Bug Bytes #209 – The only graphQL wordlist you need, ML bug hunting and VDP submissions
By travisintigriti
August 23, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from August 14th – August 20th
Intigriti News
From my notebook
graphql-wordlist – The only graphql wordlists you’ll ever need.
Google Online Security Blog: AI-Powered Fuzzing: Breaking the Bug Hunting Barrier
DEFCON 31
Risky Biz News: PowerShell’s official package repo is a supply chain mess
NO. 394 — Vegas Recap, CISA MS Alert, China/US AI Fight, Deceased Kid AI, Following vs. Leading
EP134 How to Prioritize UX and Security in the Cloud: UX as a Security Capability
Beginner
Intermediate
Advanced
Security Research
SQL injection in Apache Airflow MySQL provider (CVE-2023–22884) — PoC + exploit
Podman API service listening on TCP can be used from websites
LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab
Third-Party GitHub Actions: Effects of an Opt-Out Permission Model
A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS: Synology DS920+ Edition
Creating Fully Undetectable JavaScript Payloads to Evade Next-Generation Firewalls
NetModule Router Software Race Condition Leads to Remote Code Execution – Pentest Blog
A phishing attempt on Steam that became a Qrljacking research
emptynebuli/StealthBunny: Gadget IoC removal from HAK5’s BashBunny
Bugs
CTF challenges
Xsubfind3R – A CLI Utility To Find Domain’S Known Subdomains From Curated Passive Online Sources
HackBot – A Simple Cli Chatbot Having Llama2 As Its Backend Chat AI
Redeye – A Tool Intended To Help You Manage Your Data During A Pentest Operation
InfoHound – An OSINT To Extract A Large Amount Of Data Given A Web Domain Name
You may also like
March 27, 2026
Intigriti Bug Bytes #234 - March 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Earning $180K via SSRFs Free Burp Suite Pro licenses for top hackers Bypassing tricky file upload restrictions Injecting malicious code into AI coding assistants And so much more! Let’s dive in! We've team
February 20, 2026
Intigriti Bug Bytes #233 - February 2026 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: How a read-only Kubernetes permission turned into full cluster takeover AI agent autonomously finds a 1-click RCE Race condition in blockchain infrastructure worth billions Finding over 500 high-severity vul
January 16, 2026
Intigriti Bug Bytes #232 - January 2026 🚀
Welcome to the latest edition of Bug Bytes (and the first of 2026)! In this month’s issue, we’ll be featuring: Hijacking official AWS GitHub repositories New anonymous bug bounty forum Finding more IDORs & SSRFs using a unique methodology New JavaScript file scanner to find hidden endpoints