Bug Bytes #208 – Burp gets an update, Sharefile gets a CVE and JavaScript files get analysed
By travisintigriti
July 19, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from July 10th – July 16th
Intigriti News
From my notebook
Introducing jswzl: In-depth JavaScript analysis for web security testers
Encrypted Doesn’t Mean Authenticated: ShareFile RCE (CVE-2023-24489)
Lessons Learned From HackerOne’s Live Hacking Event (h1-4420)!
Steganography for Audio: How to Hide Files in Music || Mr Robot
Portswigger Web Academy – Information Disclosure – Lab Walkthroughs
Quick ways to send traffic to your proxy to help troubleshoot (shorts)
This top bug bounty hunter only works with a single monitor (shorts)
Learning Bug Bounty with Disclosed Reports and Blogs! Where to go!
1M Bug Bounty From Saving $100M at risk in KyberSwap Elastic
HTB BizCTF 2023
NahamCon 2023
BSides Leeds 2023
Uncommon And Advanced Techniques For Account Takeover Attacks by Ayoub Safa
Five Days, One Red Team, A Beach Like No Other: The Bank Job by Alex Martin
Being Right Is Just The Beginning (A Talk Very Much Not About Politics) by Leigh Hal
The NSM Ouroboros: Embracing The Endless Cycle Of Network Security
SleuthCon
SLEUTHCON 2023 – Certified Bad: One malware, Two years of Certificates.
SLEUTHCON 2023 – Look at this Graph: Prioritizing Initial Access Threats
SLEUTHCON 2023 – Leakonomics: The Supply and Demand of Hacked Data
SLEUTHCON 2023 – My 0ktapus Teacher: New Actors, New Problems
SLEUTHCON 2023 – Unmasking Venom Spider: The Hunt for the Golden Chickens
SLEUTHCON 2023 – Hunting Prolific Access Broker PROPHET SPIDER
How I Rob Banks: A Journey into the World of Ethical Hacking with Freakyclown
AAAAAAAAAAAAAAA! You Overflowed My Integer! with George Hughey and Rohit Mothe
NO. 389 — The Creativity Friction Coefficient, Lockbit v TSMC, and Detecting Smart Errors
Beginner
Intermediate
Advanced
Security Research
Encrypted Doesn’t Mean Authenticated: ShareFile RCE (CVE-2023-24489)
Beyond the Marketing: Assessing Anti-Bot Platforms through a Hacker’s Lens
The Measure and Resilience of Weaponized Exploit Methods for Linux
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
Demo: Brute-forcing a macOS user’s real name from a browser using mDNS
Bee-yond Capacity: Unauthenticated RCE in Extreme Networks/Aerohive Wireless APs – CVE-2023-35803
Bugs
Unveiling Access Control Flaws: How a Viewer Became an Editor
How I Found a Bug under 3 mins , that could risk the reputation of an entire organisation !
Bug Bounty Hunter — When CORS is not Configured Correctly / JSONP Attack
Reverse shell to your Amazon AWS EC2 instance as ‘root’ or ‘Administrator’ by injecting user-data
CTF challenges
Introducing OSINT Template Engine: An open source OSINT Tool.
Mantra – A Tool Used To Hunt Down API Key Leaks In JS Files And Pages
IAMActionHunter: Query AWS IAM permission policies with ease
GitHub – ldpreload/BlackLotus: BlackLotus UEFI Windows Bootkit
detectify-cves – Find CVEs that don’t have a Detectify modules.
You may also like
December 18, 2025
Intigriti Bug Bytes #231 - December 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: React2Shell scanner (with WAF bypasses) Identifying server origin IP to bypass popular WAFs CSRF exploitation cheat sheet Finding vulnerabilities in sign-ups And so much more! Let’s dive in! November’s In
November 21, 2025
Intigriti Bug Bytes #230 - November 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Finding an RCE using AI in GitHub CORS exploitation cheat sheet Scanning codebases with AI Bypassing paywalls SSTIs in AI models And so much more! Let’s dive in! We are thrilled to announce that Inti
October 31, 2025
Intigriti Bug Bytes #229 - October 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Cool trick to find disclosed secrets in internal web extensions A repository full of WAF bypasses Hacking Intercom misconfigurations Wayback Machine for hackers And so much more! Let’s dive in! October’s