Bug Bytes #188 – Hello 2023!
By travisintigriti
January 3, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from December 26th until January 1st.
Intigriti News
From my notebook
Happy 2023! As hackers around the world rang in the new year we saw many recap their 2022 or look towards 2023 with new goals. With that in mind I’ve brought together some resources on the theme of learning new skills in the new year, for me I really want to develop new technical skills, at are you looking to learn in 2023?
JNDI Injection Series: RMI Vector — 1, JNDI Injection Series: RMI Vector — Dynamic Class Loading From Remote URL
Difficulty of Reproducing Old Exploits and Difficulty of Reproducing Old Exploits (Part Two)
Other Amazing Things
Can ChatGPT Solve Cyber Capture The Flag Puzzles? (Live Event Testing)
How I scale my containerized bug bounty automation! (Automation Series)
What advice would you give your younger self about cyber security
MrTuxracer’s Bug Bounty recap, mcipekci’s recap, harshbothra reviews his educational resources and another from haxor31337
Best bug found in 2022?, what type of bugs did you find in 2022 and what is going to be big in 2023
Endpoint Security: The Protection Mechanism of Web Application and Networks
Efficient methodology to get P2 level – subdomain takeover vulnerability
How I Design My Prefect Bug Bounty Automation (1), How I Design My Prefect Bug Bounty Automation(2) and How I Design My Prefect Bug Bounty Automation(3)
!00 Complex terms related to Bug Bounty Explained for a Newbie
Spice up your persistence: loading PHP extensions from memory
Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities
Tautulli 2.1.9 version; Cross-Site Request Forgery (ShutDown) and Denial of Service (Metasploit)
LDAP anonymous login story of my 3 simple P3 findings in DHS
Unauthorized Sign-up on Subdomain of Subdomain leading to Organization takeover worth $2000
How Capabilities actually Work ? | Exploitation | Privilege Escalation
How I got a Bug At Apple that lead’s to takeover accounts of any user who view my profile
Account Takeover Due to Cognito Misconfiguration Earns Me €xxxx
OSINT Case Study: Validating a website if its fraud or legit
CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building
My report on how the admin panel took over and I got X, $500 bounty from my report Hello hackers,
Advent of Cyber 2022 [Day 1 — Day 24] All Challenges Walkthrough and Writeups with Answers
DOM XSS Using Web Messages (Practioner) — Portswigger Lab 1 | Solution and Approach
Compromising a vulnerable GCP, INE-Labs GCPGoat walkthrough. Part-1 / Compromising a vulnerable GCP, INE-Labs GCPGoat walkthrough. Part-2
You may also like
November 21, 2025
Intigriti Bug Bytes #230 - November 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Finding an RCE using AI in GitHub CORS exploitation cheat sheet Scanning codebases with AI Bypassing paywalls SSTIs in AI models And so much more! Let’s dive in! We are thrilled to announce that Inti
October 31, 2025
Intigriti Bug Bytes #229 - October 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Cool trick to find disclosed secrets in internal web extensions A repository full of WAF bypasses Hacking Intercom misconfigurations Wayback Machine for hackers And so much more! Let’s dive in! October’s
September 12, 2025
Intigriti Bug Bytes #228 - September 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: A common (yet unknown) SSRF attack vector in Next.js Middleware Exploiting PDF processors by generating and uploading malicious PDF payload files A full reconnaissance breakdown on how to approach any target