Bug Bytes #207 - IIS, LLMs and iOS
By travisintigriti
July 12, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from July 3rd – July 9th
Intigriti News
From my notebook
Demystifying Cybersecurity CTF’s – LIVE “You Hack Too” Tutorial
Portswigger Web Academy – OS Command Injection – Lab Walkthroughs
EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why
Risky Biz News: $922 million worth of crypto stolen in H1 2023
Danny ‘Rand0h’ Akacki discusses his love for streaming and community
Ankita Dhakar: Revolutionizing Bug Bounty Platforms with AI Integration
Beginner
Intermediate
An In-Depth Look at PEN-300 and OSEP: Succeeding in the Offensive Security Path
IDN Homograph Attack and Response Manipulation – The Rarest Case
Web3 Security Roadmap, How to become a Smart contract auditor
Bug Bounty Hunter — Let’s look at the CSTI attack method from every angle
Mastering Google Dorking: Expanding Scope, Reconnaissance, and Resources – RiSec
Advanced
Extending Burp Suite for fun and profit – The Montoya way – Part 1 – hn security
Game Hacking 101: Unleashing the Power of Memory Manipulation
Demystifying PyInstaller — A Journey into Decompiling Python Executables
Unveiling the Power of Binary Exploitation: Mastering Stack-Based Overflow Techniques
Backdooring ClickOnce .NET for Initial Access: A Practical Example
Security Research
Technical Details of CVE-2023-30990 – Unauthenticated RCE in IBM i DDM Service
Vulnerability Detection Using Attack Surface Management: Criminal IP ASM Use Case (1)
Clop Ransomware and MoveIT CVE: Ransomware: History, Timeline, And Adversary Simulation – FourCore
Actively Exploited Industrial Control Systems Hardware – SolarView Series – Blog – VulnCheck
StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability
Cloud Defense in Depth: Lessons from the Kinsing Malware – Sysdig
Windows Installer arbitrary content manipulation Elevation of Privilege (CVE-2020-0911)
The five-day job: A BlackByte ransomware intrusion case study | Microsoft Security Blog
The JSON Data Downfall: Discussing the overlooked aspects of JSON Data Amplification Attacks
Bugs
Unveiling a Unique Bug: The Quest for Website Vulnerabilities
How To Apply For The Medium.com Bug Bounty Program — You Might Win Even 1,000 Dollars Or More Even
How BAC(Broken Access Control) got me a Pre Account Takeover
Account Takeover (ATO) via Manipulation of the Change Password Funcionality
How i got my First CVE (CVE-2022–48150) on Self XSS to Reflected XSS
How I found my first P1 vulnerability by bypassing Adobe dispatcher
Unveiling a Bug: Paying $1 and Receiving $100 (or Any Amount) in Return
Found +15 XSS Via Citrix gateway latest CVE , Dup’s of (CVE-2023–24488)
Exploring the Sneaky World of Race Condition Vulnerabilities
Exploring Eclipse IDE Attack Vectors: Unveiling Google Cloud Tools Plugin Vulnerabilities
Taking Entire server control Part 2 of How I Earned $2500 in 5 Minutes
CTF challenges
GitHub – introvertmac/EasyScan: Light-weight web security scanner
Introducing httpXplorer: Simplifying httpX URL Management and Analysis
JS-Scan A .js scanner, built in PHP, designed to scrape urls and other info.
Certificate Search – Get informations about SSL certificates
CloudJack – Route53/CloudFront Vulnerability assessment utility.
You may also like
March 27, 2026
Intigriti Bug Bytes #234 - March 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Earning $180K via SSRFs Free Burp Suite Pro licenses for top hackers Bypassing tricky file upload restrictions Injecting malicious code into AI coding assistants And so much more! Let’s dive in! We've team
February 20, 2026
Intigriti Bug Bytes #233 - February 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: How a read-only Kubernetes permission turned into full cluster takeover AI agent autonomously finds a 1-click RCE Race condition in blockchain infrastructure worth billions Finding over 500 high-severity vul
January 16, 2026
Intigriti Bug Bytes #232 - January 2026 🚀
Welcome to the latest edition of Bug Bytes (and the first of 2026)! In this month’s issue, we’ll be featuring: Hijacking official AWS GitHub repositories New anonymous bug bounty forum Finding more IDORs & SSRFs using a unique methodology New JavaScript file scanner to find hidden endpoints