Mohamed

AuthN/Z is always a #security minefield & MCP adds even more complexity with agents, remote servers, and transitive trust. This @goteleport -sponsored deep dive breaks down attack vectors & why each step is a potential trust boundary. 🔗 blog.doyensec.com/2026/03/05/mcp… #doyensec #ai

🧞Your wish has been granted - the latest @pagedout_zine edition is out! In it, our @tell1c0 takes a quick look at #vibecoding, walking through the creation of an AI agent🤖. Check it out today! #doyensec #appsec #ai #Security pagedout.institute

🚨Just posted🚨: Learn about real-world API authorization vulnerabilities we frequently see with the slides from @tell1c0's recent presentation at @CONFidenceConf in Krakow. doyensec.com/resources/CONF… #doyensec #appsec #security

🥳The latest !exploitable is here! We're sharing all the joy that comes with exploiting an arbitrary file write in GitLab, while cruising the Mediterranean. 🚢 Everything from onerous configurations to spotty internet! Enjoy! #doyensec #appsec #security blog.doyensec.com/2025/03/18/exp…

Despite being central to their security, many orgs struggle to securely implement #OAuth. Our new post walks through common issues & how to prevent them, along with a useful checklist! Read it today & ensure your org is secure: blog.doyensec.com/2025/01/30/oau… #doyensec #security #appsec

In the latest Doyensec research, our Norbert Szetei (@73696e65) takes a closer look at the SMB3 Kernel Server (ksmbd) component of the Linux kernel. Check it out today & learn what he found, which led to multiple CVEs! #Doyensec #Appsec #Security #Linux blog.doyensec.com/2025/01/07/ksm…

CSRF in modern web apps? It's still possible! Our latest research by @maxenceschmitt dives into using Client-Side Path Traversal to perform CSRF. Check out our latest blogpost and brand new #Burp extension for finding bugs. #doyensec #appsec #CSPT2CSRF blog.doyensec.com/2024/07/02/csp…

Checkout @maxenceschmitt's presentation at @owasp's Global AppSec in Lisbon to learn how Client-Side Path Traversal can be leveraged for CSRF attacks! #owasp #appsec #doyensec sched.co/1Vajr lisbon.globalappsec.org

Congratulations 🎉 to Doyensec's own @73696e65 for discovering an out-of-bounds memory read vulnerability in the Linux kernel! Details: groups.google.com/g/syzkaller/c/… The fix has been committed here: github.com/torvalds/linux… #doyensec #appsec #linux #security

New blog post on our new Server Side Prototype Pollution Gadgets Scanner plugin for #BurpSuite! It features a modern detection approach and a focus on real-world exploitation. Download it today! blog.doyensec.com/2024/02/17/ser… github.com/doyensec/Serve… #Doyensec #AppSec #websecurity

PoIEx, a new #Doyensec tool, identifies "Points of Intersection" where code & IaC definitions meet. Visualize & explore IaC, plus create & share real-time notes w/ teammates in VS Code. Try it out today‼️ blog.doyensec.com/2024/01/30/poi… github.com/doyensec/PoiEx #CloudSecurity #appsec

Learn more about how having a security-oriented scheduling strategy for #k8s can limit opportunities for lateral movement within your environment in our latest blog post. #doyensec #Kubernetes #security #appsec blog.doyensec.com/2024/01/23/k8s…

Just posted! Learn how to achieve privilege escalation via misconfigured #AWS Batch & the solution for our previous lab, in the latest installment of #Doyensec's "Cloudsec Tidbits" series by @ouadmoha and @lacerenza_fra. #cloudsecurity #DevSecOps #appsec blog.doyensec.com/2023/06/13/mes…

Zero Touch Production platforms improve security while also making auditing and IR easier. Our latest post talks about common pitfalls found in their implementations and how to avoid repeating past mistakes. blog.doyensec.com/2023/05/04/tes… #doyensec #appsec #devops #infosec #security

Read the full technical details here >> wiz.io/blog/azure-act…

Phishing scams targeting #crypto wallets are everywhere. In our latest blog post, @viktorot details one such attack and offers suggestions on how wallets can improve their security. #doyensec #appsec #phishing #infosec blog.doyensec.com/2023/03/28/wal…

In our latest blog post, learn how Szymon Drosdzol found a trivial SSRF bypass in #NodeJS 's `request` library (18M weekly downloads). Learn how to patch it and get the details on how other widely used libraries handle the same vector. #Doyensec #appsec blog.doyensec.com/2023/03/16/ssr…

Check out @lacerenza_fra's new PESD @Burp_Suite extension. It converts proxy history to interactive diagrams! Easily document findings or convey complicated logical application flows in seconds! #Doyensec #appsec #Pentesting blog.doyensec.com/2023/02/14/pes… github.com/doyensec/PESD-…

Hey folks, just released the second episode of my Mariana Trench series! Did u like the first one? The more you dive in, the more vulnerabilities you may get. But watch out for false positives! blog.oia.ovh/posts/mariana_… #android #AppSec #infosecurity #DevSecOps

Announcing the release of `safeurl` - a library to help #golang devs "Build with Security"! This module provides tested & versatile protection against Server Side Request Forgery (SSRF)! Hurry and check it out! #doyensec #AppSec blog.doyensec.com/2022/12/13/saf… github.com/doyensec/safeu…