Bug Bytes #204 – Everything You Missed From NahamCon
By travisintigriti
June 21, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from June 12th to June 18th
Intigriti News
From my notebook
So this week and weekend saw the return of NahamCon and there were some great talks on the main programme and the villages on Saturday, the talks are still being uploaded so we’ll update you when they’re all available but here’s what’s been released so far…
#NahamCon2023: Bug Bounty Village | Free Workshops | !discord
Going Beyond Microsoft IIS Short File Name Disclosure – NahamCon 2023 Edition
Nahamcon [The Power of Shodan Leveraging Shodan for Critical Vulnerabilities]
How to do account takeover? Case study of 146 bug bounty reports
Autorize in 30 Seconds! (shorts)
Genymotion – Proxying Android App Traffic Through Burp Suite | Cameron Cartier
given up on random text files, all my notes are now in burp tab titles
I continually underestimate how beneficial it is to go for scope that others avoid.
Beginner
Intermediate
Advanced
Security Research
From Bug Bounty Hunter to Risk Analyst: My Cybersecurity Journey at Deloitte
Pentesting Xamarin Android apps: DLLs and root check bypass – hn security
can I speak to your manager? hacking root EPP servers to take control of zones
MOVEit Transfer CVE-2023-34362 Deep Dive and Indicators of Compromise
Pre-Authenticated RCE In VMware VRealize Network Insight CVE-2023-20887
Bugs
CTF challenges
Unveiling Trickest: My Secret Weapon for Automating the Bug Bounty Hunt
Capture Login Information from the Captive Portal with SEToolkit
GitHub – Anof-cyber/MobSecco: Clone Cordova application for bypassing security restrictions
Get a list of associated domains from a list of IPs with hakip2host!
Find leaked API Keys and Secrets using a single GitHub search query
This bypass by @Akamai *may* be useful when exploiting Windows-based SSRF vulnerabilities
trick to find hidden endpoints on web apps, start with Underscore (_)
You may also like
Intigriti Bug Bytes #219 - December 2024 🎅
December 13, 2024
Bug Bytes #218 – Advent of Cyber, RCEs and hacking poems
December 6, 2023