Security writeups from researchers for researchers

We scan, we hack, we write about it. New interesting vulnerabilities, attack techniques, tools and bug bounty tips.

Log in Subscribe

Home
About

AWS S3 Bucket Takeover - how to find it and maximize impact?

AWS S3 Bucket Takeover - how to find it and maximize impact?

The impact of an AWS S3 Bucket Takeover can range from none, account takeover, and even up to RCE. In this article, we’ll tell you how to find it and maximize its impact

Greg

10 Jan 2024 · 6 min read

Security of new features in Next.js 14 - Server Actions, Taints

Security of new features in Next.js 14 - Server Actions, Taints

Next.js 14 (and 13) introduced many attack vectors without providing the tooling necessary for organizations to detect them. It is easier than ever before to expose server secrets, introduce unauthenticated "endpoints" or any other issue that will make you vulnerable

Dawid Moczadło

30 Oct 2023 · 5 min read

Escalating debug mode in Django to RCE, SSRF, SQLi

Escalating debug mode in Django to RCE, SSRF, SQLi

Security implications of DEBUG=true in Django. Learnings from an ethical hacker's perspective

Dawid Moczadło

24 Oct 2023 · 3 min read

© 2025 Vidoc Security Lab - blog. All rights reserved.