFGA,@AWSSecurityInfo

github.com/gravitational/…

#appsec #rigo #cedar #openfga #security

2.0K

Doyensec@Doyensec · Jun 5

🚨Just posted🚨: Learn about real-world API authorization vulnerabilities we frequently see with the slides from @tell1c0's recent presentation at @CONFidenceConf in Krakow. doyensec.com/resources/CONF… #doyensec #appsec #security

Doyensec's tweet image. 🚨Just posted🚨: Learn about real-world API authorization vulnerabilities we frequently see with the slides from @tell1c0's recent presentation at @CONFidenceConf in Krakow.

doyensec.com/resources/CONF…

#doyensec #appsec #security

104

5.0K

Doyensec@Doyensec · Jun 2

We'd like to welcome 👋@imarcex_ as our latest Application Security Intern. Welcome aboard! 🎉 #doyensec #appsec #internship

1.0K

Doyensec@Doyensec · May 30

Attending @confidenceconf in Krakow 🇵🇱 this weekend? Be sure to check out our @tell1c0's presentation - API Authorization Antipatterns: confidence-conference.org/lecture-2025/#… #doyensec #appsec #confidencecon

770

Doyensec@Doyensec · May 13

We'd also like to recognize @b0n0b0__ 's cooperation on this advisory! 🙏

DDoyensec@Doyensec · May 13

🚨 Advisory Alert!🚨 We've just published our @drw0if's advisory regarding a heap overflow in @HAProxy as part of our coordinated disclosure process. Read all the details here: doyensec.com/research.html#… #doyensec #appsec #security #haproxy

698

Doyensec@Doyensec · May 13

Doyensec's tweet image. 🚨 Advisory Alert!🚨 We've just published our @drw0if's advisory regarding a heap overflow in @HAProxy as part of our coordinated disclosure process. Read all the details here: doyensec.com/research.html#…

#doyensec #appsec #security #haproxy

3.0K

Doyensec@Doyensec · May 12

We'd like to welcome the latest member of our team - Diego Perez, our new Application Security Intern! Welcome aboard! 🎉 #doyensec #appsec #security #internships

Doyensec's tweet image. We'd like to welcome the latest member of our team - Diego Perez, our new Application Security Intern! Welcome aboard! 🎉

#doyensec #appsec #security #internships

1.0K

Doyensec@Doyensec · May 9

Going beyond SSO, our @lacerenza_fra decided to take a deep dive into SCIM in our latest blog post. Read it today to learn how including this user identity standard in your next test's scope can reap big rewards! blog.doyensec.com/2025/05/08/sci… #doyensec #appsec #security #scim

Doyensec's tweet image. Going beyond SSO, our @lacerenza_fra decided to take a deep dive into SCIM in our latest blog post. Read it today to learn how including this user identity standard in your next test's scope can reap big rewards!

blog.doyensec.com/2025/05/08/sci…

#doyensec #appsec #security #scim

1.0K

Doyensec@Doyensec · May 6

Our @73696e65's latest research has resulted in at least 1⃣5⃣ CVEs in ksmbd🤯, including multiple use-after-frees, bounds checks, type confusion and overflows‼️ Check it out today! doyensec.com/research.html#… #doyensec #appsec #security #linux

Doyensec's tweet image. Our @73696e65's latest research has resulted in at least 1⃣5⃣ CVEs in ksmbd🤯, including multiple use-after-frees, bounds checks, type confusion and overflows‼️ Check it out today!

doyensec.com/research.html#…

#doyensec #appsec #security #linux

2.0K

Doyensec@Doyensec · May 1

Thanks to all the people who make @BSSidesSF happen every year. We're always happy to sponsor such a great conference! All of the #Doyensec team who attended had a great time! See you next year! #bsides #bsidessf

Doyensec's tweet image. Thanks to all the people who make @BSSidesSF happen every year. We're always happy to sponsor such a great conference! All of the #Doyensec team who attended had a great time! See you next year!
#bsides #bsidessf

581

Doyensec Retweeted

Szymon Drosdzol@tell1c0 · Apr 27

After many late nights and busted apps as security consultant at @Doyensec , I trained my spidey senses 🕷️ to detect when an API code is practically begging for an auth vulns. Join me at #CONFidence2025 for common pitfalls, and tips for writing secure authz from the start.

657

Doyensec@Doyensec · Apr 24

The #Doyensec team is proud to sponsor @BSidesSF again this year ! If you're in the 🌉San Francisco🌉 area this weekend come meet several of our team members in person 🫂! Plus, stop by our booth for a chance to win a Flipper Zero 🐬! #appsec #security #bsidessf #flipperzero

Doyensec's tweet image. The #Doyensec team is proud to sponsor @BSidesSF again this year ! If you're in the 🌉San Francisco🌉 area this weekend come meet several of our team members in person 🫂! Plus, stop by our booth for a chance to win a Flipper Zero 🐬!

#appsec #security #bsidessf #flipperzero

569