Bug Bytes #214 – We launch a course, bug hunters go full time and the $20k bug
By travisintigriti
October 17, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from October 2nd to October 15th
Intigriti News
We’re hosting an Open Port event in our offices in Antwerp and you can be there!
What is the secret to finding more high-severity vulnerabilities?
From my notebook
Today I’ve chosen to highlight video creators, some of these are faces you’ve heard before but are experiementing with new content, others are smaller creators who deserve some love!
Enter the World of Haiku and Learn Hacking Through Video Games
Here are 3 bugs I’ve Found with Recon (and how I hacked them)
Hackers Are Exploiting Critical Vulnerabilities in File Transfer Software
They Took Control of His Phone (and His Life) With a Single Text Message🎙Ep. 97: The Pizza Problem
One More Reason to NEVER Answer Your Phone🎙Darknet Diaries Ep. 138: The Mimics of Punjab
A Small Town Hack Became a Secret Service Forensics Investigation🎙Ep. 96 The Police Station Incident
Web Application Pentesting and the Importance of Specialization with Tib3rius
Importance of Fundamentals and Home Labs with Kevin Apolinario
EP141 Cloud Security Coast to Coast: From 2015 to 2023, What’s Changed and What’s the Same?
Beginner
Intermediate
Security Research
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
RedTeam Pentesting – Blog – Better dSAFER than Sorry – An Attacker’s Overview of Ghostscript
Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days
Critically close to zero (day): Exploiting Microsoft Kernel streaming service
HTTP/2 Rapid Reset: deconstructing the record-breaking attack
Bugs
Exploring the Upper() Method in Python: Uncovering Vulnerabilities
CVE-2023–39308: User Feedback <=1.0.7 — Unauthenticated Stored XSS
Hunting for Hidden Treasures: Unveiling the 403 Bypass Bug Bounty Adventure
The Domino Effect: How Multiple Bugs Lead to Account Takeover
Sensitive Information Leak via Forgotten .DS_Store File on redacted.com
Security report Write-up (CORS) | Logo URL Bypass leads to IP stealing |Bounty — €400
Unauthorized Email Address Change Blocks User Account Access — $200
how to dig deep to found a tricky xss via 0auth redirect in blockchain platform and get $700
Uncovering Security Vulnerabilities: A Deep Dive into an Eye-Opening Git Discovery
OTP Bypass through Response Manipulation | A Case of Insecure Design/Implementation; Part 1
Multiple Organization Full account Take-over via privilege escalation
Page admin disclosure via facebook profile link embedded in instagram
Critical SQL Injection Vulnerability in Login Page CVE-2023–44970
Bug Bounty Hunter — Captcha Bypass #Response-to-this-Request
Beyond Error Messages: Super Admin Deletion due to Broken Access Control (€€€)
CTF challenges
You may also like
Intigriti Bug Bytes #219 - December 2024 🎅
December 13, 2024
Bug Bytes #218 – Advent of Cyber, RCEs and hacking poems
December 6, 2023