We scan, we hack, we write about it. New interesting vulnerabilities, attack techniques, tools and bug bounty tips.
Next.js 14 (and 13) introduced many attack vectors without providing the tooling necessary for organizations to detect them. It is easier than ever before to expose server secrets, introduce unauthenticated "endpoints" or any other issue that will make you vulnerable
Security implications of DEBUG=true in Django. Learnings from an ethical hacker's perspective
Vidoc Security Lab has secured an investment from bValue, a leading player in the world of venture capital and technology innovation
We implemented Notification and Collaboration features. How it works and how it can benefit your research
As a security researcher, I absolutely love the rush of discovering a suspicious endpoint during reconnaissance (which is super easy with Vidoc Research tool ;). It's exciting to think that you might have stumbled upon something important. However, that excitement can quickly turn into frustration when you're
2022 was very busy for several reasons, today we want to present to you what we did and learned doing large-scale bug bounty hunting
TL;DR; - We improved Active Recon and data search option - Changed payments system to subscription model - Introduced Module-based security scanning with nuclei-like templates - Introduced Module Editor Sign up for Vidoc Research We are happy to introduce the newest addition to the security researcher's toolkit
What sucks the most about doing recon? — Bug Bounty Reports Explained (@gregxsunday) November 2, 2022 It all started with that one twitt ;) Inspired by Greg’s post we decided to write a summary of common problems with Recon and why Vidoc Research - our tool for security researchers - solves
TL;DR Vidoc platform will allow you to find new targets, test your payloads and collaborate with other professionals. The application security recon tool and scanner we are working on is dedicated to modern web applications. Our goal is to make big scale research affordable and easy for everybody. We
We have reported more than 60 instances of this bug across a wide range of bug bounty programs including companies like Paypal, Atlassian, Microsoft, GitLab, Yahoo, ...
