Bug Bytes #200 – AI Red Teaming, Firmware and Reverse Engineering, Prompt Injection Defence
By travisintigriti
May 17, 2023
Last updated on March 6, 2025
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from May 8th to May 14th
Intigriti News
Familiar huh? Let us show you how you can exploit this XSS case
The intigriti YouTube channel has officially passed the 15k milestone!
From my notebook
AI Village at DEF CON announces largest-ever public Generative AI Red Team
Issue 219: Money Lover app exposes user data, most web API flaws missed by standard testing
Facebook’s TOP1 bounty hunter doesn’t bother reporting $4,000-$5,00 (shorts)
Browser in the browser attack (shorts)
Getting Started in Firmware Analysis & IoT Reverse Engineering
209 – Bad Ordering, Free OpenAI Credits, and Goodbye Passwords?
EP120 Building Secure Cloud and Building Security Products: Finding the Balance
Episode 374 – The event we called left-pad, Episode 77 remaster part 1
I did a few hours of bug bounty for a few nights last week to get a feel.
Never get too proud to go back to the basics and LEARN like a beginner again.
Beginner
Intermediate
Advanced
Security Research
Bugs
Unveiling the Untold Secrets: Unearthing the Holy Grail of Bug Bounties — How I Hacked EC2
Bypass SMS Authentication To Account Takeover (Indonesian)
Discovering a Hidden Security Loophole: Rent luxury Cars for a Single Dollar
Automating XSS Detection: How My Setup Earned Me a Few Spots in various Hall of Fames
How I bypassed the registration validation and logged-in with the company email
Hacking Chess.com: My Journey to Unlock Premium Bots on the Android App
CTF challenges
SpiderSuite – Advance Web Spider/Crawler For Cyber Security Professionals
Domain-Protect – OWASP Domain Protect – Prevent Subdomain Takeover
PwnFox – A Firefox/Burp Suite extension that provide usefull tools for your security audit.
View the recon data for every amass scan that you’ve ever done by using the db subcommand
Found an interesting #XSS where I inject the payload within the image file name and got the alert!.
You may also like
April 24, 2026
Intigriti Bug Bytes #235 - April 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring: Compromising an NPM package with 40M weekly downloads Bypassing Cloudflare WAF for a full ATO 20-part series on exploiting JWT vulnerabilities First Intigriti Bug Bounty Meetup And so much more! Let's dive
March 27, 2026
Intigriti Bug Bytes #234 - March 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Earning $180K via SSRFs Free Burp Suite Pro licenses for top hackers Bypassing tricky file upload restrictions Injecting malicious code into AI coding assistants And so much more! Let’s dive in! We've team
February 20, 2026
Intigriti Bug Bytes #233 - February 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: How a read-only Kubernetes permission turned into full cluster takeover AI agent autonomously finds a 1-click RCE Race condition in blockchain infrastructure worth billions Finding over 500 high-severity vul