By travisintigriti
November 2, 2022
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from October 23rd until October 30th.
Intigriti News
Our hacker portraits from this quarter, congratulations to @jfoolish_22, @roysolberg and @0xtavi (bonus 0xConda’s hacker portrait arrived!)
From my notebook
We round up 1337up0822 with The Paranoids, check this video out to see everything you missed from Antwerp in August! – Shameless Intigriti promotion but this video is great to show off the energy in Antwerp when Inigriti and The Paranoids brought together the best hackers worldwide to hack, hang out and also see the Belgian GP!
Minecraft:HACKED – This LiveOverflow series has really got me back into Minecraft oops but it’s a great intro to game hacking and more generally what used to be called “creative use of game mechanics.”
Playing on the LiveOverflow Minecraft Hacking Server – Hacking and followed up with a write up of some of the challenges from the videos!
Registrations Open for IWCON2022 Version 2.0 — the Online International Cybersecurity Conference
Root cause analysis of 100+ DeFi Hacks (shared by @payloadartist, original by Sun and XREX security team) – Great resource if you are interested in DeFi hacking
What functionalities are most often vulnerable to SSRFs? Case study & Exploiting SSRF Using Export PDF
Other Amazing Things
NullCon Cybersecurity Interview With Madhu Akula, Creator of Kubernetes GOAT
Install Kali Linux 2022 on Raspberry Pi 4 B (Under 3 Minutes)
Episode 346 – Security and working from home have terrible things in common
EP93 CISO Walks Into the Cloud: Frustrations, Successes, Lessons … And Is My Data Secure?
Indicators of Compromise (noun) [Word Notes]Indicators of Compromise (noun) [Word Notes]
161 – XMPP Stanza Smuggling in Jabber and a Cobalt Strike RCE
Android Pentesting 101 — Part 1 & Android Pentesting 101 — Part 2
Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 2) — StackZero
Write-up: HTTP request smuggling, basic CL.TE vulnerability @ PortSwigger Academy
Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 2) — StackZero
Hacked Tathva ’22 Biggest Techno-Management Fest in South India
How I Found Three Credentials Leak on One Google Dork on Bugcrowd
5000$ for Apple Stored Xss And Another Blind Xss Still under review
How i was able to get free money via sending negative tokens
Walkthrough of Exploiting CVE-2022–42889 (Text4Shell/ACT4Shell)
githack – A .git/ folder disclosure exploit (pudsec’s recommendation)
Dastardly, from Burp Suite – A lightweight web application security scanner for your CI/CD pipeline
The Best Vulnerability Disclosure Programs (Less Competitive Bounties)
Some of the Best Search Engines used by Hackers/Security Researchers/Bug Bounty Hunters in 2022
Chain AutoRepeater and Taborator to Automate SSRF Findings @bsysop via bugcrowd
Your email address can contain much more than you expect! @WonderU360 via Intigriti
Httpx can do directory fuzzing on all domains with one simple argument! @yeswehack