maiky

I wrote a little post about MRVA, I hope you enjoy it (exploitation examples included 🥒🐍). Finding vulnerabilities with MRVA CodeQL 🎣 : maikypedia.gitlab.io/posts/finding-…

Several members of the #doyensec team are here in Berlin 🇩🇪attending @offensive_con this weekend! Ping us or just say "hallo" in person, if you'd like to talk #appsec or grab a coffee. We're looking forward to some amazing talks! #offensivecon #security

children should not be talking to machines during the most critical years of brain development. real human interaction builds neural pathways that ai simply cannot replicate. we’re experimenting on an entire generation.

Our team recently used a novel technique to increase the impact of what seemed to be only a blind SSRF. This novel technique involving HTTP redirect loops and incremental status codes led to full HTTP response leakage. Read more on @SLCyberSec blog here: slcyber.io/assetnote-secu…

Slides are at 0day.click/parser-diff-ta…

After many late nights and busted apps as security consultant at @Doyensec , I trained my spidey senses 🕷️ to detect when an API code is practically begging for an auth vulns. Join me at #CONFidence2025 for common pitfalls, and tips for writing secure authz from the start.

Join us in welcoming @maikypedia back to the team! They're returning to #Doyensec following their internship! We pride ourselves on the fact that all of our past interns have transitioned into an Application Security Engineer position with us. #appsec #security #internship

Szymon and I just published a deep dive into common #OAuth security pitfalls and how to avoid them! Check out our latest post, complete with a handy checklist to keep your org secure. 🚀 Read it now! 👇

I posted a blog about how browser permissions work. albertofdr.github.io/web-security-c…

Client Side Path Traversal (CSPT) Bug Bounty Reports and Techniques Like I promised here is a list of cool CSPT bugs I have found in bug bounty programs over the years using multiple methods and getting critical impacts medium.com/@renwa/client-…

Voting is now live for the Top Ten (New) Web Hacking Techniques of 2024! Browse the nominations & cast your votes here: portswigger.net/polls/top-10-w…

Get your mind off the cold 🥶 & check out our new blog post! In it, our @bemodtwz extends @maxenceschmitt's research - giving details on using Eval Villain to find & exploit #CSPT vulnerabilities in modern apps. blog.doyensec.com/2024/12/03/csp… #doyensec #appsec #bugbountytips #Security

Super cool challs, couldn’t solve the third one. Anyways, it was fun! my solves: maikypedia.gitlab.io/posts/flatt-xs…

Here there are the full solves for all of the 3 XSS challenges by @flatt_security. blig.one/2024/11/29/fla… Looking forward to more of these.

Congratulations to our @MaitaiThe for discovering a new kickoff method to resurrect a universal gadget chain for exploiting unsafe deserialization in #ruby! You can find the details here: github.com/GitHubSecurity… #doyensec #appsec #security

🚀 We're back with a fresh blog redesign! Dive into @Diego_AltF4's latest post, which offers an in-depth analysis of CVE-2023-22098, including a reliable PoC to escape VirtualBox. 🛠️ Unleash your virtualization magic now! Link below ⬇️

#OBTS v7 talks have been announced: objectivebythesea.org/v7/talks.html 🤗 With over 20 talks (from many of the world's top researchers), covering macOS/iOS bugs & exploits, malware, internals, tools, and much more, this is a can't miss event! Which talks are you most excited about?