Bug Bytes #191 – Heaps of Bugs
By travisintigriti
January 25, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from January 16th to January 22nd
Intigriti News
From my notebook
Chopin’s Series on heap exploitation and memory
The toddler’s introduction to Heap exploitation — Overflows(Part 3)
The toddler’s introduction to Heap exploitation, Use After Free & Double free (Part 4)
The toddler’s introduction to Heap Exploitation, FastBin Dup Consolidate (Part 4.2)
The toddler’s introduction to Heap Exploitation, Unsafe Unlink(Part 4.3)
The toddler’s introduction to Heap Exploitation, House of Spirit(Part 4.4)
The toddler’s introduction to Heap Exploitation, House of Lore(Part 4.5)
Microsoft bug reports lead to ranking on Microsoft MSRC Quarterly Leaderboard (Q3 2022)
Other Amazing Things
The Billion Dollar Vulnerability Forcing a Major Fork On The Ethere…
LevelUpX – Series 14: Finding and Exploiting Hidden Functionality
179 – Client-Side Path Traversal and Hiding Your Entitlement(s)
Risky Biz News: Google Search and Ads have a major malware problem
Srsly Risky Biz: LockBit ripe for disruption, Russians throw kitchen sink at Ukraine
found a pre-auth xss 0day today that affects over 5M hosts on the internet lol
True greatness lies not in the attainment of knowledge, but in the eternal pursuit of it.
Firestore Security Testing Guide — Go Beyond *.firebaseio.com/.json
Setting up Playwright & VSCode for hacking headless browsers
Software Development Lifecycle (SDLC), DevSecOps, SAST, DAST And IAST Concepts
How I found 130+ Sub-domain Takeover vulnerabilities using Nuclei
Another major flaw this time in the TransUnion that allows bypassing security by Jenya Kushnir
DOMAIN ADMIN Compromise in 3 HOURS | by Ignatius Michael | bug bounty
From Error_Log File(P4) To Company Account Takeover(P1) and Unauthorized Actions On API
How I passed the AWS security specialty certification in 2023
How I identified and reported vulnerabilities in Oracle and the rewards of responsible…
How I found 40+ Directory Listing Vulnerabilities of Source Code Disclosure via Exposed WordPress
How I was able to hack into anyone’s account on an Institute Portal
Exploitation of CVE-2022–21500: Oracle E-Business Login Panel
Reflected XSS Leads to 3,000$ Bug Bounty Rewards from Microsoft Forms
How i was able to get critical bug on google by get full access on [Google Cloud BI Hackathon]
PimpMyBurp #7: How HaE Burp Suite extension can help you in your daily hunting session
Weaponised XSS Payloads – XSS payloads designed to turn alert(1) into P1.
CyberChef – A web app for encryption, encoding, compression and data analysis.
MagicRecon – A powerful shell script to maximize the recon and data collection process.
LeakLooker-X – Discover, browse and monitor database/source code leaks.
Creating your own tools to hunt bugs, a power often neglected
The best way to succeed in bounties and research is knowing the tech
You may also like
February 20, 2026
Intigriti Bug Bytes #233 - February 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: How a read-only Kubernetes permission turned into full cluster takeover AI agent autonomously finds a 1-click RCE Race condition in blockchain infrastructure worth billions Finding over 500 high-severity vul
January 16, 2026
Intigriti Bug Bytes #232 - January 2026 🚀
Welcome to the latest edition of Bug Bytes (and the first of 2026)! In this month’s issue, we’ll be featuring: Hijacking official AWS GitHub repositories New anonymous bug bounty forum Finding more IDORs & SSRFs using a unique methodology New JavaScript file scanner to find hidden endpoints
December 18, 2025
Intigriti Bug Bytes #231 - December 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: React2Shell scanner (with WAF bypasses) Identifying server origin IP to bypass popular WAFs CSRF exploitation cheat sheet Finding vulnerabilities in sign-ups And so much more! Let’s dive in! November’s In