Bug Bytes #207 - IIS, LLMs and iOS
By travisintigriti
July 12, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from July 3rd – July 9th
Intigriti News
From my notebook
Demystifying Cybersecurity CTF’s – LIVE “You Hack Too” Tutorial
Portswigger Web Academy – OS Command Injection – Lab Walkthroughs
EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why
Risky Biz News: $922 million worth of crypto stolen in H1 2023
Danny ‘Rand0h’ Akacki discusses his love for streaming and community
Ankita Dhakar: Revolutionizing Bug Bounty Platforms with AI Integration
Beginner
Intermediate
An In-Depth Look at PEN-300 and OSEP: Succeeding in the Offensive Security Path
IDN Homograph Attack and Response Manipulation – The Rarest Case
Web3 Security Roadmap, How to become a Smart contract auditor
Bug Bounty Hunter — Let’s look at the CSTI attack method from every angle
Mastering Google Dorking: Expanding Scope, Reconnaissance, and Resources – RiSec
Advanced
Extending Burp Suite for fun and profit – The Montoya way – Part 1 – hn security
Game Hacking 101: Unleashing the Power of Memory Manipulation
Demystifying PyInstaller — A Journey into Decompiling Python Executables
Unveiling the Power of Binary Exploitation: Mastering Stack-Based Overflow Techniques
Backdooring ClickOnce .NET for Initial Access: A Practical Example
Security Research
Technical Details of CVE-2023-30990 – Unauthenticated RCE in IBM i DDM Service
Vulnerability Detection Using Attack Surface Management: Criminal IP ASM Use Case (1)
Clop Ransomware and MoveIT CVE: Ransomware: History, Timeline, And Adversary Simulation – FourCore
Actively Exploited Industrial Control Systems Hardware – SolarView Series – Blog – VulnCheck
StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability
Cloud Defense in Depth: Lessons from the Kinsing Malware – Sysdig
Windows Installer arbitrary content manipulation Elevation of Privilege (CVE-2020-0911)
The five-day job: A BlackByte ransomware intrusion case study | Microsoft Security Blog
The JSON Data Downfall: Discussing the overlooked aspects of JSON Data Amplification Attacks
Bugs
Unveiling a Unique Bug: The Quest for Website Vulnerabilities
How To Apply For The Medium.com Bug Bounty Program — You Might Win Even 1,000 Dollars Or More Even
How BAC(Broken Access Control) got me a Pre Account Takeover
Account Takeover (ATO) via Manipulation of the Change Password Funcionality
How i got my First CVE (CVE-2022–48150) on Self XSS to Reflected XSS
How I found my first P1 vulnerability by bypassing Adobe dispatcher
Unveiling a Bug: Paying $1 and Receiving $100 (or Any Amount) in Return
Found +15 XSS Via Citrix gateway latest CVE , Dup’s of (CVE-2023–24488)
Exploring the Sneaky World of Race Condition Vulnerabilities
Exploring Eclipse IDE Attack Vectors: Unveiling Google Cloud Tools Plugin Vulnerabilities
Taking Entire server control Part 2 of How I Earned $2500 in 5 Minutes
CTF challenges
GitHub – introvertmac/EasyScan: Light-weight web security scanner
Introducing httpXplorer: Simplifying httpX URL Management and Analysis
JS-Scan A .js scanner, built in PHP, designed to scrape urls and other info.
Certificate Search – Get informations about SSL certificates
CloudJack – Route53/CloudFront Vulnerability assessment utility.
You may also like
Intigriti Bug Bytes #219 - December 2024 🎅
December 13, 2024
Bug Bytes #218 – Advent of Cyber, RCEs and hacking poems
December 6, 2023