Security writeups from researchers for researchers.

Ultimate 401 and 403 bypass methods

As a security researcher, I absolutely love the rush of discovering a suspicious endpoint during reconnaissance (which is super easy with Vidoc Research tool ;). It's exciting to think that you

• 

Klaudia

9 May 2023 · 7 min read

How we made $120k bug bounty in a year with good automation

Beginning of the new year is always a good time to reflect and summarize achievements in the previous one. 2022 was very busy for several reasons, today we want to

• 

Klaudia

6 Feb 2023 · 7 min read

Introducing the New and Improved Web-Based Security Tool

TL;DR; - We improved Active Recon and data search option - Changed payments system to subscription model - Introduced Module-based security scanning with nuclei-like templates - Introduced Module Editor

• 

Klaudia

1 Feb 2023 · 5 min read

Why good Recon is hard, and how we make it easy

What sucks the most about doing recon? — Bug Bounty Reports Explained (@gregxsunday) November 2, 2022 It all started with that one twitt ;) Inspired by Greg’s post we decided to

• 

Klaudia

3 Nov 2022 · 3 min read

Vidoc Research - hacking platform made by researchers for researchers

TL;DR Vidoc Research platform will allow you to find new targets, test your payloads and collaborate with other researchers. The application security recon tool and scanner we are working

• 

Klaudia

24 Sep 2022 · 3 min read

XSS

Hacking Swagger-UI - from XSS to account takeovers

We have reported more than 60 instances of this bug across a wide range of bug bounty programs including companies like Paypal, Atlassian, Microsoft, GitLab, Yahoo, ...

• 

Dawid Moczadło

16 May 2022 · 11 min read