Bug Bytes #210 – Zenbleed, Interview Questions, Challenge Coins and SQL Injections
By travisintigriti
September 6, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from August 28th – September 3rd
Intigriti News
Oda has just launched their public bug bounty program paying up to €4,000 for valid vulnerabilities!
What payload would work in the following vulnerable code snippet?
Do you want to start bug bounty, but struggle to find the right program to hack on?
From my notebook
Fake bug bounty writeup exposed (shorts)
Balancing Bytes and Well-Being: Navigating the World of Young Hackers
Local SQL injection in Zoom allowed to spy on people (shorts)
Hacker vs Program Manager – Should 0-Days get paid? (shorts)
Chat w/ Charlie Eriksen, Creator of Jswzl! (Bug Bounty, Cyber, Automation, etc.)
DEFCON 31
Srsly Risky Biz: The UK snoopers’ charter won’t stop security patches
SN 937: The Man in the Middle – WinRAR v6.23, fake flash drives, Voyager2 antenna, Google Topics
EP136 Next 2023 Special: Building AI-powered Security Tools – How We Do It?
Beginner
Intermediate
Advanced
Security Research
GDB Baby Step 4: Decoding Multiplication in Assembly with GDB — StackZero
Decoding the Enigma: A Journey into Minesweeper’s Reverse Engineering
Navigating Uncharted Waters: The Cybersecurity Implications of Maritime Vessel Hacking
Unlocking Potential: Exploring Frida & Objection on Non-Jailbroken Devices without Application
SSD Advisory – File History Service (fhsvc.dll) Elevation of Privilege – SSD Secure Disclosure
Mashing Enter to bypass full disk encryption with TPM, Clevis, dracut and systemd
Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows
Converting Tokens to Session Cookies for Outlook Web Application
Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework
Thousands of Organizations Vulnerable to Subdomain Hijacking
Google Cloud Functions are Secure, only if you know how to use them!
Bugs
A Year of Hunting into Vulnerability Disclosure programs (VDPs)
Lenskart Data Leak: Unveiling Critical Security Breach in Spring Boot Configuration
Real World Bug Hunting: Information Disclosure in Error Messages
How I was able to find the P4 vulnerability in the United States Department of Agriculture by phone.
how I was able to find information disclosed by reading my old report and understanding the website
Exploiting Maltrail v0.53 — Unauthenticated Remote Code Execution (RCE)
How I could view any Facebook Groups Notes media, and they paid me a $10,000
I was able to see all user information by manipulating parameters on the website.
How I was able to modify and delete any user’s data file (filestack API)
PII at Your Fingertips: How I Stumbled Upon an Easy-to-Find Data Leakage Vulnerability @ Swisscom
Exploring the User Registration & Login and User Management System v3.0 SQL Injection Exploit
ِAccount takeover hidden in Javascript files plus some extra work? my type.
Series of Web Exploits: From Discovery to Disclosure — XSS fun
Uncovering Vulnerabilities: Security Flaws Discovered on the Indian Prime Minister’s Website
CTF challenges
r3volved/CVEAggregate: Build a CVE library with aggregated CISA, EPSS and CVSS data
What Are They and How Do They Work · HotCakeX/Harden-Windows-Security Wiki
You may also like
Intigriti Bug Bytes #219 - December 2024 🎅
December 13, 2024
Bug Bytes #218 – Advent of Cyber, RCEs and hacking poems
December 6, 2023