Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

Run individual configuration, compliance and security controls or full compliance benchmarks for Tailscale.

TargetRecently I have analyzed a RASP solution called Approov. Although there are some novel detection techniques, overall it’s not that interesting. Instead, I will focus on the obfuscation part of

A tool to assess the compliance of a VMware vSphere environment against the CIS Benchmark. - GitHub - karimhabush/cis-vsphere: A tool to assess the compliance of a VMware vSphere environment agains...

Posted in r/netsec by u/gquere • 15 points and 1 comment

Improving software memory safety is a key security objective for engineering teams across the industry. Here we begin a journey into the XNU kernel at the core of iOS and explore the intricate work our engineering teams have done to harden the memory allocator…

One of the things I like to do on this blog is write about new research that has a practical angle. Most of the time (I swear) this involves writing about other folks’ research: it’s no…

An Analysis of Remote Code Execution Vulnerability CVE-2022–34718

Spartacus DLL Hijacking Discovery Tool. Contribute to Accenture/Spartacus development by creating an account on GitHub.

EDR or Endpoint Detection and Response refers to an integrated endpoint security solution which continuously monitors end-point user's devices and try to prevent anomalies like Malware, Ransomware by using automated rule based response method.

Introducing Dastardly - a free, lightweight web application security scanner for your CI/CD pipeline, from the makers of Burp Suite. Secure web development ain't easy Ensuring your code is written sec

Table of Contents

TL;DR A vulnerability in the Galaxy Store allows attackers through an XSS to cause the store to install and/or launch an application, allowing […]

Preparing for increasing cyber attacks and enhanced regulatory obligations

With the release of iOS 16 and MacOS Ventura, we are now in the age of passkeys. This is happening through WebAuthn, a specification written by the W3C and FIDO with the involvement of all of the major vendors such as Google, Mozilla, etc. The basic premise…

By James Forshaw, Project Zero I've been spending a lot of time researching Windows authentication implementations, specifically Kerberos. I...

Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets - GitHub - Legit-Labs/legitify: Detect and remediate misconfigurations and security risks across a...

A critical vulnerability has been discovered in current versions of OpenSSL and will need to be patched immediately.