Bug Bytes #204 – Everything You Missed From NahamCon
By travisintigriti
June 21, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from June 12th to June 18th
Intigriti News
From my notebook
So this week and weekend saw the return of NahamCon and there were some great talks on the main programme and the villages on Saturday, the talks are still being uploaded so we’ll update you when they’re all available but here’s what’s been released so far…
#NahamCon2023: Bug Bounty Village | Free Workshops | !discord
Going Beyond Microsoft IIS Short File Name Disclosure – NahamCon 2023 Edition
Nahamcon [The Power of Shodan Leveraging Shodan for Critical Vulnerabilities]
How to do account takeover? Case study of 146 bug bounty reports
Autorize in 30 Seconds! (shorts)
Genymotion – Proxying Android App Traffic Through Burp Suite | Cameron Cartier
given up on random text files, all my notes are now in burp tab titles
I continually underestimate how beneficial it is to go for scope that others avoid.
Beginner
Intermediate
Advanced
Security Research
From Bug Bounty Hunter to Risk Analyst: My Cybersecurity Journey at Deloitte
Pentesting Xamarin Android apps: DLLs and root check bypass – hn security
can I speak to your manager? hacking root EPP servers to take control of zones
MOVEit Transfer CVE-2023-34362 Deep Dive and Indicators of Compromise
Pre-Authenticated RCE In VMware VRealize Network Insight CVE-2023-20887
Bugs
CTF challenges
Unveiling Trickest: My Secret Weapon for Automating the Bug Bounty Hunt
Capture Login Information from the Captive Portal with SEToolkit
GitHub – Anof-cyber/MobSecco: Clone Cordova application for bypassing security restrictions
Get a list of associated domains from a list of IPs with hakip2host!
Find leaked API Keys and Secrets using a single GitHub search query
This bypass by @Akamai *may* be useful when exploiting Windows-based SSRF vulnerabilities
trick to find hidden endpoints on web apps, start with Underscore (_)
You may also like
October 31, 2025
Intigriti Bug Bytes #229 - October 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Cool trick to find disclosed secrets in internal web extensions A repository full of WAF bypasses Hacking Intercom misconfigurations Wayback Machine for hackers And so much more! Let’s dive in! October’s
September 12, 2025
Intigriti Bug Bytes #228 - September 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: A common (yet unknown) SSRF attack vector in Next.js Middleware Exploiting PDF processors by generating and uploading malicious PDF payload files A full reconnaissance breakdown on how to approach any target
August 15, 2025
Intigriti Bug Bytes #227 - August 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Evading WAFs like Cloudflare, Akamai & AWS Cloudfront Creating your complete bug bounty automation system A powerful, targeted backup file scanner Bypassing CSP to achieve XSS via a cool trick with PDF file