Bug Bytes #207 - IIS, LLMs and iOS
By travisintigriti
July 12, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from July 3rd – July 9th
Intigriti News
From my notebook
Demystifying Cybersecurity CTF’s – LIVE “You Hack Too” Tutorial
Portswigger Web Academy – OS Command Injection – Lab Walkthroughs
EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why
Risky Biz News: $922 million worth of crypto stolen in H1 2023
Danny ‘Rand0h’ Akacki discusses his love for streaming and community
Ankita Dhakar: Revolutionizing Bug Bounty Platforms with AI Integration
Beginner
Intermediate
An In-Depth Look at PEN-300 and OSEP: Succeeding in the Offensive Security Path
IDN Homograph Attack and Response Manipulation – The Rarest Case
Web3 Security Roadmap, How to become a Smart contract auditor
Bug Bounty Hunter — Let’s look at the CSTI attack method from every angle
Mastering Google Dorking: Expanding Scope, Reconnaissance, and Resources – RiSec
Advanced
Extending Burp Suite for fun and profit – The Montoya way – Part 1 – hn security
Game Hacking 101: Unleashing the Power of Memory Manipulation
Demystifying PyInstaller — A Journey into Decompiling Python Executables
Unveiling the Power of Binary Exploitation: Mastering Stack-Based Overflow Techniques
Backdooring ClickOnce .NET for Initial Access: A Practical Example
Security Research
Technical Details of CVE-2023-30990 – Unauthenticated RCE in IBM i DDM Service
Vulnerability Detection Using Attack Surface Management: Criminal IP ASM Use Case (1)
Clop Ransomware and MoveIT CVE: Ransomware: History, Timeline, And Adversary Simulation – FourCore
Actively Exploited Industrial Control Systems Hardware – SolarView Series – Blog – VulnCheck
StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability
Cloud Defense in Depth: Lessons from the Kinsing Malware – Sysdig
Windows Installer arbitrary content manipulation Elevation of Privilege (CVE-2020-0911)
The five-day job: A BlackByte ransomware intrusion case study | Microsoft Security Blog
The JSON Data Downfall: Discussing the overlooked aspects of JSON Data Amplification Attacks
Bugs
Unveiling a Unique Bug: The Quest for Website Vulnerabilities
How To Apply For The Medium.com Bug Bounty Program — You Might Win Even 1,000 Dollars Or More Even
How BAC(Broken Access Control) got me a Pre Account Takeover
Account Takeover (ATO) via Manipulation of the Change Password Funcionality
How i got my First CVE (CVE-2022–48150) on Self XSS to Reflected XSS
How I found my first P1 vulnerability by bypassing Adobe dispatcher
Unveiling a Bug: Paying $1 and Receiving $100 (or Any Amount) in Return
Found +15 XSS Via Citrix gateway latest CVE , Dup’s of (CVE-2023–24488)
Exploring the Sneaky World of Race Condition Vulnerabilities
Exploring Eclipse IDE Attack Vectors: Unveiling Google Cloud Tools Plugin Vulnerabilities
Taking Entire server control Part 2 of How I Earned $2500 in 5 Minutes
CTF challenges
GitHub – introvertmac/EasyScan: Light-weight web security scanner
Introducing httpXplorer: Simplifying httpX URL Management and Analysis
JS-Scan A .js scanner, built in PHP, designed to scrape urls and other info.
Certificate Search – Get informations about SSL certificates
CloudJack – Route53/CloudFront Vulnerability assessment utility.
You may also like
January 16, 2026
Intigriti Bug Bytes #232 - January 2026 🚀
Welcome to the latest edition of Bug Bytes (and the first of 2026)! In this month’s issue, we’ll be featuring: Hijacking official AWS GitHub repositories New anonymous bug bounty forum Finding more IDORs & SSRFs using a unique methodology New JavaScript file scanner to find hidden endpoints
December 18, 2025
Intigriti Bug Bytes #231 - December 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: React2Shell scanner (with WAF bypasses) Identifying server origin IP to bypass popular WAFs CSRF exploitation cheat sheet Finding vulnerabilities in sign-ups And so much more! Let’s dive in! November’s In
November 21, 2025
Intigriti Bug Bytes #230 - November 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Finding an RCE using AI in GitHub CORS exploitation cheat sheet Scanning codebases with AI Bypassing paywalls SSTIs in AI models And so much more! Let’s dive in! We are thrilled to announce that Inti