Bug Bytes #208 – Burp gets an update, Sharefile gets a CVE and JavaScript files get analysed
By travisintigriti
July 19, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from July 10th – July 16th
Intigriti News
From my notebook
Introducing jswzl: In-depth JavaScript analysis for web security testers
Encrypted Doesn’t Mean Authenticated: ShareFile RCE (CVE-2023-24489)
Lessons Learned From HackerOne’s Live Hacking Event (h1-4420)!
Steganography for Audio: How to Hide Files in Music || Mr Robot
Portswigger Web Academy – Information Disclosure – Lab Walkthroughs
Quick ways to send traffic to your proxy to help troubleshoot (shorts)
This top bug bounty hunter only works with a single monitor (shorts)
Learning Bug Bounty with Disclosed Reports and Blogs! Where to go!
1M Bug Bounty From Saving $100M at risk in KyberSwap Elastic
HTB BizCTF 2023
NahamCon 2023
BSides Leeds 2023
Uncommon And Advanced Techniques For Account Takeover Attacks by Ayoub Safa
Five Days, One Red Team, A Beach Like No Other: The Bank Job by Alex Martin
Being Right Is Just The Beginning (A Talk Very Much Not About Politics) by Leigh Hal
The NSM Ouroboros: Embracing The Endless Cycle Of Network Security
SleuthCon
SLEUTHCON 2023 – Certified Bad: One malware, Two years of Certificates.
SLEUTHCON 2023 – Look at this Graph: Prioritizing Initial Access Threats
SLEUTHCON 2023 – Leakonomics: The Supply and Demand of Hacked Data
SLEUTHCON 2023 – My 0ktapus Teacher: New Actors, New Problems
SLEUTHCON 2023 – Unmasking Venom Spider: The Hunt for the Golden Chickens
SLEUTHCON 2023 – Hunting Prolific Access Broker PROPHET SPIDER
How I Rob Banks: A Journey into the World of Ethical Hacking with Freakyclown
AAAAAAAAAAAAAAA! You Overflowed My Integer! with George Hughey and Rohit Mothe
NO. 389 — The Creativity Friction Coefficient, Lockbit v TSMC, and Detecting Smart Errors
Beginner
Intermediate
Advanced
Security Research
Encrypted Doesn’t Mean Authenticated: ShareFile RCE (CVE-2023-24489)
Beyond the Marketing: Assessing Anti-Bot Platforms through a Hacker’s Lens
The Measure and Resilience of Weaponized Exploit Methods for Linux
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
Demo: Brute-forcing a macOS user’s real name from a browser using mDNS
Bee-yond Capacity: Unauthenticated RCE in Extreme Networks/Aerohive Wireless APs – CVE-2023-35803
Bugs
Unveiling Access Control Flaws: How a Viewer Became an Editor
How I Found a Bug under 3 mins , that could risk the reputation of an entire organisation !
Bug Bounty Hunter — When CORS is not Configured Correctly / JSONP Attack
Reverse shell to your Amazon AWS EC2 instance as ‘root’ or ‘Administrator’ by injecting user-data
CTF challenges
Introducing OSINT Template Engine: An open source OSINT Tool.
Mantra – A Tool Used To Hunt Down API Key Leaks In JS Files And Pages
IAMActionHunter: Query AWS IAM permission policies with ease
GitHub – ldpreload/BlackLotus: BlackLotus UEFI Windows Bootkit
detectify-cves – Find CVEs that don’t have a Detectify modules.
You may also like
February 20, 2026
Intigriti Bug Bytes #233 - February 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: How a read-only Kubernetes permission turned into full cluster takeover AI agent autonomously finds a 1-click RCE Race condition in blockchain infrastructure worth billions Finding over 500 high-severity vul
January 16, 2026
Intigriti Bug Bytes #232 - January 2026 🚀
Welcome to the latest edition of Bug Bytes (and the first of 2026)! In this month’s issue, we’ll be featuring: Hijacking official AWS GitHub repositories New anonymous bug bounty forum Finding more IDORs & SSRFs using a unique methodology New JavaScript file scanner to find hidden endpoints
December 18, 2025
Intigriti Bug Bytes #231 - December 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: React2Shell scanner (with WAF bypasses) Identifying server origin IP to bypass popular WAFs CSRF exploitation cheat sheet Finding vulnerabilities in sign-ups And so much more! Let’s dive in! November’s In