Bug Bytes #215 – Hackers in Lisbon, AI bug bounty and is this the end?
By travisintigriti
October 25, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from October 15th to October 22nd
Intigriti News
Attention Belgium! Join us at our Open Port event on 2nd November!
My friend just finished his first year in CS and made his very first calculator in PHP!
Lots of happy faces at @IntelSecurity’s #KnightsOfElektron live hacking event
Here are 3 ways to find hidden parameters on your bug bounty target
From my notebook
IS THIS THE END? – STÖK says good bye to bug bounty content creation and I’m sure you’ll all join us in wishing him well
Why Governments Love to Buy the Bugs in Your Favorite Apps🎙Darknet Diaries Ep. 98: Zero Day Brokers – The dark side of bug bounty hunting?
The Circle of Unfixable Security Issues – Why don’t we fix everything?
$0 👉🏼 $1,000/Month With Bug Bounties – If NahamSec talks about his approach to bug hunting
Microsoft’s AI Bug Bounty Program: A Step Forward in AI Security – Microsoft starts a new AI bug bounty program
Two casinos hacked, one paid the ransom, one didn’t. Who was right?!
AI and hacking – opportunities and threats – Joseph “rez0” Thacker
Hacktivism Erupts in Response to Israel-Hamas Conflict & more
InfoSec Pat discusses Content Creation and Cybersecurity Careers
BlueHat Oct 23 Day 1 Keynote: John Lambert
SN 944: Abusing HTTP/2 Rapid Reset – Passkeys, ValiDrive follow-up, 2FA apps, pre-release Spinrite
Beginner
How I Ethically Hacked a WordPress Site in 10 Minutes Using WPScan
Mastering WordPress Penetration Testing: A Step-by-Step Guide
Stored XSS – Simple Download Monitor 3.9.19 (WordPress Plugin)
File Shared < 1.6.48 (WordPress Plugin) — Sensitive Data Exposure Mysql version, enviroment, ++;
Broken Object Level Authorization Vs. Broken Functionality Level Authorization | API Hacking
Intermediate
Security Research
[Crypto] SSL/TLS, part 2: Toy TLS 1.2 client with TLS_DHE_RSA ciphersuites support.
Microsoft Account’s OAuth tokens leaking via open redirect in Harvest App”
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability
Persistent cross-site scripting vulnerabilities in Liferay Portal
The single-packet attack: making remote race-conditions ‘local’
Getting RCE in Chrome with incomplete object initialization in the Maglev compiler
Synology NAS DSM Account Takeover: When Random is not Secure
Bugs
CTF challenges
You may also like
November 21, 2025
Intigriti Bug Bytes #230 - November 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Finding an RCE using AI in GitHub CORS exploitation cheat sheet Scanning codebases with AI Bypassing paywalls SSTIs in AI models And so much more! Let’s dive in! We are thrilled to announce that Inti
October 31, 2025
Intigriti Bug Bytes #229 - October 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Cool trick to find disclosed secrets in internal web extensions A repository full of WAF bypasses Hacking Intercom misconfigurations Wayback Machine for hackers And so much more! Let’s dive in! October’s
September 12, 2025
Intigriti Bug Bytes #228 - September 2025 🚀
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: A common (yet unknown) SSRF attack vector in Next.js Middleware Exploiting PDF processors by generating and uploading malicious PDF payload files A full reconnaissance breakdown on how to approach any target