Vidoc Security Lab
@vidocsecurity
Followers
2,039
Following
25
Media
90
Statuses
258
Building an AI Security Engineer to keep up with emerging threat of AI generated code. 🔧
San Francisco Bay Area
Joined December 2021
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
DAVI NO DOMINGAO
• 331657 Tweets
Corinthians
• 146632 Tweets
Knicks
• 101555 Tweets
Wesley
• 94809 Tweets
Lite
• 90188 Tweets
Brunson
• 85957 Tweets
Kyrie
• 85242 Tweets
Díaz
• 73776 Tweets
Luka
• 62242 Tweets
Harden
• 61392 Tweets
Clippers
• 58924 Tweets
LOBOS COM AMSTEL
• 50833 Tweets
De Santis
• 49995 Tweets
Bucks
• 49928 Tweets
Sixers
• 49777 Tweets
昭和の日
• 42790 Tweets
Mavs
• 41445 Tweets
#ラヴィット
• 29964 Tweets
Felipe Melo
• 29031 Tweets
Pacers
• 27177 Tweets
Paul George
• 26757 Tweets
Diniz
• 23227 Tweets
Maurício
• 18209 Tweets
ATAQUE FURIOSO
• 14187 Tweets
#Canucks
• 12577 Tweets
Giannis
• 11703 Tweets
Emelec
• 10191 Tweets
Pinned Tweet
Update alert - check out what's new for you on the Vidoc platform. We released some cool new features that might be super useful for your bounty hunting or research!
#bugbountytips
1
3
13
Vulnerability that made us 30 000$ richer (and we still submit reports) - XSS in Swagger-UI related to a bug in DOMPurify - many people waited for this writeup so here you are. Article by
@kannthu1
- happy hacking!
10
225
604
Know any 403 and 404 bypass hacks? We did research on common auth bypass techniques and created new templates in Vidoc Research. Article by
@KlaKlo_
, check it out:
4
83
259
How we made $120 000 in bug bounty programs with our tool and started a company in 2022 - we described our journey in a new article. Lots of tips based on months of research and 143 bug bounty reports.
0
55
209
Parameters.yml File Disclosure. How to find this High vulnerability?
Keep reading to take advantage of this easy hack we
are about to show you. 👇
1/5
1
40
203
AWS S3 Bucket Takeover - How to Find and Maximize Impact by
@gregxsunday
In this article Greg will tell you how to:
- detect
- escalate
- show impact
AWS S3 Bucket Takeovers 😃
#BugBounty
#bugbountytip
#blog
#CyberSec
#Cybersecurity
2
68
169
How to detect AWS S3 Bucket Takeover? 🧐
You can simply make a GET HTTP request to the base
path ("/") and see if there is The specified bucket does
not exist error.
You should see something like this:
1/5
1
34
129
🧵 AWS S3 Bucket Takeover Vulnerabilities 🧵
In this thread, we will dive into what AWS S3 takeovers
are, how to maximize the impact and thus bounty for
them.
Don’t skip it because you might be missing out
on easy bounties.
1/11
#bugbounty
#bugbountytip
1
28
106
Find hidden pages and ".js" files in Next.js applications (find what other hunters miss)
Opensea as an example 👇
1/5
1
23
97
Happy to share a new article with you, this time we write about recon - why it is hard to do it right, what are the most common problems and how to solve them (wink, wink - Vidoc Research tool) ;) Check out the blogpost and let us know what you think!
0
25
94
What is the vulnerability in this code?
There is a little-known technique that is similar to No-SQL injections that can be used against some ORMs in Node.js (like Prisma) ;)
Here is the solution👇
1/5
1
20
77
We decided to share our security research tool with you all, interested?
11
8
74
Our best earning type of bugs in 2022 (one time payout). You can find details of how we did it in the article on our blog.
0
7
63
How Unicodes can be used to takeover accounts and bypass block lists 👇
1/6
#bugbountytips
#bugbountytip
#LearningWithVidoc
1
14
56
Application.ini File Disclosure. How to find this High
vulnerability?
Yes, you are right. Here we have another easy hack to
show you. Keep reading! 👇
1/5
2
13
54
How to bypass 401 or 403 with Hop-by-hop HTTP headers? Thread with practical tips for bug bounty hunters 👇
2
9
54
Unauthorized Jenkins Dashboards 🔓
Don't you love when you find a high vulnerability?
Cause we do, and we are here to show you how.
So keep reading! 👇
1/5
1
9
50
You found a Django app with debug mode enabled, now what?
Here are some learnings of how to escalate it to higher severity 👇 (from low/medium to high/critical)
#bugbountytips
#bugbountytip
#vidoc
1
11
50
Do you know you can balance XSS payloads?
If not, let us show you how! 👇
This is key when bug hunting or pentesting, cause it
shapes your payloads to fit your target's source code.
Allowing you to find XSS vulnerabilities that were
hidden from the inexperienced eye.
1/3
1
13
43
How to exploit it?
Instead of sending normal password send object:
{
"not": null
}
The payload will make sure that the password always matches - like "1=1" in SQL
4/5
1
12
43
What is exposed Apache Kafka Clusters and how to detect it? (Critical vulnerability)
Let's dive in! 👇
1/4
1
6
40
Apache Flink Dashboard - how to find them and where to look for sensitive data exposure?
Apache Flink is a robust open-source stream and batch processing framework that has gained much traction in the big data community in recent years.
Wanna know more? 👇
1
7
35
Last year we made $120k in bounties, most of it was easy and repeatable vulnerabilities. Once we detect it on one endpoint we usually scan whole infrastructure of the company for the same bug. Often we find it in several places
#bugbountytips
0
3
33
Check your inbox - we just sent a Nuclei template with Swagger-UI XSS vulnerability to our subscribers! If you are interested in our research and still didn't sign up for our newsletter, here is the link:
1
6
29
If you want to know why collab is important and how we made 120k in 2022 check out our first video, we share lots of
#bugbountytips
.
Many thanks for
@gregxsunday
,
@haqpl
and
@OlivettiOriana
- it wouldn't be possible without you, it was a great year!
1
5
30
Hi everyone! We're excited to announce the launch of the new version of Vidoc Research - web-based security tool for researchers, bounty hunters, and engineers. It's packed with new features to help you work smarter, not harder.
1
5
27
Our team submitted overal 27 reports related to Swagger-UI XSS vulnerability with possible account takeover, anyone interested in write-up?
1
2
25
When you follow-up with Swagger-UI vulnerability and find hundreds unrestricted API endpoints. Sounds like we have another topic for research.
0
0
21
Researchers who subscribed to our waitlist - check your email, you have access to Vidoc Research now!
1
1
18
Feeling nosy today? 🕵️ We'll show you how to snoop
around Exposed Git Directories so you can do some
good and help organizations secure their repositories.
Wanna be the superhero today? Keep reading then 👇
1/4
2
2
18
New feature alert 🚨
After we made a $120k bug bounty in the year we kept getting questions about how we did it.
So we are releasing Automated Scans - now you can now schedule modules to run every hour, day, week..
And automate your
#bugbounty
hunting like we did :)
2
4
17
Let's start looking for this vulnerability. To do so, you can:
Google dork 🔎
1. Go to
2. Search for - intitle:"index of" "parameters.yml.test"
OR "parameters.yml.dist" - More information at
Shodan dork 🔍
1. Go to…
2
3
17
Are your API endpoints secured against hackers?
If not, let us show you how! 👇
This is key when developing web and mobile applications, because juicy stuff can be taken from an unprotected API. And you don’t want that to happen!
1/3
2
1
17
We love hacking too, so to show our appreciation for all the hard-working bug bounty hunters, we're giving away 3 MONTHLY SUBSCRIPTIONS of Vidoc Research.
Share in comments who motivates you the most in security community and why, we will reward most inspiring answers
#bugbounty
6
3
16
Top discovered vulnerability using Vidoc in 2023? 🧐
Springboot Heapdump Actuator panel
misconfiguration!
Congrats to all bounty hunters who found it and
reported the issue! 🥳
Don’t know what Springboot Heapdump Actuator is?
Check out our Module Library and find out how…
1
3
15
@kannthu1
If you are interested in our newest research subscribe to our newsletter. Writeup on SSRF found in Facebook is coming soon.
0
5
15
API Best Security Practice for Developers
We know you are busy, so here you have a quick
#tip
to
better secure your API endpoints. 👇
1/3
1
3
15
Did you know you can use Google to identify sensitive
information from web applications? 🔍
This is called Google Dorking and it can also be used for fingerprinting websites.
It's basically a search string that uses advanced queries
to find information that is not easily…
1
8
14
Fiercely defend your server's resources 🛡️ Cause hackers will only take advantage of them ⚔️
Exploitation may lead to DoS, making the API unresponsive or even unavailable to legitimate users.
But worry not, cause here are a few things you can do to secure your API endpoints 👇…
1
2
14
Exciting news! 🚀 Vidoc Security Lab just got a boost with an investment from bValue Fund. This is just the beginning, new cool features are coming soon so stay tuned hackers!
1
3
14
3 months after publishing our SwaggerUI research we still find new vulnerable instances, still plenty of bounty to earn
1
2
13
Next time you see that some server run on Node.js use this payload:
{
"not": null
}
as a value of some body parameters, it might earn you some nice bounties:)
5/5
1
0
12
How to find Next.js applications?
1. Create an account on Vidoc for free
2. Start Recon on some domain (example - ) and wait for it to finish
3. Go to Recon -> "Explore Data"
4. Search for "Technology next.js" - our AI search will find all Next.js apps:)
0
0
11
How to list all of those pages and corresponding .js files?
1. Go to the page using Next.js -
2. Right-click and "Inspect" -> Tab "Sources"
3. Ctrl+F or Command + F (on Mac) and search for "_buildManifest.js"
4. Open the file
4/5
1
2
10
API Best Security Practice for Developers
Here there is a quick
#tip
to better secure your API endpoints over night. 👇
1/3
1
0
10
#jobopportunity
👩💻👨💻
We are currently seeking a skilled Content Creator to
develop engaging articles for our blog and other
platforms. 🧐
If you have experience in this field and a passion for
creating compelling tech content, reach out to us!
Please send us an email at…
1
3
10
How can you find this in the wild?
Google dork 🔍
1. Go to https: //google.com
2. Search for - intitle:"Dashboard [Jenkins]"
Shodan dork 🔎
1. Go to https: //shodan.io
2. Search for - html:"Dashboard [Jenkins]"
3/5
2
5
10
Vidoc Platform is going live now! Chosen researchers already got access to the tool. Everybody who signed up for the waitlist will get early access on 10th of October, and if you still didn’t check out the waitlist, here is the link:
0
1
9
Check out - you can get a Recon automation for free:) (and find servers that use Node.js)
We just launched FREE tier with:
- notifications about new subdomains
- 1 monitored domain (you can change it every 24h)
- search of the data
6/5
0
0
9
Easyscripts Installer, finding misconfigured software
on other people's servers. Isn't that fun? 😁
Continue scrolling if you want to know more! 👇
1/5
1
1
8
We had an incredible time at Poland's biggest cybersecurity event
@TheHackSummit
👾 Surrounded by amazing people and great talks. A truly unforgettable experience!
#HackSummit
#CyberSecurity
#Conference
0
0
9
Nice, what I can do with that?
- Fetch hidden .js files that can contain secrets 🤑
- Look for some hidden admin or internal pages that might have hidden functionality
How to fetch the ".js" files? (tutorial in the photo)
2
0
9
@gregxsunday
We were always most annoyed with garbage recon data, but we solved this problem. You inspired us to write an article actually, thanks Greg and everybody for comments
0
0
9
The beauty of Next.js is its file-based routing system.
Each file inside the 'pages' folder corresponds to a route in your application. Meaning, if you've 'contact.js' inside your 'pages' folder, it translates to '/contact'.
You with me? 👀
3/5
1
0
8
You can also detect it in a large scale using our VIDOC
tool, just run this module across all your potential
targets - have fun! 😀
5/5
0
0
8
We have BIG news for you!
We just released a new feature on VIDOC platform - AI
Security Assistant. 🤖
Interested? Continue reading! 👇
1/3
1
1
7
Wow, it looks like you really like our new Automated Scans feature! Happy to see how many of you are using it. Thank you all for the feedback 😎
For those who haven't checked it out yet, here's a quick tutorial 👇
2
0
7
Black Friday starts today!
- 50% discount for our existing users for Module Requests
- 90% discount on subscription fee for new users with code: VIDOC1337
Enjoy!
0
1
7
To find Apache Flink Dashboards you need to:
Google dork 🔎
1. Go to
2. Search for - intitle:"Apache Flink Web Dashboard"
Shodan dork 🔍
1. Go to
2. Search for - http.title:"Apache Flink Web Dashboard"
1
2
6
Don't you feel like doing this manually?
No issues, as our VIDOC tool has a specific module for
this, with even more matching conditions to take your
bug hunting to the next level!
Give it a look at
5/5
0
1
7
API security
#tip
- don't share more information than is absolutely necessary!
(unless you want to be a good target for hackers, and not only ethical ones)
Why? Just keep reading 👇
1
2
8
How can you disclose these files? Easily done:
Google dork 🔎
1. Go to google. com
2. Search for - intitle:"index of" "application.ini"
3/5
2
1
7
Delighted to share a wonderful Christmas baking experience with Vidoc Security Lab Team! 🍪🎄
Our day was filled with the warmth of holiday spices and the joy of creating delicious gingerbread cookies together.
Grateful for moments like these that bring festive cheer.…
0
1
7
#HappyHolidays
🎄🎄🎄
May your holidays be filled with well-deserved time
with loved ones, and may the New Year bring you the
joy of uncovering elusive vulnerabilities and the thrill of
solving complex security puzzles.
By the way, just a reminder, until the end of December…
0
1
7
Another interesting insight for you:
Do you want to know the most searched query in the recon tab?
Yes, we had thousands of those.
It looks like many hackers think alike 😀
Also, yes, it's that easy to do recon with
@vidocsecurity
Check it out if you are planning to do…
0
4
7
🎉 Exciting News, Hackers! 🎉
We're thrilled to announce the launch of our FREE tier of Vidoc.
Now, you can experience the full power and potential of our tool without spending $$
1
3
7
Cybersecurity October event in Barcelona went well! Thanks to everyone for attending. Stay tuned for more, because we are planning some events dedicated to tech security people as well. Special thanks to
@georgianabirdan
from
@egldwomen
for being amazing guests.
#ECSM2023
0
0
6
We were really surprise to see this one 😃
The most frequently targeted domains for
reconnaissance using Vidoc in 2023 was Dell, Google
and Fisglobal in the top 3!
Did you do security research on them? 🧐
Are you surprised by this summary? 😲
Let us know ✨
#Vidoc2023
…
2
2
6
Protect your data with VIDOC during Data Privacy Week!
Explore VIDOC:
✔️ Automation platform for your security team
✔️ 30% off for your business during Data Privacy Week
✔️ Book a demo and elevate your web application security
#DataPrivacyWeek
#Cybersecurity
#VIDOC
#BookDemo
1
3
6
Let's see how you can leverage search engines to find Exposed Kafka UIs:
Google dork 🔎
1. Go to
2. Search for - intitle:"UI for Apache Kafka in Google search bar"
Shodan dork 🔍
1. Go to
2. Search - http.title:"UI for Apache…
1
1
6
Wow, you guys are awesome!
6,000,000,000 HTTP scanner requests were sent on Vidoc in 2023!
We're super happy to see you using the platform and being a part of our journey :)
Would anyone like to share their
#bugbounty
story?
Or maybe you have some special requests or ideas…
1
0
6
Too time-consuming? We got this. 😎
Our VIDOC platform has an Unauthorized Jenkins
Dashboard module just for this.
Check it out at
5/5
0
0
6
What is Next.js?
It's a popular open-source React framework for building server-side rendering and static web applications
2/5
1
0
6
Don't trust the frontend of your application with this validation.
Because bad actors can modify the requests and try
different objectIDs without needing the UI's permission
to do so. And could end up retrieving information
relevant to other users.
Show them that 403…
0
0
5
How can you do that? 🤔
1. Go to
2. Search for - inurl:/.git site:
3. Analyze the results and report what you find
2/4
1
1
5
The not-so-funny part comes now, as you will have to revise the results for worthy findings.
But worry not, because our VIDOC platform comes with a module to check Apache Kafka Unauthorized UI Exposure for you on the targets you desire.
Come and give it a look!…
0
1
5
Have you heard?
We have released a new feature that will take your work
to the next level 😯⁉️
How come?
Cause we have an AI Security Assistant waiting for you
and your team on the VIDOC platform!🤖
1/3
1
2
5
To confirm and check the bucket’s name, run the dig
CNAME command to check the DNS
record.
3/5
1
0
5
If you see this message, the takeover is possible!
2/5
1
0
5
Do you keep your secrets safe?
Not those 😏 We are talking about the secrets in your applications! The ones used to communicate between systems and services.
Oh, you are not sure? Let us tell you something then👇
2
1
6
We are happy to share beta version with you, let us know what you think on discord (:
0
0
5
Stay tuned, we will be sharing some interesting stats and findings soon!
1
0
5
Want to know more? 😃
Then give VIDOC platform a go and join us for free to automatically execute more Git modules like this.
Check them out here
4/4
0
0
4
Once you gather some results, it's time to review the
findings and the information disclosed.
Do you see any db.user and db.password?
If that's the case, then you got yourself a High
vulnerability to report! 🪲
4/5
1
0
4
Wanna know more? 😯
Read the whole article in our blog at
3/3
0
0
4
This way you always have a newest info on your target infrastructure, scans always run on the latest data from recon. And it's super easy, you don’t need to setup complicated infrastructure.
Profit? You tell us about it when you get your bounty!
1
0
4
What is ORM?
ORM allows you to interact with your DB in an object-oriented way. It abstracts & handles the DB interactions, letting you deal with data as objects and methods in your chosen programming language and it automatically prevents any SQL injections
2/5
1
0
4
And just fyi we are preparing something special for Black Friday, so stay tuned ;)
0
0
4
So what is Application.ini? 🤔
It's the Zend PHP framework's configuration file. If
misconfigured, it could lead to unauthorized access to
sensitive information, resulting in data breaches, data
modifications, or even complete system compromise.
2/5
1
1
4
Okay, but where is the vulnerability?
The endpoint in the first example does not sanitize the body parameters (email and password) - it just takes the email and password and uses it to fetch user using the Prisma ORM
3/5
2
0
4
Check out our blog for deets:
0
0
4
After that, you know the domain and the bucket name
which is all the information you need to do the
takeover.
4/5
1
0
4
So what is Parameters.yml? 🤔
It’s s a juicy file commonly used in Symfony-based
applications for storing configuration parameters.
If misconfigured, it can expose sensitive information
such as database credentials and application secrets.
2/5
1
0
4
What am I doing? 😯
This dork searches for exposed .git directories within a
specific domain, which can reveal a treasure trove of
source code and development history.
That’s why you should help organizations be aware of
misconfigured repositories.
3/4
1
0
4