Bug Bytes #208 – Burp gets an update, Sharefile gets a CVE and JavaScript files get analysed
By travisintigriti
July 19, 2023
Last updated on March 6, 2025
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from July 10th – July 16th
Intigriti News
From my notebook
Introducing jswzl: In-depth JavaScript analysis for web security testers
Encrypted Doesn’t Mean Authenticated: ShareFile RCE (CVE-2023-24489)
Lessons Learned From HackerOne’s Live Hacking Event (h1-4420)!
Steganography for Audio: How to Hide Files in Music || Mr Robot
Portswigger Web Academy – Information Disclosure – Lab Walkthroughs
Quick ways to send traffic to your proxy to help troubleshoot (shorts)
This top bug bounty hunter only works with a single monitor (shorts)
Learning Bug Bounty with Disclosed Reports and Blogs! Where to go!
1M Bug Bounty From Saving $100M at risk in KyberSwap Elastic
HTB BizCTF 2023
NahamCon 2023
BSides Leeds 2023
Uncommon And Advanced Techniques For Account Takeover Attacks by Ayoub Safa
Five Days, One Red Team, A Beach Like No Other: The Bank Job by Alex Martin
Being Right Is Just The Beginning (A Talk Very Much Not About Politics) by Leigh Hal
The NSM Ouroboros: Embracing The Endless Cycle Of Network Security
SleuthCon
SLEUTHCON 2023 – Certified Bad: One malware, Two years of Certificates.
SLEUTHCON 2023 – Look at this Graph: Prioritizing Initial Access Threats
SLEUTHCON 2023 – Leakonomics: The Supply and Demand of Hacked Data
SLEUTHCON 2023 – My 0ktapus Teacher: New Actors, New Problems
SLEUTHCON 2023 – Unmasking Venom Spider: The Hunt for the Golden Chickens
SLEUTHCON 2023 – Hunting Prolific Access Broker PROPHET SPIDER
How I Rob Banks: A Journey into the World of Ethical Hacking with Freakyclown
AAAAAAAAAAAAAAA! You Overflowed My Integer! with George Hughey and Rohit Mothe
NO. 389 — The Creativity Friction Coefficient, Lockbit v TSMC, and Detecting Smart Errors
Beginner
Intermediate
Advanced
Security Research
Encrypted Doesn’t Mean Authenticated: ShareFile RCE (CVE-2023-24489)
Beyond the Marketing: Assessing Anti-Bot Platforms through a Hacker’s Lens
The Measure and Resilience of Weaponized Exploit Methods for Linux
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
Demo: Brute-forcing a macOS user’s real name from a browser using mDNS
Bee-yond Capacity: Unauthenticated RCE in Extreme Networks/Aerohive Wireless APs – CVE-2023-35803
Bugs
Unveiling Access Control Flaws: How a Viewer Became an Editor
How I Found a Bug under 3 mins , that could risk the reputation of an entire organisation !
Bug Bounty Hunter — When CORS is not Configured Correctly / JSONP Attack
Reverse shell to your Amazon AWS EC2 instance as ‘root’ or ‘Administrator’ by injecting user-data
CTF challenges
Introducing OSINT Template Engine: An open source OSINT Tool.
Mantra – A Tool Used To Hunt Down API Key Leaks In JS Files And Pages
IAMActionHunter: Query AWS IAM permission policies with ease
GitHub – ldpreload/BlackLotus: BlackLotus UEFI Windows Bootkit
detectify-cves – Find CVEs that don’t have a Detectify modules.
You may also like
April 24, 2026
Intigriti Bug Bytes #235 - April 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month's issue, we'll be featuring: Compromising an NPM package with 40M weekly downloads Bypassing Cloudflare WAF for a full ATO 20-part series on exploiting JWT vulnerabilities First Intigriti Bug Bounty Meetup And so much more! Let's dive
March 27, 2026
Intigriti Bug Bytes #234 - March 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Earning $180K via SSRFs Free Burp Suite Pro licenses for top hackers Bypassing tricky file upload restrictions Injecting malicious code into AI coding assistants And so much more! Let’s dive in! We've team
February 20, 2026
Intigriti Bug Bytes #233 - February 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: How a read-only Kubernetes permission turned into full cluster takeover AI agent autonomously finds a 1-click RCE Race condition in blockchain infrastructure worth billions Finding over 500 high-severity vul