Bug Bytes #215 – Hackers in Lisbon, AI bug bounty and is this the end?
By travisintigriti
October 25, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from October 15th to October 22nd
Intigriti News
Attention Belgium! Join us at our Open Port event on 2nd November!
My friend just finished his first year in CS and made his very first calculator in PHP!
Lots of happy faces at @IntelSecurity’s #KnightsOfElektron live hacking event
Here are 3 ways to find hidden parameters on your bug bounty target
From my notebook
IS THIS THE END? – STÖK says good bye to bug bounty content creation and I’m sure you’ll all join us in wishing him well
Why Governments Love to Buy the Bugs in Your Favorite Apps🎙Darknet Diaries Ep. 98: Zero Day Brokers – The dark side of bug bounty hunting?
The Circle of Unfixable Security Issues – Why don’t we fix everything?
$0 👉🏼 $1,000/Month With Bug Bounties – If NahamSec talks about his approach to bug hunting
Microsoft’s AI Bug Bounty Program: A Step Forward in AI Security – Microsoft starts a new AI bug bounty program
Two casinos hacked, one paid the ransom, one didn’t. Who was right?!
AI and hacking – opportunities and threats – Joseph “rez0” Thacker
Hacktivism Erupts in Response to Israel-Hamas Conflict & more
InfoSec Pat discusses Content Creation and Cybersecurity Careers
SN 944: Abusing HTTP/2 Rapid Reset – Passkeys, ValiDrive follow-up, 2FA apps, pre-release Spinrite
Beginner
How I Ethically Hacked a WordPress Site in 10 Minutes Using WPScan
Mastering WordPress Penetration Testing: A Step-by-Step Guide
Stored XSS – Simple Download Monitor 3.9.19 (WordPress Plugin)
File Shared < 1.6.48 (WordPress Plugin) — Sensitive Data Exposure Mysql version, enviroment, ++;
Broken Object Level Authorization Vs. Broken Functionality Level Authorization | API Hacking
Intermediate
Security Research
[Crypto] SSL/TLS, part 2: Toy TLS 1.2 client with TLS_DHE_RSA ciphersuites support.
Microsoft Account’s OAuth tokens leaking via open redirect in Harvest App”
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability
Persistent cross-site scripting vulnerabilities in Liferay Portal
The single-packet attack: making remote race-conditions ‘local’
Getting RCE in Chrome with incomplete object initialization in the Maglev compiler
Synology NAS DSM Account Takeover: When Random is not Secure
Bugs
CTF challenges
You may also like
Intigriti Bug Bytes #219 - December 2024 🎅
December 13, 2024
Bug Bytes #218 – Advent of Cyber, RCEs and hacking poems
December 6, 2023