Bug Bytes #198 – Hackers go to RSA/BSides and CPanel gets pwned
By travisintigriti
May 3, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from April 24th to April 30th
Intigriti News
From my notebook
It was RSA and BSides San Francisco this week, but that didn’t stop some amazing research coming out of AssetNote, a fun LLM backdoor and hackers live in SF to chat about making content!
Other Amazing Things
How to set up an Android Penetration Testing Lab from scratch
Snapchat paid a hacker $15,000! (shorts)
A Conversation with Cybersecurity Community OG and EH-net Founder
CodeQL query to detect RCE via ZipSlip – $5,500 bounty from GitHub
Writing a CodeQL query – the sink (shorts)
What is CodeQL bug bounty program? (shorts)
Want to become a Bug Bounty Hunter? (shorts)
Five resources to learn hacking, pentesting or get started (shorts)
Leaking Secret Data with a Heap Overflow – “Leek” Pwn Challenge
The CEO who also ran IT, Strava strife, and TikTok tall tales
Risky Business #703 — Russia whines about its tech dependence on China
SN 920: An End-to-End Encryption Proposal – Wipe those routers, Lockdown Mode, ChatGPT black market
EP118 RSA 2023 – How to Protect Your Organization from Cyberattacks in a Time of Political Turmoil
Vulnerability Capstone — TryHackme Room Simple Writeup | 2023
HTTP parameter pollution : Bug bounties [Server-Side ; Client-Side]
Secure Your Docker Compose Web App: A Comprehensive Guide for Penetration Testers
Understanding the Shell Shock Vulnerability: A Comprehensive Guide | 2023
(Reverse) shell to your Azure VM as ‘Local System’ user or ‘root’ user
Python Penetration Testing: Connecting multiple SQL Databases to gather Juicy data
How I Chained an Information Disclosure Bug with SQL Injection
How improper OTP implementation could lead to Account Take Over (Part1)
Client Side Desync Attack (CL.0 Request Smuggling) — Bounty of $150
Azure security — Internal recon leveraging lack of access control
Break the Logic: Playing with product ratings on a shopping site(600$)
GitHarvest3r — Simple CVE github exploit gathering tool written in python.
hardCIDR – Linux Bash Script To Discover The Netblocks, Or Ranges, Owned By The Target Organization
Sh4D0Wup – Signing-key Abuse And Update Exploitation Framework
reset password attack checklist, IDOR Checklist and adminpanal Bypass checklist
found this Stanford course for web security; with exam papers, assignments, labs & everything
One way to save and display ffuf results as a nice table using the Linux command “column”
Need to bypass the JWT signature? Kid param injection + directory traversal = signature bypass
You may also like
December 18, 2025
Intigriti Bug Bytes #231 - December 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: React2Shell scanner (with WAF bypasses) Identifying server origin IP to bypass popular WAFs CSRF exploitation cheat sheet Finding vulnerabilities in sign-ups And so much more! Let’s dive in! November’s In
November 21, 2025
Intigriti Bug Bytes #230 - November 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Finding an RCE using AI in GitHub CORS exploitation cheat sheet Scanning codebases with AI Bypassing paywalls SSTIs in AI models And so much more! Let’s dive in! We are thrilled to announce that Inti
October 31, 2025
Intigriti Bug Bytes #229 - October 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Cool trick to find disclosed secrets in internal web extensions A repository full of WAF bypasses Hacking Intercom misconfigurations Wayback Machine for hackers And so much more! Let’s dive in! October’s