🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

I wrote a blog post about attaching a PDB debugger to a running Python script via GDB: disconnect3d.pl/2024/08/04/deb… :)

If you're interested in #binary reversing, you should definitely checkout the radare #r2con2024 online conference! Doyensec's bemodtwz will be presenting on bypassing malicious pickle detection. #doyensec #appsec #security #python rada.re/con/2024/#pick…

issue 4My, nearly hour long, pre-recorded #r2con2024 talk should play tomorrow at 20:30 (GMT+1 IIRC). Go from pickle basics to breaking tools. Even my own decompiler gets fooled, multiple times I also share the detailed solution of "schizophrenic pickle" from@pagedout_zine

After a 10 minutes break to make some 🍿 we have bemodtwz from Doyensec closing #r2con2024 with the last presentation under the title "Cracking pickles with r2” youtu.be/I0oDtU1PQbs

👿Eval Villain update - available now! Recent improvements: #CSPT sink detection, addEventListener sync & needle and copy/paste injection exporting, along with bug fixes & improved usability. Install today! github.com/swoops/eval_vi… #doyensec #appsec #security #xss #bugbountytips

Paged Out! Issue #5 is out now! pagedout.institute/?page=issues.p… Happy reading! Please RT and tell your friends! :)

At #doyensec, we're proud to say we're one of the sponsors of the latest edition of the independent ezine PagedOut! Download it today for the in-depth technical content and amazing artwork! I hear page 12 is 🔥 . pagedout.institute/?page=issues.p…

Yeah, new Eval Villain is out! Mostly it's bug fixes, refactoring and updates to the default config. Coolest new feature though is hiding at the bottom of the configuration page. Click "Copy Injection" and you can paste Eval Villain anywhere JavaScript is accepted.

We are very happy and grateful to have Doyensec as our long-term sponsor! Doyensec doyensec.com

Thanks so much paπcake 🌱 🏴󠁥󠁳󠁣󠁴󠁿 for speaking to our team about radare's radare2 & automating it w/ r2pipe. Some really innovative work being done there! Take a look if you're into #forensics, #reverseengineering and/or exploit development! rada.re/n/ #doyensec #appsec

(please RT for reach - thank you!) Learned a cool new Linux trick? Know an interesting quirk in a network protocol? Or have something else to share? Write a 1-page article for the #6 issue of Paged Out! :) pagedout.institute/?page=cfp.php Soft deadline is Feb 1st.

In the latest Doyensec research, our Norbert Szetei (73696e65) takes a closer look at the SMB3 Kernel Server (ksmbd) component of the Linux kernel. Check it out today & learn what he found, which led to multiple CVEs! #Doyensec #Appsec #Security #Linux blog.doyensec.com/2025/01/07/ksm…

Following attempts to contact the casdoor maintainers, we're releasing an advisory regarding the software. This vulnerability lets attackers exfiltrate data from the identity provider (IdP) or obtain access over SCIM. Details: doyensec.com/resources/Doye… #doyensec #appsec #security

Szymon and I just published a deep dive into common #OAuth security pitfalls and how to avoid them! Check out our latest post, complete with a handy checklist to keep your org secure. 🚀 Read it now! 👇

Ahoy! 🦜 Our first "!exploitable" post provides a technical dive 🤿 into the sea 🌊 of IoT exploitation. Read it today to learn how our team 🏴‍☠️ developed an exploit while floating in the Mediterranean! blog.doyensec.com/2025/02/11/exp… #doyensec #appsec #security #iot #exploits

A lot of you were telling me I should do my courses in English, so here we go: Mastering Binary Files and Protocols: The Complete Journey hackarcana.com/bin?utm=gyn-tt This is an A-to-Z course teaching a fundamental skill in practical IT, useful in cybersec/coding/etc Start Apr 8th

r2ai.c auto mode working well already

Added exponential backoff to r2ai.c and an execute_javascript tool. It's pretty much feature complete at this point.

Our 73696e65's latest research has resulted in at least 1⃣5⃣ CVEs in ksmbd🤯, including multiple use-after-frees, bounds checks, type confusion and overflows‼️ Check it out today! doyensec.com/research.html#… #doyensec #appsec #security #linux

🚀We have just released a new Security Advisory for NASA's CFITSIO library 🛰️. Click the link for details on the Heap Overflow, Type Confusion, Out-of-Bound Writes and other vulnerabilities discovered by our Adrian Denkiewicz ! doyensec.com/resources/Doye… #doyensec #appsec #security