Bug Bytes #198 – Hackers go to RSA/BSides and CPanel gets pwned
By travisintigriti
May 3, 2023
Last updated on March 6, 2025
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from April 24th to April 30th
Intigriti News
From my notebook
It was RSA and BSides San Francisco this week, but that didn’t stop some amazing research coming out of AssetNote, a fun LLM backdoor and hackers live in SF to chat about making content!
Other Amazing Things
How to set up an Android Penetration Testing Lab from scratch
Snapchat paid a hacker $15,000! (shorts)
A Conversation with Cybersecurity Community OG and EH-net Founder
CodeQL query to detect RCE via ZipSlip – $5,500 bounty from GitHub
Writing a CodeQL query – the sink (shorts)
What is CodeQL bug bounty program? (shorts)
Want to become a Bug Bounty Hunter? (shorts)
Five resources to learn hacking, pentesting or get started (shorts)
Leaking Secret Data with a Heap Overflow – “Leek” Pwn Challenge
The CEO who also ran IT, Strava strife, and TikTok tall tales
Risky Business #703 — Russia whines about its tech dependence on China
SN 920: An End-to-End Encryption Proposal – Wipe those routers, Lockdown Mode, ChatGPT black market
EP118 RSA 2023 – How to Protect Your Organization from Cyberattacks in a Time of Political Turmoil
Vulnerability Capstone — TryHackme Room Simple Writeup | 2023
HTTP parameter pollution : Bug bounties [Server-Side ; Client-Side]
Secure Your Docker Compose Web App: A Comprehensive Guide for Penetration Testers
Understanding the Shell Shock Vulnerability: A Comprehensive Guide | 2023
(Reverse) shell to your Azure VM as ‘Local System’ user or ‘root’ user
Python Penetration Testing: Connecting multiple SQL Databases to gather Juicy data
How I Chained an Information Disclosure Bug with SQL Injection
How improper OTP implementation could lead to Account Take Over (Part1)
Client Side Desync Attack (CL.0 Request Smuggling) — Bounty of $150
Azure security — Internal recon leveraging lack of access control
Break the Logic: Playing with product ratings on a shopping site(600$)
GitHarvest3r — Simple CVE github exploit gathering tool written in python.
hardCIDR – Linux Bash Script To Discover The Netblocks, Or Ranges, Owned By The Target Organization
Sh4D0Wup – Signing-key Abuse And Update Exploitation Framework
reset password attack checklist, IDOR Checklist and adminpanal Bypass checklist
found this Stanford course for web security; with exam papers, assignments, labs & everything
One way to save and display ffuf results as a nice table using the Linux command “column”
Need to bypass the JWT signature? Kid param injection + directory traversal = signature bypass
You may also like
April 24, 2026
Intigriti Bug Bytes #235 - April 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring: Compromising an NPM package with 40M weekly downloads Bypassing Cloudflare WAF for a full ATO 20-part series on exploiting JWT vulnerabilities First Intigriti Bug Bounty Meetup And so much more! Let's dive
March 27, 2026
Intigriti Bug Bytes #234 - March 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Earning $180K via SSRFs Free Burp Suite Pro licenses for top hackers Bypassing tricky file upload restrictions Injecting malicious code into AI coding assistants And so much more! Let’s dive in! We've team
February 20, 2026
Intigriti Bug Bytes #233 - February 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: How a read-only Kubernetes permission turned into full cluster takeover AI agent autonomously finds a 1-click RCE Race condition in blockchain infrastructure worth billions Finding over 500 high-severity vul