Intigriti Bug Bytes #221 - February 2025 š
By Intigriti
February 14, 2025
Hey hackers,
Each month, we round-up insights, platform updates, new programs, upcoming community events and more to help you master your hacking skills.Ā
Check out Februaryās edit below:
BlueSky
Weāve landed on BlueSky,Ā followĀ us to access the latest programme updates, challenges, blogs, event news, hacking tips and more!
Win an Intigriti Hoodie
Can you spot where the developer made a mistake? š
Comment onĀ this postĀ for a chance to win anĀ Intigriti hoodie. Competition closes on 17th February. The winner will be selected and contacted on 18th February ā best of luck š
Vulnerable code snippet
Blogs and Videos
Exploiting PDF file generators for bug bounty hunters!
Exploiting PDF generators: A complete guide to finding SSRF vulnerabilities in PDF generators Featured Image
PDF file generators are used by several of your targets, but do you also test forĀ theseĀ vulnerability types commonly present in PDF generators?
Do you know how to generate a custom wordlist to find untouched assets, files and directories? Explore our latestĀ articleĀ to learn more!Ā
Are you aware ofĀ theseĀ 7 reconnaissance techniques that most bug bounty hunters donāt try?Ā
Open URL redirect vulnerabilities don't have to be reported as low-severity bugs. Read ourĀ articleĀ on exploiting and escalating open URL redirect vulnerabilities!Ā
Hidden parameters are often untested and can lead to vulnerabilities. Are you aware ofĀ thisĀ trick in Burp Suite to reveal hidden parameters in your browser? Ā
Tools and Resources
Tools
DOM Invador
DOM Invador web extension
Check outĀ DOM Invador, a web extension that simplifies identifying and exploiting DOM-based vulnerabilities!
Azure DevOps Services support!Ā is a CI/CD often used by enterprise targets. Check for Azure DevOps instances to enhance your initial finding!Ā
Explore @black2fanāsĀ research on content typesĀ that can lead to several vulnerabilities such as CSRF & XSS!Ā
Monitoring JavaScript files can help you stay on top of the latest changes to your target!Ā Jsmon by @robreĀ is a tool to help monitor your targetās JavaScript files!Ā
Check outĀ CeWL by @digininja, a quick tool that crawls your target and tokenizes responses to help you generate custom wordlists!
Resources
Top 10 web hacking techniques of 2024
Top 10 web hacking techniques of 2024
TheĀ top 10 web hacking techniquesĀ of 2024 by Port Swigger Research are now available!
@zhero___ writes how he discoveredĀ cache poisoning vulnerabilitiesĀ in Next.JS, a widely used React framework, and got CVE-2024-46982Ā assigned!Ā
@travisgoodspeed documents how he discovered aĀ remote code execution vulnerabilityĀ in a... Yamaha piano!Ā
Have you just started your bug bounty journey? Check outĀ @zseanoās methodology, a perfect guide for beginners to help find their first bug!Ā
2-FA vulnerabilities are often considered impactful vulnerabilities! Hereās aĀ checklistĀ to help you bypass insecure 2-factor authentication implementations!Ā
Events
BSides Galway,Ā 22nd February, 08:30am ā 18:00 (local time). Swing by our booth, meet Mark from the Intigriti team and grab some swag š
BSides Limburg,Ā 14th March 2025, 09:00 ā 16:00 (local time). Our founder, Stijn is the keynote speaker! HeadĀ hereĀ for tickets and more information on Stijn's talk.
BSides Limburg
Preview further events we will be attending this yearĀ hereĀ š
Behind the Skiās
We wrapped up January with our annual kick-off, bringing the entire team together in one place with three key objectives: reflect, inspire and connect.Ā
Over two days, we explored our 2025 strategy and celebrated new company values to ensure we continue to build a world class bug bounty platform.Ā
After looking up to the future, we had to bring the balance by sliding (and tumbling) down the slopes... š« Ā
After recovering from the hype of the kick-off event weāre energized and inspired ready to hit the ground running for the year ahead!Ā
Watch the kick-off event highlights videoĀ hereĀ šŗĀ
Kick-off event
Spread the word!
Please be encouraged toĀ share our newsletterĀ with fellow ethical hackers.
Feedback and Suggestions
If you have feedback or suggestions to help us build and grow, we want to hear from you! Pop a note over toĀ support@intigriti.comĀ and weāll take it from there!
Meme
Wishing you a bountiful month ahead,Ā
Keep on rocking!
You may also like
December 18, 2025
Intigriti Bug Bytes #231 - December 2025 š
Welcome to the latest edition of Bug Bytes! In this monthās issue,Ā weāllĀ be featuring:Ā React2Shell scanner (with WAF bypasses) Identifying server origin IP to bypass popular WAFs CSRF exploitation cheat sheet Finding vulnerabilities in sign-ups Ā Ā And so much more!Ā LetāsĀ dive in! Novemberās In
November 21, 2025
Intigriti Bug Bytes #230 - November 2025 š
Welcome to the latest edition of Bug Bytes! In this monthās issue,Ā weāllĀ be featuring:Ā Finding an RCE using AI in GitHubĀ CORS exploitation cheat sheetĀ Scanning codebases with AIĀ Bypassing paywallsĀ SSTIs in AI models Ā Ā And so much more!Ā LetāsĀ dive in! We are thrilled to announce that Inti
October 31, 2025
Intigriti Bug Bytes #229 - October 2025 š
Welcome to the latest edition of Bug Bytes!Ā In this monthās issue, weāll be featuring:Ā Cool trick to find disclosed secrets in internal web extensions A repository full of WAF bypasses Hacking Intercom misconfigurations Wayback Machine for hackers And so much more! Letās dive in! OctoberāsĀ