Bug Bytes #179 – Hacking Farms, Pwning Calendars & Hacker drones?
By travisintigriti
October 26, 2022
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from October 16th until October 22nd.
Intigriti News
From my notebook
DEF CON 30 – Eugene Lim- You Have 1 New Appwntment – Hacking Proprietary iCalendar Properties & DEF CON 30 – Sick Codes – Hacking the Farm = Breaking Badly into Agricultural Devices If I had to pick the two stand out talks for me at DEFCON this year these are the two that I think about weekly since the summer, and also I actually used some of the tips in the ical video to find a bug! My tip for you reading is to check if apps automatically scan emails or similar to make calendar events.
Broken Access Control testing by ShreKy & Google VRP — [Insecure Direct Object Reference] $3133.70
How I Got $10,000 From GitHub For Bypassing Filtration oF HTML tags
23000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite
Other Amazing Things
DEFCON Releases videos from DEFCON 30 August 2022 – here’s just a small selection that interested me
DEF CON 30 BiC Village – Ochuan Marshall – The Last Log4J Talk You Ever Need
DEF CON 30 – James Kettle – Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
DEF CON 30 – Orange Tsai – Let’s Dance in the Cache – Destabilizing Hash Table on Microsoft IIS
DEF CON 30 – Michael Bargury – Low Code High Risk – Enterprise Donation via Low Code Abuse
DEF CON 30 – Jeffrey Hofmann – PreAuth RCE Chains on an MDM – KACE SMA
DEF CON 30 – Samuel Erb, Justin Gardner – Crossing the KASM – a Webapp Pentest Story
DEF CON 30 – Thomas Roth , Solana – JIT – Lessons from fuzzing a smart contract compiler
DEF CON 30 – Richard Thieme – UFOs, Alien Life, and the Least Untruthful Things I Can Say
DEF CON 30 – stacksmashing – The Hitchhacker’s Guide to iPhone Lightning and JTAG Hacking
DEF CON 30 Retail Hacking Village – Spicy Wasabi – Rock The Cash Box
CYBER When the Video Game Reaches Out to Ask You to Spend More Money
Smashing Security 294: The Virgin trains swindler, cyber clowns, and AirTag election debacle
PHP filters chain: What is it and how to use it (deserialisation)
Practical Guide to Malware Analysis and Reverse Engineering(Analyzing VBA“Macros” Code P-2.2)
Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 1)
OTP in forget password | how to bypass OTP verification | OTP poc
“Zero-Days” Without Incident – Compromising Angular via Expired npm Publisher Email Domains
I found a bug that would let me fetch any users password reset link
GitHub – Crypto-Cat/CTF: CTF chall write-ups, files, scripts etc (trying to be more organised LOL)
Extract e-mail addresses from a large JSON file – Zero Day Hacker
Paranoids (Yahoo) promotions until the end of the year
First 75 hackers of the month between October and the end of the year get a 25% bonus
First 10 mobile app reports 50% bonus
Submit a nuclei template for a 10% bonus
Welcome back bonus coming soon
Login spoofing issue in GitHub nets researcher $10k bug bounty reward
Dangerous hole in Apache Commons Text – like Log4Shell all over again
You may also like
April 24, 2026
Intigriti Bug Bytes #235 - April 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring: Compromising an NPM package with 40M weekly downloads Bypassing Cloudflare WAF for a full ATO 20-part series on exploiting JWT vulnerabilities First Intigriti Bug Bounty Meetup And so much more! Let's dive
March 27, 2026
Intigriti Bug Bytes #234 - March 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Earning $180K via SSRFs Free Burp Suite Pro licenses for top hackers Bypassing tricky file upload restrictions Injecting malicious code into AI coding assistants And so much more! Let’s dive in! We've team
February 20, 2026
Intigriti Bug Bytes #233 - February 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: How a read-only Kubernetes permission turned into full cluster takeover AI agent autonomously finds a 1-click RCE Race condition in blockchain infrastructure worth billions Finding over 500 high-severity vul