XSS AWS S3 Bucket Takeover - how to find it and maximize impact? The impact of an AWS S3 Bucket Takeover can range from none, account takeover, and even up to RCE. In this article, we’ll tell you how to find it and maximize its impact Greg 10 Jan 2024 · 6 min read
Security of new features in Next.js 14 - Server Actions, Taints Next.js 14 (and 13) introduced many attack vectors without providing the tooling necessary for organizations to detect them. It is easier than ever before to expose server secrets, introduce unauthenticated "endpoints" or any other issue that will make you vulnerable Dawid Moczadło 30 Oct 2023 · 5 min read
Tips Escalating debug mode in Django to RCE, SSRF, SQLi Security implications of DEBUG=true in Django. Learnings from an ethical hacker's perspective Dawid Moczadło 24 Oct 2023 · 3 min read
News Vidoc Secures Funding from bValue! Vidoc Security Lab has secured an investment from bValue, a leading player in the world of venture capital and technology innovation Klaudia 27 Sep 2023 · 2 min read
News Vidoc - Notifications and Collab Feature Release We implemented Notification and Collaboration features. How it works and how it can benefit your research Klaudia 6 Jun 2023 · 2 min read
Ultimate 401 and 403 bypass methods As a security researcher, I absolutely love the rush of discovering a suspicious endpoint during reconnaissance (which is super easy with Vidoc Research tool ;). It's exciting to think Klaudia 9 May 2023 · 7 min read