Bug Bytes #176 – Deepfake dangers, @rhynorater’s SSRF magic, recon techniques everyone misses & more!

By Anna Hammond

October 5, 2022

Welcome back everyone to Bug Bytes, the weekly newsletter curated by members of the Bug Bounty community! 

As you may have read in the last issue the previous author of Bug Bytes, Mariem / PentesterLand, left Intigriti and the torch of Bug Bytes to whomever would take it up. 

Every week she kept us all up to date with comprehensive list of write-ups, tools, tutorials and resources, some big boots to fill! 

We can now announce that this torch and boots will be filled by InsiderPhD.

This issue covers the weeks from September 26th until October 1st.


Introduction to InsiderPhD

Hello, my name is Katie aka InsiderPhD, you may know me from my YouTube videos on getting started in Bug Bounty or through my talks on API hacking. I’m also a lecturer at a university in cyber security. I was a huge fan of Bug Bytes from back before it was on Intigriti, so it feels like a big role for me to fill. Hopefully I can add my own flair onto your usual newsletter expectations. I’m still figuring this out so please do tag me on blogs or videos you’d like me to see and give me some feedback on how I could improve things.

Intigriti News

From my notebook

This week, open-source security has really been on my radar, thanks to an article in the New Yorker about how the internet keeps to time. Open source is neat like that it’s like the bass in music, you know when it’s missing but otherwise it’s in the background. For bug hunting this is really interesting because behind every app there’s a slew of open-source projects keeping it together, and these are often full of vulnerabilities, especially if they are out of date. So, I’ve included some recent open-source security links as well as some links from the archive on open-source security and code review.

What’s on your radar this week? What kind of vulnerabilities are you reading about?

Other Amazing Things

You may also like