Bug Bytes #190 – BBTips, Attacking Wide Scopes, AWS and Containers
By travisintigriti
January 18, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from January 9th to January 15th
Intigriti News
From my notebook
The rough theme for this week is cloud security, honestly this is a must learn skill for bug bounty hunters in 2023, at least the basics of how to deploy to AWS. I’ve walked right past a valid AWS key without realising it, thankfully now I use TruffleHog if I’m looking at open source but it’s definitely a skill worth picking up even with tools.
Other Amazing Things
$1 mln bounty in Aurora blockchain for no input sanitisation bug
An Adversaries Approach to Smart Contracts (with @hackermate_)
Live Recon Sundays – Interview a Hacker: @gf_256 – Smart Contract
Unlock the boundless possibilities of ChatGPT: Hunt down pesky bugs and enjoy seamless automation!
JWT Security 101: How to defend against common attacks on JSON Web Tokens
Brute-force attacks Cheat Sheet (FTP, POP3, SNMP, SSH, VNC, …)
Clear communication is crucial: why writing effective vulnerability reports matters
Bug Hunting 101: Directory Enumeration & Authentication Bypass
Bypass mysql_real_escape_string and addslashes from Injection Attacks
How I Found AWS API Keys using “Trufflehog” and Validated them using “enumerate-iam” tool
Uploading the Webshell using filename of Content-Disposition Header Story!
bypass two-factor authentication in Android apps and web 1000$ TikTok
How I Earned $1000 From Business Logic Vulnerability (account takeover)
A Newbie’s Guide to Bug Bounty Hunting: Navigating the World of Subdomain Enumeration
JNDI Injection Series: RMI Vector — The Final Piece of The Puzzle
How Browser’s Save As Feature might lead to Code Execution (CVE-2022–45415)
India’s Aadhar card source code disclosure via exposed .svn/wc.db
API based IDOR to leaking Private IP address of 6000 businesses
You may also like
November 21, 2025
Intigriti Bug Bytes #230 - November 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Finding an RCE using AI in GitHub CORS exploitation cheat sheet Scanning codebases with AI Bypassing paywalls SSTIs in AI models And so much more! Let’s dive in! We are thrilled to announce that Inti
October 31, 2025
Intigriti Bug Bytes #229 - October 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Cool trick to find disclosed secrets in internal web extensions A repository full of WAF bypasses Hacking Intercom misconfigurations Wayback Machine for hackers And so much more! Let’s dive in! October’s
September 12, 2025
Intigriti Bug Bytes #228 - September 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: A common (yet unknown) SSRF attack vector in Next.js Middleware Exploiting PDF processors by generating and uploading malicious PDF payload files A full reconnaissance breakdown on how to approach any target