blog.doyensec.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-16.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-04-16 2026 | ksmbd: Fuzzing Improvements and Vulnerability DiscoveryFuzzing | Library for improving fuzzing and discovering vulnerabilities in `ksmbd`, an SMB server implementation. This resource details techniques for expanding the attack surface by enabling configuration options like durable handles, oplocks, and SMB2 leases, and discusses fuzzer improvements. It specifically mentions patching NTLMv2 authentication, adjusting connection limits, and simulating valid SMB state transitions by parsing responses for TreeIDs and SessionIDs. The library also leverages protocol specifications to build grammars for commands like SMB2 IOCTL requests and explores fuzzing strategies such as focused area fuzzing to target specific code paths like `smb_check_perm_dacl`, which led to the discovery of integer overflows. |
| 2026-04-10 2026 | Doyensec: Common OAuth VulnerabilitiesAPI SecAuthN | Checklist for identifying common OAuth vulnerabilities, detailing attacks against the Implicit Flow, Authorization Code Flow, Authorization Code Flow with PKCE, Client Credentials Flow, Device Authorization Flow, and Resource Owner Password Credentials Flow. This resource helps testers and developers assess implementation security by explaining protocol complexities and known attack vectors. |
| 2025-08-14 2025 | GraphQL - Security Overview and Testing Tips · Doyensec's BlogGraphQL | Reference for GraphQL security testing, this article highlights common vulnerabilities like Broken Access Controls, Insecure Direct Object References, and SQL/NoSQL Injections. It recommends tools such as `graphql-ide` and a custom Python script (`GraphQL_Introspection.py`) for enumerating schemas. The text details testing tips for identifying exposed endpoints, such as `/graphql` or `/graphql.php?debug=1`, and emphasizes the need for developers to implement robust authorization logic, as GraphQL itself does not inherently secure data. It also discusses the risks of nested queries leading to DoS attacks and information disclosure through error messages. |
| 2025-08-14 2025 | SSRF Cross Protocol Redirect Bypass · Doyensec's BlogSSRF | Writeup detailing a Server-Side Request Forgery (SSRF) vulnerability, CVE-2023-28155, found in the `request` library. The bypass technique involves exploiting cross-protocol redirects, where a malicious server redirects an HTTPS request to an HTTP endpoint, circumventing SSRF filters that incorrectly reset the agent during protocol switches. The article also examines protections in `node-fetch` and `axios`, and includes a Semgrep rule to detect misconfigurations in Axios. |
| 2023-06-06 2023 | Reversing Pickles with r2pickledecDeserPython | Tool for decompiling Python pickle files, r2pickledec supports all instructions up to protocol 5. It integrates with Radare2, enabling analysis of pickle contents, including identifying serialized objects like "requests.sessions" and "Session," and understanding the assembly language used in pickles. The tool facilitates reversing complex pickle data by translating the byte stream into human-readable instructions and object structures. |