Bug Bytes #190 – BBTips, Attacking Wide Scopes, AWS and Containers
By travisintigriti
January 18, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from January 9th to January 15th
Intigriti News
From my notebook
The rough theme for this week is cloud security, honestly this is a must learn skill for bug bounty hunters in 2023, at least the basics of how to deploy to AWS. I’ve walked right past a valid AWS key without realising it, thankfully now I use TruffleHog if I’m looking at open source but it’s definitely a skill worth picking up even with tools.
Other Amazing Things
$1 mln bounty in Aurora blockchain for no input sanitisation bug
An Adversaries Approach to Smart Contracts (with @hackermate_)
Live Recon Sundays – Interview a Hacker: @gf_256 – Smart Contract
Unlock the boundless possibilities of ChatGPT: Hunt down pesky bugs and enjoy seamless automation!
JWT Security 101: How to defend against common attacks on JSON Web Tokens
Brute-force attacks Cheat Sheet (FTP, POP3, SNMP, SSH, VNC, …)
Clear communication is crucial: why writing effective vulnerability reports matters
Bug Hunting 101: Directory Enumeration & Authentication Bypass
Bypass mysql_real_escape_string and addslashes from Injection Attacks
How I Found AWS API Keys using “Trufflehog” and Validated them using “enumerate-iam” tool
Uploading the Webshell using filename of Content-Disposition Header Story!
bypass two-factor authentication in Android apps and web 1000$ TikTok
How I Earned $1000 From Business Logic Vulnerability (account takeover)
A Newbie’s Guide to Bug Bounty Hunting: Navigating the World of Subdomain Enumeration
JNDI Injection Series: RMI Vector — The Final Piece of The Puzzle
How Browser’s Save As Feature might lead to Code Execution (CVE-2022–45415)
India’s Aadhar card source code disclosure via exposed .svn/wc.db
API based IDOR to leaking Private IP address of 6000 businesses
You may also like
February 20, 2026
Intigriti Bug Bytes #233 - February 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: How a read-only Kubernetes permission turned into full cluster takeover AI agent autonomously finds a 1-click RCE Race condition in blockchain infrastructure worth billions Finding over 500 high-severity vul
January 16, 2026
Intigriti Bug Bytes #232 - January 2026 🚀
Welcome to the latest edition of Bug Bytes (and the first of 2026)! In this month’s issue, we’ll be featuring: Hijacking official AWS GitHub repositories New anonymous bug bounty forum Finding more IDORs & SSRFs using a unique methodology New JavaScript file scanner to find hidden endpoints
December 18, 2025
Intigriti Bug Bytes #231 - December 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: React2Shell scanner (with WAF bypasses) Identifying server origin IP to bypass popular WAFs CSRF exploitation cheat sheet Finding vulnerabilities in sign-ups And so much more! Let’s dive in! November’s In