Bug Bytes #189 – Top YouTube Channels of 2022, Web Hackers vs Ferrari, Cognito Security Misconfiguration
By travisintigriti
January 10, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from January 2nd to January 8th
Intigriti News
From my notebook
It’s been a quiet week in the offensive security community, this week I’ve put together a must read list on more advanced resources shared this week. From a look into the world of automotive security and household names, to the nitty gritty of Java Deserialisation, scaling up a neat website idea into a search engine and proxying encrypted traffic.
Image Stacks and iPhone Racks – Building an Internet Scale Meme Search Engine
Manipulating AES Traffic using a Chain of Proxies and Hardcoded Keys
Other Amazing Things
#NahamCon2022EU: I Hope This Sticks: Analyzing ClipboardEvent Listeners
Reflective XSS via Link Click / SSRF [Hackvent 2022 – Day 14]
#NahamCon2022EU: Hunting for Amazon Cognito Security Misconfigurations
Would you prefer a password-less login? #cybersecurity #shorts
LevelUpX – Series 13: SPI Flash for Bug Bounty Hunters with Nerdwell
I hacked a large company (70k+ employees) through social engineering. Legally of course.
Hacking is a mentality that can be applied to much more than computers.
Automated and Continuous Recon/Attack Surface Management — Amass Track and DB
simple Python script that can scan a URL for a Remote Code Execution (RCE) vulnerability.
Python script that will get a search term from the user and search for related articles on Medium…
How to perform dynamic analysis of a smart contract with Myth
How to automate your initial recon and extend ASM using Sub-Scout
CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building
India’s Aadhar card source code disclosure via exposed .svn/wc.db
Access to page with default credentials that require authenticate $$$.
Logic Bug Can Create Multiple User Accounts with 1 Phone Number (Reward $150)
JNDI Injection Series: RMI Vector – Insecure Deserialization
You may also like
December 18, 2025
Intigriti Bug Bytes #231 - December 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: React2Shell scanner (with WAF bypasses) Identifying server origin IP to bypass popular WAFs CSRF exploitation cheat sheet Finding vulnerabilities in sign-ups And so much more! Let’s dive in! November’s In
November 21, 2025
Intigriti Bug Bytes #230 - November 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Finding an RCE using AI in GitHub CORS exploitation cheat sheet Scanning codebases with AI Bypassing paywalls SSTIs in AI models And so much more! Let’s dive in! We are thrilled to announce that Inti
October 31, 2025
Intigriti Bug Bytes #229 - October 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Cool trick to find disclosed secrets in internal web extensions A repository full of WAF bypasses Hacking Intercom misconfigurations Wayback Machine for hackers And so much more! Let’s dive in! October’s