Bug Bytes #209 – The only graphQL wordlist you need, ML bug hunting and VDP submissions

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

This issue covers the week from August 14th – August 20th

Intigriti News

• Our August Challenge

• inQL GraphQL testing tip!

• XXE Automation Tools

From my notebook

• Episode 32: The Great Write-up Low-down

• graphql-wordlist – The only graphql wordlists you’ll ever need.

• Episode 388 – Video game vulnerabilities

• Google Online Security Blog: AI-Powered Fuzzing: Breaking the Bug Hunting Barrier

• Weaponizing ML models for red teams and bounty hunters

• How to get started in cybersecurity: HTB Academy – Episode #1, Episode #2, Episode #3

• Not All ZIP Files Are Equal

• Spoof Your Computer

• The Discovery of Zenbleed ft. Tavis Ormandy

• Hacking the Police

• Tracing Automations in HackTheBox Mailroom [Beyond Root]

• 2023 Roadmap To Your First Cybersecurity Job

• The Great Anonymous Scam

• DetectDee

• Bug Bounty: What is VDP and Why submit FREE BUGS?!

• DEFCON 31

  • DEF CON 31 Recon Village Interview (shorts), Red Team Village Interview (shorts), Car Hacking Village Interview, Hack the Box Interview, Voting Village Interview

  • DEF CON 31 Apple TV Spoof – video team (shorts)

  • Crashing AI at the AI Village | DEF CON 31

  • Hack in a Box at Hack The Box | DEF CON 31

  • Hacking the Badge at Hardware Hacking Village | DEF CON 31

  • the Password Cracking Village | DEF CON 31

  • Behind the Scenes at QM | DEF CON 31

• A Conversation about Hack Red Con with Dan and Ken

• Risky Biz News: PowerShell’s official package repo is a supply chain mess

• AI versus AI.

• AI chat wars, and hacker passwords exposed

• NO. 394 — Vegas Recap, CISA MS Alert, China/US AI Fight, Deceased Kid AI, Following vs. Leading

• SN 935: “Topics” Arrives – Firefox multi-account containers, DuckDuckGo email alias, satellite crowding

• EP134 How to Prioritize UX and Security in the Cloud: UX as a Security Capability

• Beginner

  • My top 5 bookmarks that I consistently use for bug bounty and penetration testing.

  • Exploring Burp Suite’s Features: A Detailed Overview

  • How i escalate P5 to P3

  • How to Get Unique Subdomains on Large scope

  • Web Scraping Made Easy in 10 Minutes

  • Reconnaissance Strategy and Techniques

  • AppSec Tales XVI | File Inclusion

  • Primer on HTTP Security Headers

• Intermediate

  • Reversing WordPress CVEs: Baby Steps

  • Bypassing XSS Filters: Techniques and Solutions

  • Security Automation 101

  • AppSec Tales XVII | SSRF

  • Bug Hunting on Autopilot, Free VPS Setup

  • Unlocking the Secrets of Network Security: Advanced Nmap Commands for Effective Penetration Testing

  • Defending AWS Assets through Email alerts.

  • Mastering the Realm of GraphQL Exploitation

  • Types of RCE in Brief: Exploring Remote Code Execution Vulnerabilities — 7| 2023

• Advanced

  • iOS Pentesting Series Part 3- The Ceasefire

  • NoSQL Injection Redis

  • The Overflowing Cookie Jar: A Fun Tech Adventure

  • Unveiling Vulnerabilities: Host-header injection in OAuth Functionality

  • Journey into Windows Kernel Exploitation: The Basics

• Security Research

  • Injecting backdoor into ML model

  • CVE-2023–32315 — Path Traversal in Openfire leads to RCE

  • SQL injection in Apache Airflow MySQL provider (CVE-2023–22884) — PoC + exploit

  • Podman API service listening on TCP can be used from websites

  • The Shellcode Compiler Was Right There All Along… (Part 1)

  • LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab

  • Third-Party GitHub Actions: Effects of an Opt-Out Permission Model

  • SAP Security: Vulnerability Analysis By RedRays

  • LLM Security Series: Nuts and Bolts

  • A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS: Synology DS920+ Edition

  • Creating Fully Undetectable JavaScript Payloads to Evade Next-Generation Firewalls

  • NetModule Router Software Race Condition Leads to Remote Code Execution – Pentest Blog

  • A phishing attempt on Steam that became a Qrljacking research

  • emptynebuli/StealthBunny: Gadget IoC removal from HAK5’s BashBunny

  • Istio outboundTrafficPolicy Egress Control Bypass

• Bugs

  • Hijacking Broken Links for $$$

  • The Ticket Hack: Free travel by hacking the Chennai Metro Rail.

  • My first Bounty Worth $$$$

  • Escaping Input Sanitization By Using Bulk Import Features

  • Change Any User Data on NFT Marketplace crosea.io

  • An IDOR leads join any group makes me $2,500

  • Findings in Swiggy’s Codebase: Memory Leak and Google Maps API Key Exposure.

  • SQLi – US Gov Datadump

  • Endpoint Allows for Multiple Account Creation

  • Exploit in /mellon/logout?ReturnTo= : 50$~200$

  • Reflected XSS At U.S. Government

  • My first Bug finding in Apple website

  • Stored XSS Filter Bypass in the Skills section

  • How i earned my first 1000$ in Bug Bounty

  • Easy 500$ Bug

  • Exposed .git to bitbucket account owner’s all repository access!

  • A Journey Close to RCE in Nokia

  • Critical XSS Vulnerability in Workflowy

• CTF challenges

  • Lab: SQL injection vulnerability allowing login bypass — 2 | 2023

  • HTB: Mailroom

  • Keeper Writeup — HackTheBox — By Amdjed Zerrougui

  • Templates TryHackMe Write-Up

• VEnum — Subdomain Enumeration Tool

• Commix — Command Injection Exploiter

• Intern Showcase: Anonymizing Logs Made Easy with LogLicker

• Xsubfind3R – A CLI Utility To Find Domain’S Known Subdomains From Curated Passive Online Sources

• HackBot – A Simple Cli Chatbot Having Llama2 As Its Backend Chat AI

• Redeye – A Tool Intended To Help You Manage Your Data During A Pentest Operation

• InfoHound – An OSINT To Extract A Large Amount Of Data Given A Web Domain Name