Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the weeks from February 13th to February 19th
Intigriti News
From my notebook
This week we saw the release of the top 10 web hacking techniques for 2022 Something that jumped out at me is that they are either very technical and rely on you knowing a lot about how a piece of technology works, or very logical and require you to go through a lot of steps and break the flow. It’s cool to see OAuth take the top spot here, it’s always been a technology that a lot of developers implement but flows can be complex so it’s often insecure! Other articles for this week include some different perspectives on Bug Bounty hunting with a triager, program manager and bug hunter, some fun news and views from Critical Thinking and a list of missing CVEs in nuclei templates in case you’d like to contribute to the community.
- Top 10 web hacking techniques of 2022 by Portswigger!
- Weekly updated list of missing CVEs in nuclei templates official repository
- Confessions of a bug bounty program manager & Confessions of a top-ranked bug bounty hunter
- The View from the Other Side: A Security Analyst’s Perspective on Bug Bounty Triage
- Episode 7: PortSwigger Top 10, TruffleSecurity Drama, and More! (I also liked this one that I forgot to include last week! Episode 6: Mobile Hacking Attack Vectors with Teknogeek (Joel Margolis))
Other Amazing Things
- 188 – Rusty Kernel Bugs, mast1c0re, and OpenSSH
- Srsly Risky Biz: North Korean ransomware, Biden flags US privacy reform
- Synthetic voices, ChatGPT reflections, and social skirmishes
- Risky Business #695 — North Korea is ransomwaring hospitals, Russia to make “patriotic” hacking legal
- SN 910: Ascon – Malicious ChatGPT Use, Google Security Key Giveaway, OTPAuth
- 187 – Top 2022 Web Hacking Techniques and a Binance Bug
- NO. 369 | Reddit Hack, Deepfake Scams, Embracing Change…
- EP108 How to Hunt the Cloud: Lessons and Experiences from Years of Threat Hunting
- Why Do NFTs Disappear? [ML B-Side]
- Episode 362 – A lesson in Rust from Carol Nichols
