Bug Bytes #179 – Hacking Farms, Pwning Calendars & Hacker drones?
By travisintigriti
October 26, 2022
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from October 16th until October 22nd.
Intigriti News
From my notebook
DEF CON 30 – Eugene Lim- You Have 1 New Appwntment – Hacking Proprietary iCalendar Properties & DEF CON 30 – Sick Codes – Hacking the Farm = Breaking Badly into Agricultural Devices If I had to pick the two stand out talks for me at DEFCON this year these are the two that I think about weekly since the summer, and also I actually used some of the tips in the ical video to find a bug! My tip for you reading is to check if apps automatically scan emails or similar to make calendar events.
Broken Access Control testing by ShreKy & Google VRP — [Insecure Direct Object Reference] $3133.70
How I Got $10,000 From GitHub For Bypassing Filtration oF HTML tags
23000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite
Other Amazing Things
DEFCON Releases videos from DEFCON 30 August 2022 – here’s just a small selection that interested me
DEF CON 30 BiC Village – Ochuan Marshall – The Last Log4J Talk You Ever Need
DEF CON 30 – James Kettle – Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
DEF CON 30 – Orange Tsai – Let’s Dance in the Cache – Destabilizing Hash Table on Microsoft IIS
DEF CON 30 – Michael Bargury – Low Code High Risk – Enterprise Donation via Low Code Abuse
DEF CON 30 – Jeffrey Hofmann – PreAuth RCE Chains on an MDM – KACE SMA
DEF CON 30 – Samuel Erb, Justin Gardner – Crossing the KASM – a Webapp Pentest Story
DEF CON 30 – Thomas Roth , Solana – JIT – Lessons from fuzzing a smart contract compiler
DEF CON 30 – Richard Thieme – UFOs, Alien Life, and the Least Untruthful Things I Can Say
DEF CON 30 – stacksmashing – The Hitchhacker’s Guide to iPhone Lightning and JTAG Hacking
DEF CON 30 Retail Hacking Village – Spicy Wasabi – Rock The Cash Box
CYBER When the Video Game Reaches Out to Ask You to Spend More Money
Smashing Security 294: The Virgin trains swindler, cyber clowns, and AirTag election debacle
PHP filters chain: What is it and how to use it (deserialisation)
Practical Guide to Malware Analysis and Reverse Engineering(Analyzing VBA“Macros” Code P-2.2)
Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 1)
OTP in forget password | how to bypass OTP verification | OTP poc
“Zero-Days” Without Incident – Compromising Angular via Expired npm Publisher Email Domains
I found a bug that would let me fetch any users password reset link
GitHub – Crypto-Cat/CTF: CTF chall write-ups, files, scripts etc (trying to be more organised LOL)
Extract e-mail addresses from a large JSON file – Zero Day Hacker
Paranoids (Yahoo) promotions until the end of the year
First 75 hackers of the month between October and the end of the year get a 25% bonus
First 10 mobile app reports 50% bonus
Submit a nuclei template for a 10% bonus
Welcome back bonus coming soon
Login spoofing issue in GitHub nets researcher $10k bug bounty reward
Dangerous hole in Apache Commons Text – like Log4Shell all over again
You may also like
December 18, 2025
Intigriti Bug Bytes #231 - December 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: React2Shell scanner (with WAF bypasses) Identifying server origin IP to bypass popular WAFs CSRF exploitation cheat sheet Finding vulnerabilities in sign-ups And so much more! Let’s dive in! November’s In
November 21, 2025
Intigriti Bug Bytes #230 - November 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Finding an RCE using AI in GitHub CORS exploitation cheat sheet Scanning codebases with AI Bypassing paywalls SSTIs in AI models And so much more! Let’s dive in! We are thrilled to announce that Inti
October 31, 2025
Intigriti Bug Bytes #229 - October 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Cool trick to find disclosed secrets in internal web extensions A repository full of WAF bypasses Hacking Intercom misconfigurations Wayback Machine for hackers And so much more! Let’s dive in! October’s