Maxence SCHMITT

@maxenceschmitt

Senior Application Security @doyensec . I am learning new stuff everyday and I love it.Sapic

Clermont Ferrand - FRANCE

Joined February 2010

647 Following

588 Followers

933 Posts

maxenceschmitt retweeted

Doyensec @Doyensec

9 days ago

Proud to share that @Doyensec was trusted by @AnthropicAI as one of the security partners validating #Mythos findings as part of Project #Glasswing! Contact us to see how our research-driven approach shapes the future of #appsec! https://t.co/jcWLyebSyA #doyensec #security #ai

0

25

6

7

807

maxenceschmitt retweeted

maitai @MaitaiThe

23 days ago

I'm really grateful for what I was able to achieve. Even if it's a collision, getting an RCE live on stage targeting one of the most employed software in the world it's fantastic. I will be in Berlin until tomorrow evening, ping me if you wanna hang out

3

74

7

2

5K

maxenceschmitt retweeted

Doyensec @Doyensec

about 1 month ago

Our CloudSecTidbits series is back with a bang 💥In the latest edition, we're releasing maSSO - A weaponized Identity Provider (IdP) for security testing! Read all about it and the dangers of Multi-SSO AWS Cognito User Pools. #doyensec #appsec #security https://t.co/2e5gVtkAL5

Doyensec's tweet photo. Our CloudSecTidbits series is back with a bang 💥In the latest edition, we're releasing maSSO - A weaponized Identity Provider (IdP) for security testing! Read all about it and the dangers of Multi-SSO AWS Cognito User Pools.

#doyensec #appsec #security

https://t.co/2e5gVtkAL5 https://t.co/4TYsrNBYua

0

15

5

5

694

maxenceschmitt retweeted

Doyensec @Doyensec

about 2 months ago

In our @a_denkiewicz's latest post, see how combining AFL++ with GPT-5 Codex sped up triaging the results from fuzzing NASA’s CFITSIO library and uncovered numerous vulnerabilities. https://t.co/oXnzPaPnr2 #doyensec #appsec #security #fuzzing

Doyensec's tweet photo. In our @a_denkiewicz's latest post, see how combining AFL++ with GPT-5 Codex sped up triaging the results from fuzzing NASA’s CFITSIO library and uncovered numerous vulnerabilities.

https://t.co/oXnzPaPnr2

#doyensec #appsec #security #fuzzing https://t.co/4OhT6xUJST

0

111

26

66

8K

Who to follow

SaxX ¯\_(ツ)_/¯

Verified account

🥷🏽Gentil Hacker et Engagé ¦¦🎙Speaker à forte Valeur ajoutée ¦¦ 🤝 Cyber Diplomate ¦¦ 👳Mentor Guardia CS ¦¦ 🥂Épicurien 🍽

I do IoT stuff and I believe Every chip has a weakness

Freelance Professional Pentester

maxenceschmitt retweeted

Doyensec @Doyensec

2 months ago

🚨 Breaking Secure-Looking Cloud Architectures At #defcon Singapore Demo Labs, we'll show real security bugs involving AWS Cognito multi-SSO user pools & ELB routing paths, including a Malicious OIDC Server & the ELBaph utility! 🔗 https://t.co/ERZWGh9FvN #appsec #doyensec

Doyensec's tweet photo. 🚨 Breaking Secure-Looking Cloud Architectures

At #defcon Singapore Demo Labs, we'll show real security bugs involving AWS Cognito multi-SSO user pools & ELB routing paths, including a Malicious OIDC Server & the ELBaph utility!

🔗 https://t.co/ERZWGh9FvN

#appsec #doyensec https://t.co/pjSPPfIUPQ

0

12

5

2

816

maxenceschmitt retweeted

Doyensec @Doyensec

3 months ago

Check out the latest edition of @pagedout_zine featuring Doyensec's own Bartłomiej "Bartek" Górkiewicz (@smnfbb ) vibing on Reversing Python Bytecode, along with plenty of great articles! https://t.co/4xn81WIxJG #appsec #doyensec #security #reversing

Doyensec's tweet photo. Check out the latest edition of @pagedout_zine featuring Doyensec's own Bartłomiej "Bartek" Górkiewicz (@smnfbb ) vibing on Reversing Python Bytecode, along with plenty of great articles!

https://t.co/4xn81WIxJG
#appsec #doyensec #security #reversing https://t.co/P7ZPj0nMr5

0

45

12

17

3K

maxenceschmitt retweeted

Doyensec @Doyensec

6 months ago

🚀 inQL v6.0.1 is out! Our GraphQL security tool got big upgrades.⚡ • Schema Brute-Forcer • Server Engine Fingerprinting • Automatic Variable Generation • Performance boosts & other improvements Details: https://t.co/6BEc6KrMqx #doyensec #graphql #appsec #securityforces

1

9

4

4

1K

maxenceschmitt retweeted

Kévin GERVOT (Mizu) @kevin_mizu

9 months ago

DOMLogger++ v1.0.9 is now out and available! 🎉 This update fixes a lot of issues, including the historical DevTools bug on Chromium 🔥 It also brings full Caido session handling, which is going to be useful in the near future! 👀 👉 https://t.co/wQHbXqzvkq 1/2

kevin_mizu's tweet photo. DOMLogger++ v1.0.9 is now out and available! 🎉

This update fixes a lot of issues, including the historical DevTools bug on Chromium 🔥

It also brings full Caido session handling, which is going to be useful in the near future! 👀

👉 https://t.co/wQHbXqzvkq

1/2 https://t.co/xT93PZtPZW

2

152

28

48

8K

maxenceschmitt retweeted

Doyensec @Doyensec

9 months ago

📢It's here! Part 2 of Norbert Szetei's (@73696e65) research into ksmbd. See how customized fuzzing & the appropriate sanitizers led to discovering 23 Linux kernel CVEs, including use-after-frees & out-of-bounds reads/writes. https://t.co/LmigwJtB2c #doyensec #appsec #security

Doyensec's tweet photo. 📢It's here! Part 2 of Norbert Szetei's (@73696e65) research into ksmbd. See how customized fuzzing & the appropriate sanitizers led to discovering 23 Linux kernel CVEs, including use-after-frees & out-of-bounds reads/writes.

https://t.co/LmigwJtB2c
#doyensec #appsec #security https://t.co/hkQK0qncxV

0

78

31

34

8K

Maxence SCHMITT @maxenceschmitt

10 months ago

@j_zere Nice one !

0

1

0

0

260

maxenceschmitt retweeted

Doyensec @Doyensec

12 months ago

🚀We have just released a new Security Advisory for @NASA's CFITSIO library 🛰️. Click the link for details on the Heap Overflow, Type Confusion, Out-of-Bound Writes and other vulnerabilities discovered by our @a_denkiewicz ! https://t.co/7X6YVBzhdo #doyensec #appsec #security

Doyensec's tweet photo. 🚀We have just released a new Security Advisory for @NASA's CFITSIO library 🛰️. Click the link for details on the Heap Overflow, Type Confusion, Out-of-Bound Writes and other vulnerabilities discovered by our @a_denkiewicz !

https://t.co/7X6YVBzhdo

#doyensec #appsec #security https://t.co/1416PTqcpK

0

43

10

10

3K

Maxence SCHMITT @maxenceschmitt

12 months ago

@xssdoctor Nice research 👍. I’m happy to know that my article was useful . Indeed, these upload bypasses an be used in many use cases.

1

4

0

2

432

maxenceschmitt retweeted

12 months ago

This research is based on this article https://t.co/9c3PjDeK3r which explains that the magic bytes of a pdf (and webp) file are NOT in the beginning of the file. The article goes on to show that a valid pdf can be valid json

3

87

8

60

6K

maxenceschmitt retweeted

Doyensec @Doyensec

about 1 year ago

We'd like to welcome 👋@imarcex_ as our latest Application Security Intern. Welcome aboard! 🎉 #doyensec #appsec #internship

Doyensec's tweet photo. We'd like to welcome 👋@imarcex_ as our latest Application Security Intern. Welcome aboard! 🎉

#doyensec #appsec #internship https://t.co/W85CbQZQEg

0

26

6

0

2K

maxenceschmitt retweeted

Doyensec @Doyensec

about 1 year ago

Our @73696e65's latest research has resulted in at least 1⃣5⃣ CVEs in ksmbd🤯, including multiple use-after-frees, bounds checks, type confusion and overflows‼️ Check it out today! https://t.co/AiobDskF5e #doyensec #appsec #security #linux

Doyensec's tweet photo. Our @73696e65's latest research has resulted in at least 1⃣5⃣ CVEs in ksmbd🤯, including multiple use-after-frees, bounds checks, type confusion and overflows‼️ Check it out today!

https://t.co/AiobDskF5e

#doyensec #appsec #security #linux https://t.co/xD8dO6KPDr

0

37

15

8

2K

maxenceschmitt retweeted

Szymon Drosdzol @tell1c0

about 1 year ago

After many late nights and busted apps as security consultant at @Doyensec , I trained my spidey senses 🕷️ to detect when an API code is practically begging for an auth vulns. Join me at #CONFidence2025 for common pitfalls, and tips for writing secure authz from the start.

tell1c0's tweet photo. After many late nights and busted apps as security consultant at @Doyensec , I trained my spidey senses 🕷️ to detect when an API code is practically begging for an auth vulns.

Join me at #CONFidence2025 for common pitfalls, and tips for writing secure authz from the start. https://t.co/GnL7glf0NV

1

10

4

0

829

maxenceschmitt retweeted

Doyensec @Doyensec

about 1 year ago

🚀#InQL v6.0 is here! Full Kotlin rewrite w/ improved performance & responsiveness! 🆕 Built-in GraphiQL and #GraphQL Voyager visualization regardless of the target 🆕Circular references detector 🆕Improved batch queries screen 🚀 SPEED! #doyensec #appsec https://t.co/UPcTE42ZMP

0

40

11

5

2K

maxenceschmitt retweeted

Doyensec @Doyensec

about 1 year ago

As a follow up to @maxenceschmitt 's amazing #CSPT research, we've published a list of resources to help people interested in this class of vulnerabilities. Check it out today for video, tools, challenges and variety of publications! https://t.co/kAN5e9Yk6l #Doyensec #appsec

Doyensec's tweet photo. As a follow up to @maxenceschmitt 's amazing #CSPT research, we've published a list of resources to help people interested in this class of vulnerabilities. Check it out today for video, tools, challenges and variety of publications!

https://t.co/kAN5e9Yk6l

#Doyensec #appsec https://t.co/ltOusX1uQL

0

44

17

23

2K

maxenceschmitt retweeted

@pentest_swissky

about 1 year ago

Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal - @maxenceschmitt https://t.co/caPYEhxE6y

0

25

8

14

2K

maxenceschmitt retweeted

Critical Thinking - Bug Bounty Podcast

about 1 year ago

A crazy client-side exploit chain by @busf4ctor & @xssdoctor: CSPT+JSON+SelfXSS → cookie path → XSS This bug went through CSPT abuse, hidden params, CORs bypass, and CloudFront cache poisoning. Breakdown:

2

121

12

58

7K

Last Seen Users on Sotwe

Trends for you

Most Popular Users