RoloMijan

Introducing Session Hijacking Visual Exploitation (SHVE): An Innovative Open-Source Tool for XSS Exploitation · Doyensec's Blog blog.doyensec.com/2023/08/31/int…

AI era.

Stop using security tools that don't "get" your code. 🛑 Traditional scanners miss logic flaws because they can't reason. We built Deflectra, a multi-agent AI system that performs SAST/DAST with actual context. The stats: - 98.08% accuracy on XBOW benchmark. - Open-source Community Edition. - Integration with Gemini, ChatGPT and Claude. If you’re tired of false positives and missed vulnerabilities, give it a spin. ⭐ Star us on GitHub: github.com/deflectra/defl… 🚀 Install now: deflectra.com/install 📖 Read the "Why": blog.deflectra.com/en/blog/welcom… More info: deflectra.com #Infosec #DevSecOps #AI #Coding

Another nomination 3⃣ @RoloMijan turns theory into reality by creating the #BurpSuite Prototype Pollution Gadgets Finder. It automates poisoning and cleaning up JSON objects in requests. This led to finding vulns in Axios & Nodemailer, ➕ more! blog.doyensec.com/2024/02/17/ser… #doyensec

Our 2⃣nd nominee: @RoloMijan dives into class pollution in #Ruby. We look at merging on hashes, & recursively & not on attributes. This identified impactful vulns in widely used code like ActiveSupport, & Hashie. Worth a 👀 & a 🗳️ too! blog.doyensec.com/2024/10/02/cla… #doyensec #appsec

If you don't love Doyensec when you're young, you don't have a heart. If you don't love Doyensec when you're old, you don't have a brain.

Help making a great Top10 so that we don't have to read all these blog posts! Good luck to all @Doyensec folks Client-Side Path Traversal to Perform Cross-Site Request Forgery, Database Transactions Undermining Your AppSec, Unveiling the Prototype Pollution Gadgets Finder, ...

Voting is now live for the Top Ten (New) Web Hacking Techniques of 2024! Browse the nominations & cast your votes here: portswigger.net/polls/top-10-w…

Red Flag 🚩 Que en su descripción ponga que coopera con INCIBE.

Session Hijacking Visual Exploitation is a tool that allows for the hijacking of user sessions by injecting malicious JavaScript code. By: @Doyensec github.com/doyensec/Sessi…

Doyensec Session Hijacking Visual Exploitation (SHVE) 1.1.0 Free download Doyensec Session Hijacking Visual Exploitation (SHVE) 1.1.0 Latest version - Hijack user sessions by injecting malicious code. Download at: dlfile.app/p/doyensec-ses…

@heretoreadbugs @Doyensec That’s for server side PP. blog.doyensec.com/2024/02/17/ser…

@Doyensec @RoloMijan we already have dom invader

📢Attention #appsec people! Our latest #burpsuite extension, Prototype Pollution Gadgets Finder (by @RoloMijan) is available in the BApp Store. Install today to find & exploit server-side prototype pollution vulns! #doyensec #bugbountytips #ctf #security portswigger.net/bappstore/fcbc…

Our newest #oss project, from @maxenceschmitt -CSPTPlayground (github.com/doyensec/CSPTP…) helps you learn how to find and exploit various client-side path traversal vulnerabilities. Level up and check it out today! #doyensec #appsec #CSPT #security

Class Pollution in Ruby: A Deep Dive into Exploiting Recursive Merges - by @Doyensec blog.doyensec.com/2024/10/02/cla…

Added: Prototype Pollution Gadgets Finder portswigger.net/bappstore/fcbc…

@hunters_flag @KrakenEU_ @l30nuz @NavajaNegra_AB @AsturCONtech @Hack_en_ @8dot8 Estás diciendo que es difícil crear un reto en un mes? xD

@KrakenEU_ @l30nuz @NavajaNegra_AB @AsturCONtech @Hack_en_ @8dot8 Bueno ya que vas de listo y tanto te enfada algo que ni te afecta ni es tuyo, venga realiza los 6 retos en menos de seis meses, estás invitado, que para criticar y usar las redes como herramienta de odio es mucho más fácil que ponerse manos a la obra

Un verdadero profesional sabe que algunos retos sirven de inspiración para otros que luego se mejoran o se modifican, ahora somos tan buenos que nos aparecen haters, felicitaciones a @l30nuz , esto demuestra nuestro nivel y calidad @NavajaNegra_AB @AsturCONtech @Hack_en_ @8dot8

#Red_Team_Tactics 1. Overriding Referrer-Policy and abusing endpoint-reuse to achieve XS leak, circumventing insecure CSP in the process infigo.is/en/insights/47… 2. Class Pollution in Ruby: A Deep Dive into Exploiting Recursive Merges blog.doyensec.com/2024/10/02/cla…

Nice work @a_denkiewicz ! Great your contribution recognized! This is the reason we give our engineers 25% of their time to perform #appsec research! Want to know more? Check out our open opportunities: doyensec.com/careers.html #infosecjobs #security #appsecjobs #bugbounty #ctf

Class Pollution in Ruby: A Deep Dive into Exploiting Recursive Merges blog.doyensec.com/2024/10/02/cla…

Class Pollution in Ruby: A Deep Dive into Exploiting Recursive Merges ift.tt/cWfQzvU ift.tt/pBRIScu