Bug Bytes #188 – Hello 2023!
By travisintigriti
January 3, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from December 26th until January 1st.
Intigriti News
From my notebook
Happy 2023! As hackers around the world rang in the new year we saw many recap their 2022 or look towards 2023 with new goals. With that in mind I’ve brought together some resources on the theme of learning new skills in the new year, for me I really want to develop new technical skills, at are you looking to learn in 2023?
JNDI Injection Series: RMI Vector — 1, JNDI Injection Series: RMI Vector — Dynamic Class Loading From Remote URL
Difficulty of Reproducing Old Exploits and Difficulty of Reproducing Old Exploits (Part Two)
Other Amazing Things
Can ChatGPT Solve Cyber Capture The Flag Puzzles? (Live Event Testing)
How I scale my containerized bug bounty automation! (Automation Series)
What advice would you give your younger self about cyber security
MrTuxracer’s Bug Bounty recap, mcipekci’s recap, harshbothra reviews his educational resources and another from haxor31337
Best bug found in 2022?, what type of bugs did you find in 2022 and what is going to be big in 2023
Endpoint Security: The Protection Mechanism of Web Application and Networks
Efficient methodology to get P2 level – subdomain takeover vulnerability
How I Design My Prefect Bug Bounty Automation (1), How I Design My Prefect Bug Bounty Automation(2) and How I Design My Prefect Bug Bounty Automation(3)
!00 Complex terms related to Bug Bounty Explained for a Newbie
Spice up your persistence: loading PHP extensions from memory
Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities
Tautulli 2.1.9 version; Cross-Site Request Forgery (ShutDown) and Denial of Service (Metasploit)
LDAP anonymous login story of my 3 simple P3 findings in DHS
Unauthorized Sign-up on Subdomain of Subdomain leading to Organization takeover worth $2000
How Capabilities actually Work ? | Exploitation | Privilege Escalation
How I got a Bug At Apple that lead’s to takeover accounts of any user who view my profile
Account Takeover Due to Cognito Misconfiguration Earns Me €xxxx
OSINT Case Study: Validating a website if its fraud or legit
CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building
My report on how the admin panel took over and I got X, $500 bounty from my report Hello hackers,
Advent of Cyber 2022 [Day 1 — Day 24] All Challenges Walkthrough and Writeups with Answers
DOM XSS Using Web Messages (Practioner) — Portswigger Lab 1 | Solution and Approach
Compromising a vulnerable GCP, INE-Labs GCPGoat walkthrough. Part-1 / Compromising a vulnerable GCP, INE-Labs GCPGoat walkthrough. Part-2
You may also like
April 24, 2026
Intigriti Bug Bytes #235 - April 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring: Compromising an NPM package with 40M weekly downloads Bypassing Cloudflare WAF for a full ATO 20-part series on exploiting JWT vulnerabilities First Intigriti Bug Bounty Meetup And so much more! Let's dive
March 27, 2026
Intigriti Bug Bytes #234 - March 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Earning $180K via SSRFs Free Burp Suite Pro licenses for top hackers Bypassing tricky file upload restrictions Injecting malicious code into AI coding assistants And so much more! Let’s dive in! We've team
February 20, 2026
Intigriti Bug Bytes #233 - February 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: How a read-only Kubernetes permission turned into full cluster takeover AI agent autonomously finds a 1-click RCE Race condition in blockchain infrastructure worth billions Finding over 500 high-severity vul