Doyensec works at the intersection of software development and offensive engineering. We discover vulnerabilities others cannot, and help mitigate the risk.
| Website | https://doyensec.com |
| Blog | https://blog.doyensec.com |
| Careers | https://www.careers-page.com/doyensec-llc |
In our @Adenkiewicz 's latest post, see how combining AFL++ with GPT-5 Codex sped up triaging the results from fuzzing NASA’s CFITSIO library and uncovered numerous vulnerabilities.
Please join us in welcoming **Matei Buzdea** as the newest intern at Doyensec! 🎉 They’re the latest in a long line of talented interns who’ve helped strengthen our team and we’re excited to see what they’ll accomplish. Welcome aboard, Matei! 🔐
🚨 Breaking Secure-Looking Cloud Architectures
At #defcon Singapore Demo Labs, we'll show real cloud security bugs involving AWS Cognito multi-SSO user pools & ELB routing paths.
Including:
• Malicious OIDC Server
• ELBaph (AWS ELB testing utility)
🔗 https://defcon.org/html/defcon-singapore/dc-singapore-demolabs.html
📢 #Doyensec is sponsoring Dev World! We'll be at our booth discussing security research & how to "Build with Security" directly with the #dev community.
Stop by - we'd love to chat!
🗓 May 7–8 | 📍 Amsterdam, Netherlands🇳🇱
Did you know you can use #InQL to recreate #GraphQL schema even when the introspection query is disabled? Our Schema Bruteforcer ensures "hidden" doesn't actually mean "off-limits".
Find out more at:
https://blog.doyensec.com/2025/12/02/inql-v610.html
https://github.com/doyensec/inql
AuthN/Z is always a #security minefield & MCP adds even more complexity with agents, remote servers, and transitive trust.
This Teleport-sponsored deep dive breaks down attack vectors & why each auth step is a potential trust boundary.
Check out the latest edition of @PagedOut featuring Doyensec's own Bartłomiej (Bartek) Górkiewicz vibing on Reversing Python Bytecode, along with plenty of other great articles!
Testing APIs? Stop guessing what's running under the hood. Use InQL's Engine Fingerprinter in Burp to identify the #GraphQL stack in seconds and save yourself the trial and error.
https://blog.doyensec.com/2025/12/02/inql-v610.html
https://github.com/doyensec/inql
Introducing SafeUpdater by Michael Pastor - A security-first update framework for Electron apps, built around explicit threat models, integrity and authenticity guarantees, and real attack mitigations. Check it out today!
https://blog.doyensec.com/2026/02/16/electron-safe-updater.html
If you missed our Szymon Drosdzol's presentation on "API Authorization Antipatterns" at CONFidence (@confidenceconf), or just want to see it again, it's your lucky day! The video is now available here: https://www.youtube.com/watch?v=Jje2MmHTGYs.
Hope you enjoy it!
Doyensec