DOMLogger++ v1.0.9 is now out and available! 🎉 This update fixes a lot of issues, including the historical DevTools bug on Chromium 🔥 It also brings full Caido session handling, which is going to be useful in the near future! 👀 👉 https://t.co/wQHbXqzvkq 1/2

📢It's here! Part 2 of Norbert Szetei's (@73696e65) research into ksmbd. See how customized fuzzing & the appropriate sanitizers led to discovering 23 Linux kernel CVEs, including use-after-frees & out-of-bounds reads/writes. https://t.co/LmigwJtB2c #doyensec #appsec #security

🚀We have just released a new Security Advisory for @NASA's CFITSIO library 🛰️. Click the link for details on the Heap Overflow, Type Confusion, Out-of-Bound Writes and other vulnerabilities discovered by our @a_denkiewicz ! https://t.co/7X6YVBzhdo #doyensec #appsec #security

This research is based on this article https://t.co/9c3PjDeK3r which explains that the magic bytes of a pdf (and webp) file are NOT in the beginning of the file. The article goes on to show that a valid pdf can be valid json

We'd like to welcome 👋@imarcex_ as our latest Application Security Intern. Welcome aboard! 🎉 #doyensec #appsec #internship

Our @73696e65's latest research has resulted in at least 1⃣5⃣ CVEs in ksmbd🤯, including multiple use-after-frees, bounds checks, type confusion and overflows‼️ Check it out today! https://t.co/AiobDskF5e #doyensec #appsec #security #linux

After many late nights and busted apps as security consultant at @Doyensec , I trained my spidey senses 🕷️ to detect when an API code is practically begging for an auth vulns. Join me at #CONFidence2025 for common pitfalls, and tips for writing secure authz from the start.

🚀#InQL v6.0 is here! Full Kotlin rewrite w/ improved performance & responsiveness! 🆕 Built-in GraphiQL and #GraphQL Voyager visualization regardless of the target 🆕Circular references detector 🆕Improved batch queries screen 🚀 SPEED! #doyensec #appsec https://t.co/UPcTE42ZMP

As a follow up to @maxenceschmitt 's amazing #CSPT research, we've published a list of resources to help people interested in this class of vulnerabilities. Check it out today for video, tools, challenges and variety of publications! https://t.co/kAN5e9Yk6l #Doyensec #appsec

Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal - @maxenceschmitt https://t.co/caPYEhxE6y

A crazy client-side exploit chain by @busf4ctor & @xssdoctor: CSPT+JSON+SelfXSS → cookie path → XSS This bug went through CSPT abuse, hidden params, CORs bypass, and CloudFront cache poisoning. Breakdown:

🥳The latest !exploitable is here! We're sharing all the joy that comes with exploiting an arbitrary file write in GitLab, while cruising the Mediterranean. 🚢 Everything from onerous configurations to spotty internet! Enjoy! #doyensec #appsec #security https://t.co/AMdtG4PWDX

Thanks to the recent @PortSwigger top 10, I finally found the motivation to finish writing the 2nd article about DOMPurify security! 😁 Before releasing it, I would like to share a small challenge 🚩 Challenge link 👇 https://t.co/Fw1ePWFOMB 1/2

🎉 PESD v2.0 - now in the @BApp_Store ! Effortlessly generate dynamic sequence diagrams directly from #BurpSuite traffic! Now you can also create your own theme, conveniently edit generated diagrams with MD syntax and much more! Install it today! 🎉 #doyensec #appsec #security

The results are in! We're proud to announce the Top ten web hacking techniques of 2024!

🚨 Michelin Red Team starting the year with a bang! Multiple vulnerabilities discovered in VMware Aria Operations (CVE-2025-22218, 22219, 22220, 22221, 22222) 🔥 Time to patch and stay sharp! 🔗 VMware Advisory: https://t.co/JVKX1L0EXQ #CyberSecurity #RedTeam #VMware #CVE2025

Despite being central to their security, many orgs struggle to securely implement #OAuth. Our new post walks through common issues & how to prevent them, along with a useful checklist! Read it today & ensure your org is secure: https://t.co/UHLlE9vlQB #doyensec #security #appsec

Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal https://t.co/HwZg8S59rE #pentesting #CyberSecurity #infosec

My English has never been good, I tried to translate what I had in my mind and I hope this shows how I feel Every step of this journey was a challenge—long hours, sacrifices, and moments when it felt impossible. But it was all worth it. I’m so proud and honored to have won 1st

Client Side Path Traversal (CSPT) Bug Bounty Reports and Techniques Like I promised here is a list of cool CSPT bugs I have found in bug bounty programs over the years using multiple methods and getting critical impacts https://t.co/h4fAeLyKXr