Last Saturday we celebrated Doyensec's 4th anniversary. For this occasion, we prepared a short infographic of what has changed and who we are today:
https://t.co/6CevrfmyU0
Also, Happy Holidays everyone!
#doyensecanniversay#security#happyholidays
Our new blog post is out! @73696e65 talks about his journey fuzzing Javascript engines with state of the art tools. We explore Dharma before setting up @5aelo's Fuzzilli, modifying it, and collecting CVEs in JerryScript https://t.co/8Tp7GFmLZM 🐛#fuzzing#fuzzilli#dharma
I am excited to release my new tool GadgetProbe: Inspect endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote classpaths. No more sitting in the dark if ysoserial doesn't fire. https://t.co/lJfeIMMzeU #bugbounty#bugbountytip
Our very own @lorenzostella just got accepted to the Black Hat USA Arsenal in 2019 where he'll be showing off the new Electronegativity hacking tool! #blackhat
@akita_zen @Cache_Bounty @Bugcrowd You should never try to access PII or anything sensitive to prove your point. That’s how you get yourself in trouble. Try reaching out to support@bugcrowd and they should be able to help.
I found a zero-day within a nodejs library and used it to get RCE on a Shopify application, here is the full write-up: https://t.co/hsLqyhAt3Z …
Thanks @cript0nauta and @the_st0rm for your help on this one
After many hours of preparation, coding, disclosures - the WireApp (secure messaging) and Discord (gaming chat) XSS to RCE bugs are out! For more vulnerabilities and examples, check the @BlackHatEvents slides https://t.co/TTiJ6HDBqP
@soaj1664ashar@Hacker0x01@jobertabma@martenmickos I’m not sure if you read the report or no but if you did, you should have noticed that the vulnerable query is in the “users” field. So naturally it’s going to return a list of users. You don’t have control over the User objects that are returned.
@ITSecurityguard@Hacker0x01@mongobug check out https://t.co/JF3VRfIV8g if you dont wanna deal with huge PNGs like this. It's pretty fast and interactive.
We’re excited to announce the public release of Electronegativity https://t.co/VtorIKXjmk, our opensource tool for Electron security. Learn more on our blog https://t.co/RXcaijHVEi
Buckle up, even on your local system, HTTP isn't safe. Kubernetes' #Minikube#DNSRebinding leads to RCE on your host - @alxk_mwr https://t.co/uXqDUDHfjg
Here are the slides from my #BlackHatUSA talk about just-in-time compilers for JavaScript and the @webkit bug I used as part of my Pwn2Own chain this year =) https://t.co/RpASPLSfr1