Bug Bytes #206 – Citrix more like Crit-trix amiright?
By travisintigriti
July 5, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from June 26th – July 2nd.
Intigriti News
From my notebook
Reversing Citrix Gateway for XSS and Advisory: Citrix Gateway Open Redirect and XSS (CVE-2023-24488) – You’ve likely already seen this as it’s hit social media over the weekend but just in case you missed it!
Scale Your Cloud Infrastructure (Hosting CTFs) – Really interesting look to what goes into running a CTF event!
The Power of Bug Bounty Automation with Nenad Zaric – The founder of Trickest talks about workflows, recon and data for bug bounty hunters!
Episode 25: 2xMVH & Multi-million dollar hacker Inhibitor181 – There’s some great strategy/how to approach a target information in this episode with Inhibitor181, definitely a must listen!
Testing GraphQL APIs | Web Security Academy – Portswigger add some GraphQL labs to their free Web Security Academy
Road to Most Valuable Hacker and working while travelling the world
How Hackers Use netsh.exe For Persistence & Code Execution (Sliver C2)
The most common vulnerabilities found in Bug Bounty! (shorts)
MOVEit Transfer Exploitation (my API presentation recording)
The Evolution of Offensive Security: Insights from Dave Mayer
Rachel Giacobozzi on the Art of Threat Intelligence Storytelling
NO. 388 — Context Reflections, Critical Thinking, China’s Decline, and NFC
Email From Bounty Program About (New Target Added) 4-5 min later => P1 for a Auth Bypass….
I got lucky and won the first place in Meta Bug Bounty Researcher Conference
The best time to start bug bounty was 10 years ago. The second best time is now.
I made a simple but super efficient tool to create these kinds of permutations used for fuzzing.
Beginner
Intermediate
Bug Bounty Hunter — Understanding SAML vulnerabilities (XSW Attacks)
Setup an Android Pen Testing Lab with Frida-Tools, Objection, Frida Server, and Bypass SSL Pinning
How improper OTP implementation could lead to Account Take Over (Part 4)
Unmasking Server IPs Protected by WAF: Unveiling Hidden Information with CloudBunny
Advanced
Security Research
Hacking Auto-GPT and escaping its docker container | Positive Security
Finding Gadgets for CPU Side-Channels with Static Analysis Tools
CVE-2023-26258 – Remote Code Execution in ArcServe UDP Backup – MDSec
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
Using an Unimpressive Bug in EDK II to Do Some Fun Exploitation
zCamera, 100M+ installation app, from remote compromise to data leaks
Bugs
How i got more than 100 vulnerabilities in just one site? (zseano-challenge)
How i was able to get Account Takeover via Insecure Data Storage and WebView With Exported Activity
Inside the Invite Function: Uncovering a Potential Vulnerability of Invite User
How I get 1000$ bounty for Discovering Account Takeover in Android Application
Unveiling Hidden Treasures: How I Earned my First Information Disclosure Bounty Reward
How BAC(Broken Access Control) got me a Pre Account Takeover
[ BUG BOUNTY ] How I Get 2580$ USD From Blind SQL Injection [Indonesian]
Account Takeover: Unraveling IDOR + Stored XSS Flaws in an NFT Marketplace
My first two valid and rewarded Web Cache Deceptions, earning $2250
CTF challenges
GitHub – AdvDebug/NoMoreCookies: Browser Protector against various stealers, written in C# & C/C++.
Artemis – A Modular Web Reconnaissance Tool And Vulnerability Scanner
You may also like
November 21, 2025
Intigriti Bug Bytes #230 - November 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Finding an RCE using AI in GitHub CORS exploitation cheat sheet Scanning codebases with AI Bypassing paywalls SSTIs in AI models And so much more! Let’s dive in! We are thrilled to announce that Inti
October 31, 2025
Intigriti Bug Bytes #229 - October 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Cool trick to find disclosed secrets in internal web extensions A repository full of WAF bypasses Hacking Intercom misconfigurations Wayback Machine for hackers And so much more! Let’s dive in! October’s
September 12, 2025
Intigriti Bug Bytes #228 - September 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: A common (yet unknown) SSRF attack vector in Next.js Middleware Exploiting PDF processors by generating and uploading malicious PDF payload files A full reconnaissance breakdown on how to approach any target