Intigriti Bug Bytes #220 - January 2025 🚀

Welcome to the first Bug Bytes of 2025! Each month, we team up with bug bounty experts to bring you insights, platform updates, new programs, and upcoming community events—all to help you find more bugs!

Latest Platform Updates

Altera, an Intel company, has officially opened its public bug bounty program on our platform!  
 
Ready to put your skills to the test and get rewarded for vulnerabilities found? Start hunting today. 

Altera bug bounty

Start Hunting on Altera!

CTF Challenges on GitHub

Intigriti 1337UP Live CTF Event 2024

CryptoCat has uploaded all former challenges across our CTF series (22 – 24) to our GitHub, check these out here.

Monthly Challenge

CTF Challenge 0125

Intigriti's January Challenge by Godson is live! Pop an alert here by 17th January for a chance to win €400 in SWAG prizes!

Blogs and Videos

Testing JavaScript Files for Bug Bounty Hunters!

Testing JavaScript files for bug bounty hunters Featured Image

JavaScript files are goldmines for bug bounty hunters like you! They can help you find all sorts of vulnerabilities, from hard-coded secrets to hidden API endpoints and even DOM-based vulnerabilities! If you want to dive deeper into JS files, we’ve recently made an article just for you! Read Testing JavaScript files for bug bounty hunters on our blog!

• Wonder how PRO hunters keep finding and exploiting blind XSS vulnerabilities? We’ve shared an entire methodology, from server setup to finding your first blind XSS vulnerability!

• Insecure file uploads can introduce various critical vulnerabilities, including RCE! Make sure you try out these 7 techniques whenever you’re testing file upload functions on your target!

• Are you trying any of these 5 recon techniques that most hunters forget about? If not, we highly recommend you do! And while you’re on Twitter/X, try to drop us a follow! We share new bug bounty tips and resources (almost daily) to help you find more vulnerabilities!

Tools and Resources

Tools

GitLab Subdomains

GitLab Subdomains

Finding subdomains using GitLab search? @gwendallecoguic made an open-source tool to help you find even more subdomains!

• Want to find more DOM-based vulnerabilities? Check Untrusted Types by @filedescriptor, an open-source web extension to help you easily track arbitrary input originating from DOM sources and directly inserted in DOM sinks!

• This tool by @pdiscoveryio allows you to quickly combine the results of 10s of APIs such as Shodan, Censys, Hunter, Fofa, etc to help you discover more hosts!

• PortSwigger recently published a new interactive URL validator cheat sheet that can help you bypass flawed URL validations to help you exploit SSRF vulnerabilities for example!

Resources

Starting Your Bug Bounty Journey in 2025?

Intigriti

@intigriti

·Follow

Starting your bug bounty journey in 2025? 🥷 Here are 5 practical tips that we can share with you to help you find your first bug faster! 🤑 🧵 👇

10:07 AM · Dec 31, 2024

129

Reply

Copy link

Read 1 reply

Are you starting your bug bounty journey in 2025? Let us help you out a bit - check out this quick guide on tips for bug bounty beginners!

• Imagine you received a new Discord message, opened it and got malicious code executed on your machine... This is how @S1r1u5_ found a remote code execution in Discord for $5000!

• In case you aren’t aware, @albinowax shared his DEFCON talk “Listen to the Whispers: Web Timing Attacks that Actually Work”!

• Need an extensive SQL injection cheat sheet for bug bounty hunting and pentesting in general? Check out @0xTib3rius’ SQL Injection cheat sheet, it provides payloads for the 5 most popular databases such as MySQL, PostgreSQL, Oracle, etc.!

• Learn from the hacker legends themselves! @ArchAngelDDay shares how he became the most valuable hacker!

• @lukejahnke shared an interesting way to still send POST requests without a content type request header to help exploit certain CSRF vulnerabilities!

2024 Wrapped

2024 was a milestone year for us at Intigriti and we couldn’t resist creating our very own 2024 wrapped to reflect this – check out the numbers below 👇

2024 Wrapped

Want the break-down of these numbers? Head to our accompanying blog to read more 👀

Behind The Screens

Back in December we kicked off the holiday season with our end of year parties for both our UK & Belgium offices.

In the UK, the team enjoyed a drinks reception and some virtual clay pigeon shooting (no pigeons were harmed in the making of this event 😉)

Behind the Screens

Behind the Screens

Meanwhile over in Belgium our team enjoyed some festive team building exercises (courtesy of Escape the Box) followed by a team dinner to kick off the holiday’s!

Behind the Screens

Feedback and Suggestions

Our researchers are at the core of everything we do. If you have feedback or suggestions to help us build and grow, we want to hear from you!  

Pop a note over to support@intigriti.com and we’ll take it from there!

As we step into the promise of a new year, January can often be a time to reflect and set goals. 

Intigriti is no exception to the rule - we’ve set big goals to ensure we continue to deliver a leading bug bounty platform for all. 

Whatever your ethical hacking goals, we’re looking forward to supporting you every step of the way. 

Wishing you a ‘bounty-full' start to the year ahead and become the researcher you always wished,

Meme