Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

Leverage eBPF to secure internet-facing APIs: FastAPI, BlackSheep, Flask, Django, aiohttp, tornado, and more.

Summary A vulnerability in Windows’s File History Service allows local users to gain elevated privileges on the Windows operating system. Credit An independent security researcher working with SSD Secure Disclosure, the vulnerability was one of the winners…

Barracuda email security gateway devices became the target of a cyber espionage attack from a group with ties to China, known as UNC4841. This group managed

Attackers have quite a few sneaky ways to gather information from your WordPress website. They can get their hands on details like the WordPress version you're using, the active plugins and their versions, and even info about your active users. In this article…

According to a recent article on Neowin, Microsoft Edge has a new feature that allows it to take screenshots of every web page a user…

Useful resources for SOC Analyst and SOC Analyst candidates. - GitHub - LetsDefend/awesome-soc-analyst: Useful resources for SOC Analyst and SOC Analyst candidates.

Presenting the usage of the osv-scanner tool from Google in real-life Python and Java projects. A tool review with its pros and cons.

Phylum has identified a malware campaign spanning PyPI, npm and RubyGems. Delivering early stage malware to users.

VULNERABILITY DESCRIPTION
This vulnerability involves a Web Cache Deception attack targeting the https://redacted.com/anynonexisting URL endpoint. By manipulating the caching mechanisms, unauthorized users can gain access to sensitive Personally Identifiable…

Chepy is a python lib/cli equivalent of the awesome CyberChef tool. - GitHub - securisec/chepy: Chepy is a python lib/cli equivalent of the awesome CyberChef tool.

Setup Kioptrix 1.1 & start hacking, commenting & showing every step from recon, port scan, exploitation, privilege escalation & becoming root

Discovery and walkthrough of CVE-2023-38633 in librnoscript, when two URL parser implementations (Rust and Glib) disagree on file scheme parsing leading to path traversal.

Identify and harden your External Security Posture with the leader. Let us manage time-consuming tasks and focus on remediation

In my past two blog posts, I’ve explored how to combine multiple port scanning tools to create a fast service scanning tool for large networks, and how I sped up nmap’s service scanning by changing its “wait for content” time. In this post, I’m going to be…

We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication.

TruffleHog scanned the top 1 Million visited websites and discovered 4,500 exposed git directories and hundreds of leaked API keys + secrets.