Bug Bytes #188 – Hello 2023!
By travisintigriti
January 3, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from December 26th until January 1st.
Intigriti News
From my notebook
Happy 2023! As hackers around the world rang in the new year we saw many recap their 2022 or look towards 2023 with new goals. With that in mind I’ve brought together some resources on the theme of learning new skills in the new year, for me I really want to develop new technical skills, at are you looking to learn in 2023?
JNDI Injection Series: RMI Vector — 1, JNDI Injection Series: RMI Vector — Dynamic Class Loading From Remote URL
Difficulty of Reproducing Old Exploits and Difficulty of Reproducing Old Exploits (Part Two)
Other Amazing Things
Can ChatGPT Solve Cyber Capture The Flag Puzzles? (Live Event Testing)
How I scale my containerized bug bounty automation! (Automation Series)
What advice would you give your younger self about cyber security
MrTuxracer’s Bug Bounty recap, mcipekci’s recap, harshbothra reviews his educational resources and another from haxor31337
Best bug found in 2022?, what type of bugs did you find in 2022 and what is going to be big in 2023
Endpoint Security: The Protection Mechanism of Web Application and Networks
Efficient methodology to get P2 level – subdomain takeover vulnerability
How I Design My Prefect Bug Bounty Automation (1), How I Design My Prefect Bug Bounty Automation(2) and How I Design My Prefect Bug Bounty Automation(3)
!00 Complex terms related to Bug Bounty Explained for a Newbie
Spice up your persistence: loading PHP extensions from memory
Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities
Tautulli 2.1.9 version; Cross-Site Request Forgery (ShutDown) and Denial of Service (Metasploit)
LDAP anonymous login story of my 3 simple P3 findings in DHS
Unauthorized Sign-up on Subdomain of Subdomain leading to Organization takeover worth $2000
How Capabilities actually Work ? | Exploitation | Privilege Escalation
How I got a Bug At Apple that lead’s to takeover accounts of any user who view my profile
Account Takeover Due to Cognito Misconfiguration Earns Me €xxxx
OSINT Case Study: Validating a website if its fraud or legit
CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building
My report on how the admin panel took over and I got X, $500 bounty from my report Hello hackers,
Advent of Cyber 2022 [Day 1 — Day 24] All Challenges Walkthrough and Writeups with Answers
DOM XSS Using Web Messages (Practioner) — Portswigger Lab 1 | Solution and Approach
Compromising a vulnerable GCP, INE-Labs GCPGoat walkthrough. Part-1 / Compromising a vulnerable GCP, INE-Labs GCPGoat walkthrough. Part-2
You may also like
February 20, 2026
Intigriti Bug Bytes #233 - February 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: How a read-only Kubernetes permission turned into full cluster takeover AI agent autonomously finds a 1-click RCE Race condition in blockchain infrastructure worth billions Finding over 500 high-severity vul
January 16, 2026
Intigriti Bug Bytes #232 - January 2026 🚀
Welcome to the latest edition of Bug Bytes (and the first of 2026)! In this month’s issue, we’ll be featuring: Hijacking official AWS GitHub repositories New anonymous bug bounty forum Finding more IDORs & SSRFs using a unique methodology New JavaScript file scanner to find hidden endpoints
December 18, 2025
Intigriti Bug Bytes #231 - December 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: React2Shell scanner (with WAF bypasses) Identifying server origin IP to bypass popular WAFs CSRF exploitation cheat sheet Finding vulnerabilities in sign-ups And so much more! Let’s dive in! November’s In