Bug Bytes #189 – Top YouTube Channels of 2022, Web Hackers vs Ferrari, Cognito Security Misconfiguration
By travisintigriti
January 10, 2023
Last updated on March 6, 2025
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from January 2nd to January 8th
Intigriti News
From my notebook
It’s been a quiet week in the offensive security community, this week I’ve put together a must read list on more advanced resources shared this week. From a look into the world of automotive security and household names, to the nitty gritty of Java Deserialisation, scaling up a neat website idea into a search engine and proxying encrypted traffic.
Image Stacks and iPhone Racks – Building an Internet Scale Meme Search Engine
Manipulating AES Traffic using a Chain of Proxies and Hardcoded Keys
Other Amazing Things
#NahamCon2022EU: I Hope This Sticks: Analyzing ClipboardEvent Listeners
Reflective XSS via Link Click / SSRF [Hackvent 2022 – Day 14]
#NahamCon2022EU: Hunting for Amazon Cognito Security Misconfigurations
Would you prefer a password-less login? #cybersecurity #shorts
LevelUpX – Series 13: SPI Flash for Bug Bounty Hunters with Nerdwell
I hacked a large company (70k+ employees) through social engineering. Legally of course.
Hacking is a mentality that can be applied to much more than computers.
Automated and Continuous Recon/Attack Surface Management — Amass Track and DB
simple Python script that can scan a URL for a Remote Code Execution (RCE) vulnerability.
Python script that will get a search term from the user and search for related articles on Medium…
How to perform dynamic analysis of a smart contract with Myth
How to automate your initial recon and extend ASM using Sub-Scout
CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building
India’s Aadhar card source code disclosure via exposed .svn/wc.db
Access to page with default credentials that require authenticate $$$.
Logic Bug Can Create Multiple User Accounts with 1 Phone Number (Reward $150)
JNDI Injection Series: RMI Vector – Insecure Deserialization
You may also like
June 26, 2026
Intigriti Bug Bytes #237 - June 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we are featuring: A 10-year-old pre-auth RCE in phpBB Earning $500K hacking Google with AI Reading any Salesforce Marketing Cloud account's emails New DOMPurify sanitizer bypass Mapping abandoned S3 buckets to redo SolarWinds at
May 30, 2026
Intigriti Bug Bytes #236 - May 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring: Earning $148K via RCE in Google Cloud How public Google API keys became Gemini credentials Our first official Burp Suite extension Two new bypasses for Chrome's Sanitizer API One-click account takeover from a
April 24, 2026
Intigriti Bug Bytes #235 - April 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring: Compromising an NPM package with 40M weekly downloads Bypassing Cloudflare WAF for a full ATO 20-part series on exploiting JWT vulnerabilities First Intigriti Bug Bounty Meetup And so much more! Let's dive