Martín Doyhenard

Security Researcher · Exploit writer · Developer · Speaker
Security Researcher with over 10 years of experience specializing in web security, reverse engineering and AI security. Renowned for presenting groundbreaking research at premier conferences like Black Hat, DEFCON and RSA. Active participant in Capture The Flag (CTF) competitions and bug bounty programs, consistently uncovering critical vulnerabilities and driving innovation in cybersecurity.
X · PortSwigger · GitHub · LinkedIn
tincho.doy@gmail.com

Research

Surfing through the Stream: Advanced HTTP Desync Exploitation in the Wild — workshop

Hands‑on workshop delivered at DEF CON 33 (2025) — Bug Bounty Village.
  • DEF CON 33 (2025)Agenda

Gotta Cache ’Em All: Bending the Rules of Web Cache Exploitation

Web cache deception & poisoning techniques across CDNs and proxies.

Internal Server Error: Exploiting Inter‑Process Communication in HTTP servers

New desynchronization primitives leading to memory corruption in SAP ICM.

Response Smuggling: Pwning HTTP/1.1 Connections

Novel response‑smuggling vectors for HTTP/1.1.

Pwning Oracle EBS for Real Profit / PAYDAY

ERP attack surface and exploitation paths in Oracle E‑Business Suite.

I Forgot your Password: Exploiting SAP's recovery systems

Systematic weaknesses in modern password reset and recovery flows.
  • RSA Conference 2018Video
  • Troopers 2018Agenda
  • EkoParty 2018Video

Tools

HTTP Hacker — Black Hat Arsenal 2025
Interactive HTTP stream hacking utilities for Burp Suite.
BApp Store · GitHub · Black Hat USA 2025 — Arsenal
CacheKiller — Black Hat USA 2024
Payloads/utilities accompanying the cache exploitation research.
GitHub · Research

Blogposts

  • PortSwigger Research — Gotta Cache ’Em AllRead
  • PortSwigger Research — Making desync attacks easy with TRACERead
  • Onapsis — Oracle’s July 2019 CPU Patches Three Critical Vulnerabilities in E‑Business SuiteRead
  • Onapsis — SAP Security Notes — March 2017Read
  • Onapsis — SAP Security Notes — Feb 2018 (HANA XS Advanced)Read
  • Onapsis — VIDEO: Oracle PAYDAY vulnerabilitiesWatch
  • Onapsis — ICMAD: Critical vulnerabilities in SAP applicationsRead

Capture The Flag

  • EY Onsite CTF — EkoParty 2016 — Winner (onsite).
  • BlueFrost Online CTF — 2017 — Winner (Windows reverse engineering).
  • Immunity Onsite CTF — EkoParty 2019 — Winner (onsite).
  • Onapsis CTF — EkoParty 2020 — Designed and developed the CTF. @Onapsis_Games

Notable CVEs

  • CVE‑2022‑22536 & CVE‑2022‑22532 — SAP ICMAD (Internet Communication Manager Advanced Desync). Referenced by CISA as critical and later reported exploited in the wild. CISA alert
  • CVE‑2021‑38162 — See details at NVD.
  • CVE‑2020‑2750 — See details at NVD.
  • CVE‑2019‑2828 — Oracle E‑Business Suite (credit in Oracle CPU). Oracle CPU (Jul 2019)
  • CVE‑2019‑2638 — Oracle E‑Business Suite. NVD
  • CVE‑2019‑2633 — Oracle E‑Business Suite. NVD
  • CVE‑2018‑2465 — SAP HANA XS Advanced related fixes. NVD
  • CVE‑2017‑16687 — See details at NVD.
Related advisories & notes: CISA 2018 ERP alert · SAP Notes — March 2017 · SAP Notes — Feb 2018