Learnings from scanning 2 million hosts daily for Bug Bounty TL;DR; of my presentation at IWCON - The Infosec Writeups' Security Conference Big thread, a lot of juicy stuff 🔥 1/n #bugbountytips #bugbounty #bugbountytip

Dawid did excellent presentation last week on bug bounty hunting and security research we did using Vidoc Security Lab Lot of great #bugbountytips - check it out!

Parameters.yml File Disclosure. How to find this High vulnerability? Keep reading to take advantage of this easy hack we are about to show you. 👇 1/5

If i told you that I created a scanner that could detect only 1 out of 10 security issues you would call be crazy This is actually a success rate of SASTs (static application testing ) that are currently on the market Only 12,7% of all security issues can be detected by SASTs

I have so many thoughts about this. I did NOT love SAST at the start of my career, but over the past 3 years, thanks to Next-Gen SAST, I changed my mind, and now work at #Semgrep. My how the tables have turned...

See you at Code Europe this year!

Just discovered "Reset Tolkien" , a shiny new tool from Aethlios for cracking time-based secret tokens with the sandwich attack. Random-looking tokens can contain so many flaws, it's great to see more eyes on this area. aeth.cc/public/Article…

How we were able to send 500 million of HTTP/1.1 requests using Go 🚀 (every 24h) moczadlo.com/2024/how-i-sen… #golang #go

Didn't catch up in Las Vegas, neither in Los Angeles but finally we managed in San Francisco 😁 cheers Vidoc Security Lab

ChatGPT and Claude generate hilariously insecure code (rant) For a simple prompt "Write endpoint to update user profile" ChatGPT and Claude will generate code that contains at least two high vulnerabilities It's terrible. More than 90% of developers use some AI in their work

Advisors of the biggest Biohackathon.xyz in the world announced 🧵 Conferance on Friday, Biohackathon on Saturday and Sunday, and a bio/acc rave party from Sunday evening to Monday morning! Optional two weeks mini popup city in Cambridge! Form in 🧵 lu.ma/htdjpke9

I ❤️ Anthropic. I ❤️ Modal. So I took the chance to combine the two and build a distributed implementation of the new Computer Use Tools API! musings.yasyf.com/improving-clau…

Unhackabel Hack starts tomorrow, Dawid Moczadło and I are co-hosting, join us! Link to Luma: lu.ma/emr098l7

Thanksgiving is over, so our devs Molecule @bioprotocol flew to Cambridge Uni this weekend for Biohackathon.xyz Onboarding PhD scientists who have never heard of crypto or DeSci - there's a $1k bounty 🧑‍🔬 What should they hack? Comment 100 reshares I'll make it $100k

Imagine interviewing a candidate who looks like a very strong coder. Almost extending an offer. But turns out, the candidate is a deepfake. This actually happened with a startup called Vidoc Security - twice! Deepdive with all the details: newsletter.pragmaticengineer.com/p/ai-fakers