In our latest blog post, learn how Szymon Drosdzol found a trivial SSRF bypass in #NodeJS 's `request` library (18M weekly downloads). Learn how to patch it and get the details on how other widely used libraries handle the same vector.

#Doyensec #appsec

https://blog.doyensec.com/2023/03/16/ssrf-remediation-bypass.html

Congratulations 🎉 to our team member Adrian Denkiewicz for finding a nice 🐛Windows Installer - Elevation of Privilege Vulnerability (CVE-2023-21800) ! Keep an eye out for his upcoming blog post, detailing how he elevated to SYSTEM 🤯.

#doyensec #appsec #penetrationtesting

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21800

RT @doyensec
In our latest blog post, our chefs from 🇮🇹 and 🇫🇷 have collaborated to bring you a culinary masterpiece! Learn @lorenzostella and @maxenceschmitt's recipe for a tasty arbitrary file write to RCE via abusing #uWSGI files. Bon appétit!

https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html

#doyensec #AppSec

In our latest blog post, our chefs from 🇮🇹 and 🇫🇷 have collaborated to bring you a culinary masterpiece! Learn Lorenzo Stella and Maxence Schmitt's recipe for a tasty arbitrary file write to RCE via abusing #uWSGI files. Bon appétit!

#doyensec #appsec #appsecurity #penetrationtesting

https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html

PESD Exporter templates!

Currently matches OAuth2/OpenID/SAML flows

Diagrams are enriched with frames surrounding the standard flow + custom flags

Ctrl+f to see core flags & discover custom implementations at a glance

Example: SAML response double spending after the frame
#appsec #doyensec #appsecurity #penetrationtesting

Release blog post: https://blog.doyensec.com/2023/02/14/pesd-extension-public-release.html
Code: https://github.com/doyensec/PESD-Exporter-Extension

Check out our new PESD Burp Suite extension. It converts proxy history to interactive diagrams!

Easily document findings or convey complicated logical application flows in seconds!

Blog: https://blog.doyensec.com/2023/02/14/pesd-extension-public-release.html

Code: https://github.com/doyensec/PESD-Exporter-Extension

#Doyensec #appsec #Pentesting

PESD's Mask Rand can map strings / UUIDs to variables & reshape diagrams for more clarity.

Eliminate time wasted searching for the same UUID in multiple API calls and make reports even better!

Plus Burp Suite comments can be notes in the sequence diagram.

#appsec #doyensec

Congrats @felix on "Hacking the cloud with SAML" making PortSwigger's Top 10 Web Hacking Techniques! To celebrate, #Doyensec is releasing our tool to generate exploitation PoCs for one of the issues he found. Enjoy!

#AppSec #devsecops #secdevops

https://github.com/doyensec/CVE-2022-39299_PoC_Generator

https://portswigger.net/research/top-10-web-hacking-techniques-of-2022

Need help securing #ImageMagick against the arbitrary file read described in CVE-2022-44268? The pictured policy change can mitigate it for you.

For more recommendations on hardening your security policies check out our free tool at:
https://imagemagick-secevaluator.doyensec.com

#doyensec #appsec #secdevops #securityresearch

Teleport just published the report from our latest round of auditing their Microsoft RDP Desktop Access tool. Read it today to see the findings & our approach to clients' product security

https://doyensec.com/research.html#96

#doyensec #appsec #security #devsecops #secdevops

A sneak peek at some of the swag we give our team for finding critical vulnerabilities for our clients! As a company of researchers from the top down, we like to celebrate cool bugs!

#doyensec #appsec

The second edition of #Doyensec's "CloudSec Tidbits" has just been published! Learn all about #AWS Cognito User Attributes tampering and experiment with it in our free lab. Check it out today!
#CloudSecurity #appsec #devsecops

https://blog.doyensec.com/2023/01/24/tampering-unrestricted-user-attributes-aws-cognito.html

It's been six wild years since #Doyensec first opened for business! We appreciate all the clients and team members (past and present) who have contributed to our success. The next six will be even more amazing!

It's been six wild years since #Doyensec first opened for business! We appreciate all the clients and team members (past and present) who have contributed to our success. The next six will be even more amazing!

RT @Doyensec@twitter.com

Announcing the release of `safeurl` - a library to help #golang devs "Build with Security"! This module provides tested & versatile protection against Server Side Request Forgery (SSRF)! Hurry and check it out!

#doyensec #AppSec

https://blog.doyensec.com/2022/12/13/safeurl.html
https://github.com/doyensec/safeurl

🐦🔗: https://twitter.com/Doyensec/status/1602684301174349824