Bug Bytes #192 – Post-recon blues, a lesson in Rust and fuzzing open source
By travisintigriti
February 15, 2023
Last updated on March 6, 2025
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from February 6th to February 12th
Intigriti News
Ubisoft join us with their VDP why not take a look and skill up your game hacking?
From my notebook
Hi everyone! I’m back! I took 2 weeks off while I adjusted to the new semester here. inthe UK, but we’re back so let’s check out this week’s top 5…
CyberSecurity Journey With @HarshBothra | Hacker2Hacker | SSRF
Solving a VM-based CTF challenge without solving it properly
Other Amazing Things
$1mln – Generating ETH from thin air – Aurora rainbow bridge
Why you should try bug bounty hunting with application analysis!
@PatrickAlphaC Web3 Education, Auditing and Advice for New Engineers in Web3
Announcing Nuclei Cloud – SaaS platform built on the top of Nuclei – @emgeekboy
Hey fam, What are some of the best shodan resources you all have seen? – @Jhaddix
Bypassing SameSite=lax cookie restrictions to preform CSRF resulting to a horizontal privilege
Blind Time-based SQL injection vulnerability in an Indian government website
SSRF That Allowed Us to Access Whole Infra Web Services and Many More
How I Was Able to Takeover User Accounts via CSRF on an E-Commerce Website
The truth behind the 3rd argument for exploiting the Webexservice
Finding Treasures in Github and Exploiting AWS for Fun and Profit — Part 1
Does it really helps? Partially redacting account numbers contained in the credit report.
SSRF in redacted.com: How I Found and Reported a Vulnerability
Firefly: a smart black-box fuzzer for web applications testing
S3BucketList – Firefox plugin that lists Amazon S3 Buckets found in requests.
You may also like
June 26, 2026
Intigriti Bug Bytes #237 - June 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we are featuring: A 10-year-old pre-auth RCE in phpBB Earning $500K hacking Google with AI Reading any Salesforce Marketing Cloud account's emails New DOMPurify sanitizer bypass Mapping abandoned S3 buckets to redo SolarWinds at
May 30, 2026
Intigriti Bug Bytes #236 - May 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring: Earning $148K via RCE in Google Cloud How public Google API keys became Gemini credentials Our first official Burp Suite extension Two new bypasses for Chrome's Sanitizer API One-click account takeover from a
April 24, 2026
Intigriti Bug Bytes #235 - April 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring: Compromising an NPM package with 40M weekly downloads Bypassing Cloudflare WAF for a full ATO 20-part series on exploiting JWT vulnerabilities First Intigriti Bug Bounty Meetup And so much more! Let's dive