Bug Bytes #182 – Infosec twitter migrates to Mastodon, Google Pixel Lock Screen Bypass and Next-Gen Spidering with Katana
By travisintigriti
November 16, 2022
Last updated on March 6, 2025
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
We’re running a survey about Bug Bytes: What do you think of Bug Bytes? Let us know!
This issue covers the weeks from November 7th until November 13th.
Intigriti News
We published a blog on how to set up your own XSSHunter with a Video tutorial
This week hackers descend on Copenhagen for 1337UP1122 with Visma
From my notebook
There has been some great blog posts this week but I think the whole community was wowed by the lock screen bypass on the Google Pixel and the new tool from project discovery Katana, promising a next-gen spidering tool. I’ve also included Awesome API security which has a ton of API resources, with bugs, how tos, tools and CTFs you can practice on.
Other Amazing Things
How to get greater bounties for MEDIUM and LOW risk reports?
Hacking on Android With Gaurang Bhatnagar | Creator #InsecureShop
Israel (Cyber) Defense Forces, Blockchain, DeFi and Life as a Web3 Digital Nomad @Johnny Time
[0x0a] Reversing Shorts :: Apple’s Cross-Process Communication (XPC)
EP95 Cloud Security Talks Panel: Cloud Threats and Incidents
What can chess grandmasters teach us about Cyber? [ML BSide]
165 – Apache Batik, Static Site Generators, and an Android App Vuln
166 – OpenSSL Off-by-One, Java XML Bugs, and an In-the-Wild Samsung Chain
Hacking Tools & Resources for Bug Bounties, Red Teaming, And More!
How to mimic Kerberos protocol transition using reflective RBCD
Automate and finds the IP address of a website behind Cloudflare
10 Minute Bug Bounties: OSINT With Google Dorking, Censys, and Shodan
Cross-origin resource sharing (CORS) Explanation & Exploitation
content discovery usage and tools with real example for bug bounty(part 1)
Intercept Mobil Application Pentest Flutter traffic on iOS and Android (HTTP/HTTPS/ Ssl Pinning)
Understanding Privilege Escalation by Abusing Linux Access Control
Story of a $1k bounty — SSRF to leaking access token and other sensitive information
Sleep SQL injection on Name Parameter While Updating Profile
Google VRP (Acquisitions) — [Insecure Direct Object Reference] 2nd
CORS via XSS leaks User details including Credit Card details.
How to find (“Business_logics”) AND (”Broken Access Control”) Bugs !
How we handled a recent phishing incident that targeted Dropbox
Issue 208: Urlscan.io leaks sensitive data, Dropbox phishing attack, contract test for microservices
You may also like
April 24, 2026
Intigriti Bug Bytes #235 - April 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring: Compromising an NPM package with 40M weekly downloads Bypassing Cloudflare WAF for a full ATO 20-part series on exploiting JWT vulnerabilities First Intigriti Bug Bounty Meetup And so much more! Let's dive
March 27, 2026
Intigriti Bug Bytes #234 - March 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Earning $180K via SSRFs Free Burp Suite Pro licenses for top hackers Bypassing tricky file upload restrictions Injecting malicious code into AI coding assistants And so much more! Let’s dive in! We've team
February 20, 2026
Intigriti Bug Bytes #233 - February 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: How a read-only Kubernetes permission turned into full cluster takeover AI agent autonomously finds a 1-click RCE Race condition in blockchain infrastructure worth billions Finding over 500 high-severity vul