By travisintigriti
November 30, 2022
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from November 14th until November 27th.
Intigriti News
The Visma #1337up1122 Live Hacking Event has ended! With 784 submissions and over €190,000 paid out!
From my notebook
This week’s top 5 theme is about learning new skills. I think this is something that all hackers will relate to, in this field you are always reading articles, watching videos, etc and looking for new tools, techniques and that’s probably why you’re reading this blog post. But more important than just consuming new information is to reflect on what you’ve learned, organise it in your head and turn it into useful information. One of the best ways I’ve found to do that and actually improve my own learning has been by creating content, so today that’s what I’m sharing 5 pieces of content from folks who are learning and sharing.
Other Amazing Things
These companies ran an experiment: Pay workers their full salary to work fewer days
EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?
169 – Racing Grafana, Stealing Mastadon Passwords, and Cross-Site Tracing
Internet vs Reality of Working as a Cloud Security Architect!
Corben hacked a phone company this year, here’s how he did it
Naffy starts a conversation about scope and serious vulnerabilities
Explaining vulnerabilities : OS command injection {Bug bounties}
P1 Bug Hunting — Exploiting Common WordPress Vulnerabilities
Explaining vulnerabilities : Template Injections (Server-Side) {Bug bounties}
Failed to invalidate session after password change -[Insufficient session Expiration].
Html File Upload Lead to A.T.O in Indonesian Government Site
Hacking Dutch Government-Broken Authentication To Full Website Takeover (P1)
[Hacking Bank] The Second Story of Finding Critical Vulnerabilities on Banking Application
Bug Bounty Tips and Getting Persistence With Electron Applications
Remediation Archeology — Finding and Decoding an Ancient XSS
Header spoofing via a hidden parameter in Facebook Batch GraphQL APIs
related-domains – Find related domains of a given domain using Whoxy API.
csprecon – Discover new target domains using Content Security Policy
google-search – Performs searches on Google and display the resulting URLs, as simple as that!
Octopii – An AI-powered Personal Identifiable Information (PII) Scanner