Bug Bytes #157 – Daily bug bounty recaps, Reading other bug hunter’s reports & Hacking Google Drive integrations
By Anna Hammond
February 2, 2022
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from January 24 to 31, 2022.
Intigriti news
Nullcon Berlin Student Scholarship (Sponsored by Intigriti)
Our favorite 5 hacking items
1. Vulnerability of the week
pwnkit: Local Privilege Escalation in polkit’s pkexec (CVE-2021-4034)
PwnKit or CVE-2021-4034 is a Local Privilege Escalation in polkit’s pkexec that was discovered by Qualys researchers.
It is noteworthy because it affects all major Linux distributions by default and all pkexec versions since 2009. Actually, @ryiron blogged about the root cause behind it in 2013.
Also, the vulnerability is exploitable reliably even though it is a memory corruption bug.
To practice, there is a free TryHackMe room, and some exploits by the community:
2. Writeups of the week
Hacking Google Drive Integrations (Dropbox, $17,576)
How I could have read your confidential bug reports by simple mail? (Microsoft)
A story of leaking uninitialized memory from Fastly (Fastly)
These are three entirely different types of findings but all very impressive and worth reading: @rootxharsh found a full read SSRF on Google Drive integrations in Drobox, @Sudhakarmuthu04 found a way to read other bug hunters’ reports on the Microsoft research portal, and @emil_lerner discovered a memory leak in the QUIC (HTTP/3) implementation of the H2O webserver.
3. Conference of the week
Recordings from Black Hat Europe 2021 were just released! Need I say more?
Maybe only that slides and whitepapers can be found here, and @albinowax really recommends @_danielthatcher‘s talk “Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond”.
4. Video of the week
🐛 Bug Bounty Recap 🐜 January 20-26
I’m really enjoying these daily bug bounty recaps by @PinkDraconian. They are crisp and easy to digest, a fun way to stay up-to-date or get clarifications on writeups you’re struggling to understand.
5. Tools of the week
CodExt is both a CLI tool and Python library for encoding/decoding anything. It extends the Python coded library with 120+ new codecs and has a “guess mode”.
I know there are many tools that do the same thing, but if you prefer the CLI and need support for both Bash and Python, this is a handy alternative.
Har Har Har Viewer is another useful tool. Like its name suggests it is a HAR viewer, worth bookmarking for the next time you need to handle HAR files.
Other amazing things we stumbled upon this week
Videos
Web App Pentesting – HTTP Headers & Methods & Web App Pentesting – Setting Up OWASP bWAPP With Docker
Enumerating 100 targets at once! Meg – Hacker Tools & Blog post
Kiosk Breakout & HOW TO Install Windows 11: VMware Workstation
Podcasts / Audio
Webinars
Conferences
Slides & Workshop material
Tutorials
Medium to advanced
Password spraying and MFA bypasses in the modern security landscape
How To Extract Credentials from Azure Kubernetes Service (AKS)
How to disable XXE processing? #BlueTeam
Beginners corner
Writeups
Challenge writeups
Pentest writeups
Responsible(ish) disclosure writeups
Paranoids’ Vulnerability Research: PrinterLogic Issues Security Alert #Printer
Bypassing Little Snitch Firewall with Empty TCP Packets #MacOS
Don’t Trust This Title: Abusing Terminal Emulators with ANSI Escape Characters #CLI
Bug bounty writeups
Moodle: Blind SQL Injection (CVE-2021-36393) and Broken Access Control (CVE-2021-36397) (Moodle)
Bypassing SSRF Protection to Exfiltrate AWS Metadata from LarkSuite (Lark Technologies)
Microsoft OneDrive For Macos Local Privilege Escalation (Microsoft)
CVE-2020-0696 – Microsoft Outlook Security Feature Bypass Vulnerability (Microsoft)
WPA2-Enterprise/EAP Subject Matching Vulnerability (Google Chromium, $3000)
CVE-2022-0185 – Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google’s KCTF Containers (Google, $31,337)
See more writeups on The list of bug bounty writeups.
Tools
PurplePanda: Identify privilege escalation paths within and across different clouds
LDAP Relay Scan: Check for LDAP protections regarding the relay of NTLM authentication
Tips & Tweets
Misc. pentest & bug bounty resources
Trickest Log4j & Collaboration with @Six2dez1 to automate updating OneListForAll
RTCSec newsletter – STIR/SHAKEN DoS, Cisco phone passwords, Zoom and Yealink
Stratus Red team: Granular, Actionable Adversary Emulation for the Cloud (like “Atomic Red Team™” for the cloud)
Articles
Unauthenticated Dumping of Usernames via Cisco Unified Call Manager (CUCM)
Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA
Challenges
A list for free Penetration Testing & Red Teaming Labs to build locally
A free HTB machine added every month to the Starting Point Track
Bug bounty & Pentest news
Bug bounty
Cybersecurity
Jobs
Upcoming events
OAuth 2.0 Hacking for Beginners with Farah Hawa (February 6)
Nullcon Berlin Student Scholarship (Apply before March 10)
Updates
Non technical
You may also like
Intigriti Bug Bytes #228 - September 2025 🚀
September 12, 2025
Intigriti Bug Bytes #227 - August 2025 🚀
August 15, 2025
Intigriti Bug Bytes #226 - July 2025 🚀
July 18, 2025