Doyensec tears apart all manner of thick clients and server daemons written in a diverse set of languages. We hit the ground running analyzing code written in C, C++, C#, Java and other languages.

Our familiarity with modern operating systems allows us to quickly evaluate the security posture of the application and identify issues caused by interdependent components.
  • Linux, Windows, macOS

    During review of stand-alone applications and network services, we begin by mapping out the attack surface (IPC/RPC mechanisms, sockets, user-supplied input, etc.) to clearly define the threat model.

    With static analysis techniques and dynamic testing/instrumentation we can understand the inner workings of the application even if custom file formats or protocols are used. We build custom tools to exercise the application behavior with our inputs, which ultimately leads to the discovery of security vulnerabilities

    For fuzzing, we use internally-built tools and well-known frameworks to facilitate our audits. Stack and heap overflows, format strings, use-after-free, integer overflows, path traversal, and local privileges escalation bugs are just few examples of the vulnerabilities classes uncovered during these assessments.

Information Gathering and Reconnaissance

  • Features and Components
  • Entry Points
  • Error Messages
  • Stack Traces and Debugging
  • Admin Functionality


  • Stack Protection
  • Pointer Protection / Encryption
  • Stack Canaries
  • Bounds Checking
  • Position Independent Executable (PIE)
  • Admin Console Exposure
  • OS Privileges
  • Sandboxing
  • Class and Interface Declarations
  • Method and Class Extensibility
  • Mutable Objects

Memory Safety

  • Heap Overflows
  • Stack Overflows
  • Integer Overflows
  • Buffer Over-reads
  • Use After Free
  • Double Free
  • Null Pointer Dereference
  • Format Strings

Input Operations

  • File Processing and Transcoding
  • Floating Point Operations
  • Deserialization
  • String Operations
  • Equality Comparisons
  • Race Conditions
  • Integer Conversions


  • Credential Storage
  • Client / Server Attestation
  • Licensing Enforcement
  • User Attribution


  • Anti-debugging Protection
  • Code Obfuscation


  • X.509 Certificate Validation
  • TLS/SSL Ciphers
  • TLS/SSL Key Strength
  • Unencrypted Channels
  • Certificate Pinning
  • Key Storage and Rotation
  • Cipher Modes

Denial of Service

  • Resource Exhaustion
  • Assymertric Requests / Responses
  • Infinite Loops and Recursion

our research articles

Research is one of our founding principles and we invest in it heavily. All of our researchers have the privilege to use %25 of their time exclusively for self-directed research.

show more publications