Maxence SCHMITT

🚨 Breaking Secure-Looking Cloud Architectures At #defcon Singapore Demo Labs, we'll show real security bugs involving AWS Cognito multi-SSO user pools & ELB routing paths, including a Malicious OIDC Server & the ELBaph utility! 🔗 defcon.org/html/defcon-si… #appsec #doyensec

Check out the latest edition of @pagedout_zine featuring Doyensec's own Bartłomiej "Bartek" Górkiewicz (@smnfbb ) vibing on Reversing Python Bytecode, along with plenty of great articles! pagedout.institute/download/Paged… #appsec #doyensec #security #reversing

🚀 inQL v6.0.1 is out! Our GraphQL security tool got big upgrades.⚡ • Schema Brute-Forcer • Server Engine Fingerprinting • Automatic Variable Generation • Performance boosts & other improvements Details: blog.doyensec.com/2025/12/02/inq… #doyensec #graphql #appsec #securityforces

DOMLogger++ v1.0.9 is now out and available! 🎉 This update fixes a lot of issues, including the historical DevTools bug on Chromium 🔥 It also brings full Caido session handling, which is going to be useful in the near future! 👀 👉 github.com/kevin-mizu/dom… 1/2

📢It's here! Part 2 of Norbert Szetei's (@73696e65) research into ksmbd. See how customized fuzzing & the appropriate sanitizers led to discovering 23 Linux kernel CVEs, including use-after-frees & out-of-bounds reads/writes. blog.doyensec.com/2025/09/02/ksm… #doyensec #appsec #security

@j_zere Nice one !

Just published my first blog post "Cache Deception + CSPT: Turning Non Impactful Findings into Account Takeover" You can read the full write-up here: zere.es/posts/cache-de…

🚀We have just released a new Security Advisory for @NASA's CFITSIO library 🛰️. Click the link for details on the Heap Overflow, Type Confusion, Out-of-Bound Writes and other vulnerabilities discovered by our @a_denkiewicz ! doyensec.com/resources/Doye… #doyensec #appsec #security

@xssdoctor Nice research 👍. I’m happy to know that my article was useful . Indeed, these upload bypasses an be used in many use cases.

In my scenario, I had xss but i needed to import a js file to escalate. The csp was tight, but i was able to upload pdfs to the same domain. I uploaded a pdf with my malicious js in it, and I was off to the races. Enjoy!

I just found the coolest csp bypass ever! did you know that a valid pdf can ALSO be valid javascript? (details below)

This research is based on this article blog.doyensec.com/2025/01/09/csp… which explains that the magic bytes of a pdf (and webp) file are NOT in the beginning of the file. The article goes on to show that a valid pdf can be valid json

We'd like to welcome 👋@imarcex_ as our latest Application Security Intern. Welcome aboard! 🎉 #doyensec #appsec #internship

Our @73696e65's latest research has resulted in at least 1⃣5⃣ CVEs in ksmbd🤯, including multiple use-after-frees, bounds checks, type confusion and overflows‼️ Check it out today! #ksmbd_linux_security_research_2" target="_blank" rel="nofollow noopener">doyensec.com/research.html#… #doyensec #appsec #security #linux

After many late nights and busted apps as security consultant at @Doyensec , I trained my spidey senses 🕷️ to detect when an API code is practically begging for an auth vulns. Join me at #CONFidence2025 for common pitfalls, and tips for writing secure authz from the start.

🚀#InQL v6.0 is here! Full Kotlin rewrite w/ improved performance & responsiveness! 🆕 Built-in GraphiQL and #GraphQL Voyager visualization regardless of the target 🆕Circular references detector 🆕Improved batch queries screen 🚀 SPEED! #doyensec #appsec github.com/doyensec/inql/…

As a follow up to @maxenceschmitt 's amazing #CSPT research, we've published a list of resources to help people interested in this class of vulnerabilities. Check it out today for video, tools, challenges and variety of publications! blog.doyensec.com/2025/03/27/csp… #Doyensec #appsec

Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal - @maxenceschmitt blog.doyensec.com/2025/01/09/csp…

A crazy client-side exploit chain by @busf4ctor & @xssdoctor: CSPT+JSON+SelfXSS → cookie path → XSS This bug went through CSPT abuse, hidden params, CORs bypass, and CloudFront cache poisoning. Breakdown:

🥳The latest !exploitable is here! We're sharing all the joy that comes with exploiting an arbitrary file write in GitLab, while cruising the Mediterranean. 🚢 Everything from onerous configurations to spotty internet! Enjoy! #doyensec #appsec #security blog.doyensec.com/2025/03/18/exp…

Thanks to the recent @PortSwigger top 10, I finally found the motivation to finish writing the 2nd article about DOMPurify security! 😁 Before releasing it, I would like to share a small challenge 🚩 Challenge link 👇 challenges.mizu.re/xss_04.html 1/2

🎉 PESD v2.0 - now in the @BApp_Store ! Effortlessly generate dynamic sequence diagrams directly from #BurpSuite traffic! Now you can also create your own theme, conveniently edit generated diagrams with MD syntax and much more! Install it today! 🎉 #doyensec #appsec #security

The results are in! We're proud to announce the Top ten web hacking techniques of 2024! portswigger.net/research/top-1…