Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

Nominations are now open for the Top 10 Web Hacking Techniques of 2017. Every year, numerous security researchers choose to share their findings with the community through conference presentations, bl

First few milliseconds of ssl tls connection.TLS handshake protocol explained in depth with wireshark. RSA,Diffie Hellman.TLS records.CA cert

Intro - Testing Google Sites and Google Caja In March 2018, I reported an XSS in Google Caja, a tool to securely embed arbitrary html/javanoscript in a webpage. In May 2018, after the XSS was fixed, I realised that Google Sites was using an unpatched version…

Five different backdoors were found in Cisco's software this year, and Cisco's history with backdoors goes back many years.

Unit 42 documents the emergence of three malware campaigns built on publicly available source code for the Mirai and Gafgyt malware families that incorporate multiple known exploits affecting Internet of Things (IoT) device.

Intro - Testing Google Sites and Google Caja In March 2018, I reported an XSS in Google Caja, a tool to securely embed arbitrary html/javanoscript in a webpage. In May 2018, after the XSS was fixed, I realised that Google Sites was using an unpatched version…

Unit 42 documents the emergence of three malware campaigns built on publicly available source code for the Mirai and Gafgyt malware families that incorporate multiple known exploits affecting Internet of Things (IoT) device.

#NoFilter

gitleaks - Audit git repos for secrets 🔑

Intel's innovation in cloud computing, data center, Internet of Things, and PC solutions is powering the smart and connected digital world we live in.

The phrase “Bank Grade Security” usually provides little comfort for those of us in the information security world, but nevertheless, buzzword-driven markete...

I recently came across an interesting behaviour on PHP. Apparently, PHP permits the usage of Unicode characters as variable names. There...

Recently, we found a new exploit using port 5555 after detecting two suspicious spikes in activity on July 9-10 and July 15. In this scenario, the activity involves the command line utility called Android Debug Bridge (ADB), a part of the Android SDK that…

## Summary
During the parsing of Powerpoint files it seems that it is possible to include XXE payload which will be executed on the Open-XChange server. I was able to identify which files exist on...

Summary
Firefox’s bug in CSP implementation, which will be fixed in Firefox 62, provides us the way to detect the redirection of any given URL when accessed with the victim’s Firefox. Practically, OAuth is one of interesting features which requires redirections.…

In early July, Intel issued security advisories SA-00112 and SA-00118 regarding fixes for vulnerabilities in Intel Management Engine. ...

Contribute to public development by creating an account on GitHub.

A few mongth ago, Google released a new product - Hangouts Chat application, which is surely an answer to Slack . Hangouts Chat might be us...