Bug Bytes #198 – Hackers go to RSA/BSides and CPanel gets pwned
By travisintigriti
May 3, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from April 24th to April 30th
Intigriti News
From my notebook
It was RSA and BSides San Francisco this week, but that didn’t stop some amazing research coming out of AssetNote, a fun LLM backdoor and hackers live in SF to chat about making content!
Other Amazing Things
How to set up an Android Penetration Testing Lab from scratch
Snapchat paid a hacker $15,000! (shorts)
A Conversation with Cybersecurity Community OG and EH-net Founder
CodeQL query to detect RCE via ZipSlip – $5,500 bounty from GitHub
Writing a CodeQL query – the sink (shorts)
What is CodeQL bug bounty program? (shorts)
Want to become a Bug Bounty Hunter? (shorts)
Five resources to learn hacking, pentesting or get started (shorts)
Leaking Secret Data with a Heap Overflow – “Leek” Pwn Challenge
The CEO who also ran IT, Strava strife, and TikTok tall tales
Risky Business #703 — Russia whines about its tech dependence on China
SN 920: An End-to-End Encryption Proposal – Wipe those routers, Lockdown Mode, ChatGPT black market
EP118 RSA 2023 – How to Protect Your Organization from Cyberattacks in a Time of Political Turmoil
Vulnerability Capstone — TryHackme Room Simple Writeup | 2023
HTTP parameter pollution : Bug bounties [Server-Side ; Client-Side]
Secure Your Docker Compose Web App: A Comprehensive Guide for Penetration Testers
Understanding the Shell Shock Vulnerability: A Comprehensive Guide | 2023
(Reverse) shell to your Azure VM as ‘Local System’ user or ‘root’ user
Python Penetration Testing: Connecting multiple SQL Databases to gather Juicy data
How I Chained an Information Disclosure Bug with SQL Injection
How improper OTP implementation could lead to Account Take Over (Part1)
Client Side Desync Attack (CL.0 Request Smuggling) — Bounty of $150
Azure security — Internal recon leveraging lack of access control
Break the Logic: Playing with product ratings on a shopping site(600$)
GitHarvest3r — Simple CVE github exploit gathering tool written in python.
hardCIDR – Linux Bash Script To Discover The Netblocks, Or Ranges, Owned By The Target Organization
Sh4D0Wup – Signing-key Abuse And Update Exploitation Framework
reset password attack checklist, IDOR Checklist and adminpanal Bypass checklist
found this Stanford course for web security; with exam papers, assignments, labs & everything
One way to save and display ffuf results as a nice table using the Linux command “column”
Need to bypass the JWT signature? Kid param injection + directory traversal = signature bypass
You may also like
February 20, 2026
Intigriti Bug Bytes #233 - February 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: How a read-only Kubernetes permission turned into full cluster takeover AI agent autonomously finds a 1-click RCE Race condition in blockchain infrastructure worth billions Finding over 500 high-severity vul
January 16, 2026
Intigriti Bug Bytes #232 - January 2026 🚀
Welcome to the latest edition of Bug Bytes (and the first of 2026)! In this month’s issue, we’ll be featuring: Hijacking official AWS GitHub repositories New anonymous bug bounty forum Finding more IDORs & SSRFs using a unique methodology New JavaScript file scanner to find hidden endpoints
December 18, 2025
Intigriti Bug Bytes #231 - December 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: React2Shell scanner (with WAF bypasses) Identifying server origin IP to bypass popular WAFs CSRF exploitation cheat sheet Finding vulnerabilities in sign-ups And so much more! Let’s dive in! November’s In