Research is one of our founding principles and we invest heavily in it. We aim to provide research-driven application security, enabling trust in our client's products and evolving the resilience of the digital ecosystem. By discovering new vulnerabilities and attack techniques, we constantly improve our capabilities and contribute to secure the applications we all use.

Advisory

cve-2017-2379

04/11/2017

macOS, iOS, tvOS, watchOS CarbonCore Buffer Overflow

04/11/2017

A memory corruption vulnerability was identified in a core component of Apple's font parsing - CarbonCore. This issue could allow an attacker to execute code during the parsing of a malicious Datafork TrueType font.

Download the advisory PDF file: Doyensec_Advisory_FontParsingOSX.pdf

Advisory

cve-2017-2435

04/11/2017

macOS, iOS, tvOS, watchOS CoreText Corrupted Loop Index

04/11/2017

A memory corruption vulnerability was identified in a core component of Apple's font parsing - CoreText. Through a malicious True Type Collection (ttc) font file, CoreText will enter a loop unintentionally referencing out of bounds memory.

Download the advisory PDF file: Doyensec_Advisory_FontParsingOSX.pdf

Advisory

cve-2017-2439

04/11/2017

macOS, iOS, tvOS, watchOS FontParser Infoleak

04/11/2017

An information leakage vulnerability (out-of-bounds read) was discovered in Apple's FontParser, which could allow an attacker to disclose the process memory. This issue could facilitate further exploitation.

Download the advisory PDF file: Doyensec_Advisory_FontParsingOSX.pdf

Advisory

cve-2017-2450

04/11/2017

macOS, iOS, tvOS, watchOS CoreText Infoleak

04/11/2017

An information leakage vulnerability (out-of-bounds read) was discovered in Apple's CoreText, which could allow an attacker to disclose the process memory. This issue could facilitate further exploitation.

Download the advisory PDF file: Doyensec_Advisory_FontParsingOSX.pdf

Publication

slides

03/30/2017

Application security recipes for fast paced environments
Computerworld SEMAFOR 2017 (Warsaw, Poland)

03/30/2017

Download the presentation PDF file: Application_Security_Recipes_for_Fast-Paced_Environments.pdf

Ensuring the security of web applications in continuous delivery environments is an open challenge for many organizations. In fast-paced environments (e.g. startups, agile SDLC shops, etc.), traditional application security practices can slow continuous delivery or simply not address security at all. Instead, a new approach based on security automation and tactical security testing is required to make sure that important components are tested before going live. In this presentation, I will illustrate a few examples on how Silicon Valley-based startups approach security testing while seeking the perfect balance between compliance, security and business productivity.

Code

ajpfuzzer

02/27/2017

A command-line fuzzer for the Apache JServ Protocol (ajp13)

02/27/2017

AJPFuzzer is a rudimental fuzzer for the Apache JServ Protocol, also known as 'ajp13'. Built on top of libajp13, the tool allows you to create and send AJP messages using an easy-to-use command line interface. AJPFuzzer can craft properly formatted AJP13 messages (all message types) as well as mutations (e.g. bit flipping, messages with type mismatch, etc.), which facilitates security testing efforts targeting AJP-based services like web servers AJP modules, J2EE containers, and many others.

Download the source and binary from AJPFuzzer's Github page

Code

libajp13

02/27/2017

A complete AJPv1.3 Java library

02/27/2017

libajp13 is a fully featured open source library implementing the Apache JServ Protocol version 1.3 (ajp13), based on the Apache Protocol Reference. Thanks to libajp13, it is now possible to craft properly formatted AJP binary packets with a single line of code.

Download the source and binary from libajp13's Github page

US Office
1250 Clay Street, Suite 208
94108 San Francisco - USA

John Villamil
john@doyensec.com

EMEA Office
Ul. Florianska 6, Suite 1B
03-707 Warsaw - Poland

Luca Carettoni
luca@doyensec.com

When working with Doyensec, you will be working directly with its founders. We are the points of contact, the negotiators, the problem solvers, and the hackers.

For proposals or questions: info@doyensec.com or +1 (628) 333 9093