By travisintigriti
May 17, 2023
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from May 8th to May 14th
Intigriti News
Familiar huh? Let us show you how you can exploit this XSS case
The intigriti YouTube channel has officially passed the 15k milestone!
From my notebook
AI Village at DEF CON announces largest-ever public Generative AI Red Team
Issue 219: Money Lover app exposes user data, most web API flaws missed by standard testing
Facebook’s TOP1 bounty hunter doesn’t bother reporting $4,000-$5,00 (shorts)
Browser in the browser attack (shorts)
Getting Started in Firmware Analysis & IoT Reverse Engineering
209 – Bad Ordering, Free OpenAI Credits, and Goodbye Passwords?
EP120 Building Secure Cloud and Building Security Products: Finding the Balance
Episode 374 – The event we called left-pad, Episode 77 remaster part 1
I did a few hours of bug bounty for a few nights last week to get a feel.
Never get too proud to go back to the basics and LEARN like a beginner again.
Beginner
Intermediate
Advanced
Security Research
Bugs
Unveiling the Untold Secrets: Unearthing the Holy Grail of Bug Bounties — How I Hacked EC2
Bypass SMS Authentication To Account Takeover (Indonesian)
Discovering a Hidden Security Loophole: Rent luxury Cars for a Single Dollar
Automating XSS Detection: How My Setup Earned Me a Few Spots in various Hall of Fames
How I bypassed the registration validation and logged-in with the company email
Hacking Chess.com: My Journey to Unlock Premium Bots on the Android App
CTF challenges
SpiderSuite – Advance Web Spider/Crawler For Cyber Security Professionals
Domain-Protect – OWASP Domain Protect – Prevent Subdomain Takeover
PwnFox – A Firefox/Burp Suite extension that provide usefull tools for your security audit.
View the recon data for every amass scan that you’ve ever done by using the db subcommand
Found an interesting #XSS where I inject the payload within the image file name and got the alert!.