Hacker News
- On Bypassing eBPF Security Monitoring https://blog.doyensec.com/2022/10/11/ebpf-bypass-security-monitoring.html 3 comments
- Regexploit: DoS-Able Regular Expressions https://blog.doyensec.com/2021/03/11/regexploit.html 13 comments
- FIDO2 security key company publishes results of internal security audit https://blog.doyensec.com/2020/02/19/solokeys-audit.html 63 comments
Lobsters
- Regexploit: DoS-able Regular Expressions https://blog.doyensec.com/2021/03/11/regexploit.html 3 comments security
- A Look at Software Composition Analysis. It’s time to ignore most of dependency alerts. https://blog.doyensec.com/2024/03/14/supplychain.html 16 comments netsec
- Session Hijacking Visual Exploitation (SHVE). New tool for XSS Exploitation https://blog.doyensec.com/2023/08/31/introducing-session-hijacking-visual-exploitation.html 10 comments netsec
- Huawei Theme Manager Arbitrary Code Execution Vulnerability https://blog.doyensec.com/2023/07/26/huawei-theme-arbitrary-code-exec.html 7 comments netsec
- Streamlining Websocket Pentesting with wsrepl https://blog.doyensec.com/2023/07/18/streamlining-websocket-pentesting-with-wsrepl.html 5 comments netsec
- Reversing Python Pickles https://blog.doyensec.com/2023/06/01/r2pickledec.html 5 comments netsec
- The Case For Improving Crypto Wallet Security https://blog.doyensec.com/2023/03/28/wallet-info.html 2 comments netsec
- Windows Installer EOP (CVE-2023-21800) https://blog.doyensec.com/2023/03/21/windows-installer.html 2 comments netsec
- NPM request Library SSRF Cross Protocol Redirect Bypass https://blog.doyensec.com/2023/03/16/ssrf-remediation-bypass.html 4 comments netsec
- Dirty Arbitrary File Write to RCE in Python uWSGI https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html 3 comments netsec
- Introducing Proxy Enriched Sequence Diagrams (PESD). New Burp Plugin. https://blog.doyensec.com/2023/02/14/pesd-extension-public-release.html 2 comments netsec
- A Server Side Request Forgery protection library for Golang https://blog.doyensec.com/2022/12/13/safeurl.html 2 comments netsec
- The Danger of Falling to System Role in AWS SDK Client https://blog.doyensec.com/2022/10/18/cloudsectidbit-dataimport.html 2 comments netsec
- On Bypassing eBPF Security Monitoring https://blog.doyensec.com/2022/10/11/ebpf-bypass-security-monitoring.html 2 comments netsec
- Comparing Semgrep and CodeQL https://blog.doyensec.com/2022/10/06/semgrep-codeql.html 4 comments netsec
- Apache Pinot SQLi & RCE Cheat Sheet https://blog.doyensec.com/2022/06/09/apache-pinot-sqli-rce.html 2 comments netsec
- GraphQL CSRF. That single GraphQL issue that you keep missing https://blog.doyensec.com/2021/05/20/graphql-csrf.html 9 comments netsec
- Regexploit - DoS-able Regular Expressions. New tool and bugs https://blog.doyensec.com/2021/03/11/regexploit.html 8 comments netsec
- Visual Studio Code Python Extension RCE vulnerability https://blog.doyensec.com/2020/03/16/vscode_codeexec.html 3 comments netsec
- 1Password, Keeper, Dashlane and other Android password managers exposed secrets to third-party apps installed on the device, due to an improper implementation of a security setting used to prevent screenshots. Update now! https://blog.doyensec.com/2019/08/22/modern-password-managers-flag-secure.html 12 comments privacy
- Modern Android Password Managers and FLAG_SECURE Misuse https://blog.doyensec.com/2019/08/22/modern-password-managers-flag-secure.html 4 comments netsec
- Lessons in auditing cryptocurrency wallets, systems, and infrastructures https://blog.doyensec.com/2019/08/01/common-crypto-bugs.html 5 comments netsec
- Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006 fix) https://blog.doyensec.com/2018/05/24/electron-win-protocol-handler-bug-bypass.html 7 comments netsec
- Exposing GraphQL to Penetration Testers https://blog.doyensec.com/2018/05/17/graphql-security-overview.html 4 comments netsec
- Turning XSS into RCE in all Electron-based apps (Slack, Atom, Visual Studio Code, WordPress Desktop, Basecamp3, Mattermost, ..) https://blog.doyensec.com/2017/08/03/electron-framework-security.html 8 comments netsec