Bug Bytes #189 – Top YouTube Channels of 2022, Web Hackers vs Ferrari, Cognito Security Misconfiguration
By travisintigriti
January 10, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from January 2nd to January 8th
Intigriti News
From my notebook
It’s been a quiet week in the offensive security community, this week I’ve put together a must read list on more advanced resources shared this week. From a look into the world of automotive security and household names, to the nitty gritty of Java Deserialisation, scaling up a neat website idea into a search engine and proxying encrypted traffic.
Image Stacks and iPhone Racks – Building an Internet Scale Meme Search Engine
Manipulating AES Traffic using a Chain of Proxies and Hardcoded Keys
Other Amazing Things
#NahamCon2022EU: I Hope This Sticks: Analyzing ClipboardEvent Listeners
Reflective XSS via Link Click / SSRF [Hackvent 2022 – Day 14]
#NahamCon2022EU: Hunting for Amazon Cognito Security Misconfigurations
Would you prefer a password-less login? #cybersecurity #shorts
LevelUpX – Series 13: SPI Flash for Bug Bounty Hunters with Nerdwell
I hacked a large company (70k+ employees) through social engineering. Legally of course.
Hacking is a mentality that can be applied to much more than computers.
Automated and Continuous Recon/Attack Surface Management — Amass Track and DB
simple Python script that can scan a URL for a Remote Code Execution (RCE) vulnerability.
Python script that will get a search term from the user and search for related articles on Medium…
How to perform dynamic analysis of a smart contract with Myth
How to automate your initial recon and extend ASM using Sub-Scout
CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building
India’s Aadhar card source code disclosure via exposed .svn/wc.db
Access to page with default credentials that require authenticate $$$.
Logic Bug Can Create Multiple User Accounts with 1 Phone Number (Reward $150)
JNDI Injection Series: RMI Vector – Insecure Deserialization
You may also like
February 20, 2026
Intigriti Bug Bytes #233 - February 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: How a read-only Kubernetes permission turned into full cluster takeover AI agent autonomously finds a 1-click RCE Race condition in blockchain infrastructure worth billions Finding over 500 high-severity vul
January 16, 2026
Intigriti Bug Bytes #232 - January 2026 🚀
Welcome to the latest edition of Bug Bytes (and the first of 2026)! In this month’s issue, we’ll be featuring: Hijacking official AWS GitHub repositories New anonymous bug bounty forum Finding more IDORs & SSRFs using a unique methodology New JavaScript file scanner to find hidden endpoints
December 18, 2025
Intigriti Bug Bytes #231 - December 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: React2Shell scanner (with WAF bypasses) Identifying server origin IP to bypass popular WAFs CSRF exploitation cheat sheet Finding vulnerabilities in sign-ups And so much more! Let’s dive in! November’s In