Researchers’ Blog
CREST accreditation reinforces Intigriti’s pentesting excellence
News
May 20, 2025
Intigriti, a global crowdsourced security provider, is delighted to announce that it is now CREST accredited. Who is CREST? CREST, a globally recognised not-for-profit authority in cyber security, rigorously assesses organisations against stringent standards for quality, technical proficiency, and o
CORS: A complete guide to exploiting advanced CORS misconfiguration vulnerabilities
Hacking Tools
May 18, 2025
CORS misconfiguration vulnerabilities are a highly underestimated vulnerability class. With an impact ranging from sensitive information disclosure to facilitating SSRF attacks, this client-side security vulnerability should always be part of your security testing. In this article, we will explore t
Introducing assets: a first step to a more centralized approach
Changelog
May 14, 2025
We’re pleased to share a significant new change to our platform for companies. Our goal is to empower our customers with clear, actionable insights into their attack surface. We aim to create a platform where managing your digital footprint is intuitive, collaboration is effective, and understandin
Q1 2025 platform updates: What's new & how it helps you
Changelog
April 30, 2025
As we have entered Q2 2025, let's dive into key improvements and new features introduced on the Intigriti platform in Q1, the value they bring, and how they positively impact your operation. Refined control for companies Intigriti has rolled out several new features, designed to provide organizatio
NoSQLi: A complete guide to exploiting advanced NoSQL injection vulnerabilities
Hacking Tools
April 27, 2025
NoSQL injections are relatively easier to exploit than classic SQL injections. However, developers often overlook these vulnerabilities, mainly due to limited awareness. Additionally, false beliefs among software engineers that NoSQL databases inherently resist injection attacks further increase the
Finding more vulnerabilities in vibe coded apps
Hacking Tools
April 16, 2025
Vibe coding is the latest trend sweeping through developer communities. It’s the art of describing a concept, feeding it to an AI, and letting the LLM (Large Language Model) manifest the code based purely on vibes. The quote states, "You fully give in to the vibes, embrace exponentials, and forget t
Intigriti Bug Bytes #223 - April 2025 🚀
Bug Bytes
April 11, 2025
Hello Hackers 👋 Spring is in the air, and so is the sweet scent of freshly reported bugs. Intigriti’s blooming too—each month, we squad up with elite hackers to drop hot tips, platform news, shiny new programs, and community events you won’t want to miss. Let’s make this bug season one for the boun
Hunting down subdomain takeover vulnerabilities
Hacking Tools
April 8, 2025
Subdomain takeovers are a well-documented security misconfiguration. Despite widespread awareness, developers still frequently forget to remove DNS records pointing to forgotten and unused third-party services, allowing these vulnerabilities to be present even today. In this article, we will learn w
8 Tips for writing effective bug bounty reports
Hacking Tools
March 25, 2025
So, you've found a valid security vulnerability in one of your bug bounty programs, now it's time to write the report. Finding the vulnerability was half the story. Writing effective reports is also an essential phase in bug bounty. Clear, well-written, and to-the-point bug bounty reports often get
Intigriti Bug Bytes #222 - March 2025 🚀
Bug Bytes
March 14, 2025
Hey hackers, Each month, we team up with bug bounty experts to bring you insights, platform updates, new programs, and upcoming community events—all to help you find more bugs! Product updates New Feature: Gain Deeper Insights into Researcher Activity We're excited to introduce a new way for researc
XXE: A complete guide to exploiting advanced XXE vulnerabilities
Hacking Tools
March 11, 2025
XML External Entity (XXE) vulnerabilities are one of the most overlooked yet impactful vulnerabilities in modern web applications. Although they've become seemingly harder to detect and exploit, their impact remains severe, often allowing attackers to read internal files, reach internal-only network
Intigriti Bug Bytes #221 - February 2025 🚀
Bug Bytes
February 14, 2025
Hey hackers, Each month, we round-up insights, platform updates, new programs, upcoming community events and more to help you master your hacking skills. Check out February’s edit below: BlueSky We’ve landed on BlueSky, follow us to access the latest programme updates, challenges, blogs, event news
5 Ways to hack WordPress targets
Hacking Tools
February 13, 2025
Over half a billion websites are powered by WordPress as of today. Unfortunately, not every instance deserves the same security attention as the other. The chances of coming across a bug bounty target that has a vulnerable instance is quite probable. However, some bug bounty hunters get intimidated
Hybrid Pentesting: The Smart Approach to Securing your Assets
News
February 5, 2025
Pentesting-as-a-Service is your next crucial layer of security For businesses dedicated to their security, they’ll know that truly mature infrastructure doesn’t involve just one kind of protection. Vulnerability scanners, firewalls, periodic penetration tests, and bug bounties are all independent la
Creating custom wordlists for bug bounty targets: A complete guide
Hacking Tools
January 31, 2025
Everyone understands the importance of custom wordlists in bug bounties, and how they can be deployed in targeted bruteforcing attacks to help discover new hidden endpoints. Custom wordlists can also help reduce the number of requests sent and even prevent unnecessary aggressive scanning of bug boun
Exploiting PDF generators: A complete guide to finding SSRF vulnerabilities in PDF generators
Hacking Tools
January 27, 2025
PDF generators are commonly implemented in applications. Developers tend to use these components to generate documents based on dynamic data provided from the database for example. Unfortunately, not every developer is also aware of the potential risks that he/she might introduce when integrating th
Open URL redirects: A complete guide to exploiting open URL redirect vulnerabilities
Hacking Tools
January 16, 2025
Open URL redirect vulnerabilities are easy to find as they are quite common in applications. This vulnerability type is also often considered a low-hanging fruit. However, as modern applications get more complex, so do the vulnerabilities. And that also makes it possible to escalate these lower-hang
7 Overlooked recon techniques to find more vulnerabilities
Hacking Tools
January 13, 2025
Reconnaissance is an important phase in bug bounty and in pentesting in general. As every target is unique and as we often do not have access to the code base, we'd need to come up with unique methods to gather useful and accurate data about our target to help us find vulnerabilities. In this articl
Intigriti Bug Bytes #220 - January 2025 🚀
Bug Bytes
January 10, 2025
Welcome to the first Bug Bytes of 2025! Each month, we team up with bug bounty experts to bring you insights, platform updates, new programs, and upcoming community events—all to help you find more bugs! Latest Platform Updates Altera, an Intel company, has officially opened its public bug bounty pr
Hunting for blind XSS vulnerabilities: A complete guide
Hacking Tools
January 4, 2025
Cross-site scripting (XSS) vulnerabilities are quite common and fun to find. They also carry great impact when chained with other vulnerabilities. But there's another variant of this vulnerability type that's not as easy or common to find as the other XSS types. Especially with the delayed execution