Welcome to the first Bug Bytes of 2025! Each month, we team up with bug bounty experts to bring you insights, platform updates, new programs, and upcoming community events—all to help you find more bugs!

Altera, an Intel company, has officially opened its public bug bounty program on our platform!  
 
Ready to put your skills to the test and get rewarded for vulnerabilities found? Start hunting today. 

Start Hunting on Altera!

CryptoCat has uploaded all former challenges across our CTF series (22 – 24) to our GitHub, check these out here.

Intigriti's January Challenge by Godson is live! Pop an alert here by 17th January for a chance to win €400 in SWAG prizes!

Blogs and Videos

Testing JavaScript Files for Bug Bounty Hunters!

JavaScript files are goldmines for bug bounty hunters like you! They can help you find all sorts of vulnerabilities, from hard-coded secrets to hidden API endpoints and even DOM-based vulnerabilities! If you want to dive deeper into JS files, we’ve recently made an article just for you! Read Testing JavaScript files for bug bounty hunters on our blog!

• Wonder how PRO hunters keep finding and exploiting blind XSS vulnerabilities? We’ve shared an entire methodology, from server setup to finding your first blind XSS vulnerability!

• Insecure file uploads can introduce various critical vulnerabilities, including RCE! Make sure you try out these 7 techniques whenever you’re testing file upload functions on your target!

• Are you trying any of these 5 recon techniques that most hunters forget about? If not, we highly recommend you do! And while you’re on Twitter/X, try to drop us a follow! We share new bug bounty tips and resources (almost daily) to help you find more vulnerabilities!

Tools

GitLab Subdomains

Finding subdomains using GitLab search? @gwendallecoguic made an open-source tool to help you find even more subdomains!

• Want to find more DOM-based vulnerabilities? Check Untrusted Types by @filedescriptor, an open-source web extension to help you easily track arbitrary input originating from DOM sources and directly inserted in DOM sinks!

• This tool by @pdiscoveryio allows you to quickly combine the results of 10s of APIs such as Shodan, Censys, Hunter, Fofa, etc to help you discover more hosts!

• PortSwigger recently published a new interactive URL validator cheat sheet that can help you bypass flawed URL validations to help you exploit SSRF vulnerabilities for example!

Resources

Starting Your Bug Bounty Journey in 2025?

Are you starting your bug bounty journey in 2025? Let us help you out a bit - check out this quick guide on tips for bug bounty beginners!

• Imagine you received a new Discord message, opened it and got malicious code executed on your machine... This is how @S1r1u5_ found a remote code execution in Discord for $5000!

• In case you aren’t aware, @albinowax shared his DEFCON talk “Listen to the Whispers: Web Timing Attacks that Actually Work”!

• Need an extensive SQL injection cheat sheet for bug bounty hunting and pentesting in general? Check out @0xTib3rius’ SQL Injection cheat sheet, it provides payloads for the 5 most popular databases such as MySQL, PostgreSQL, Oracle, etc.!

• Learn from the hacker legends themselves! @ArchAngelDDay shares how he became the most valuable hacker!

• @lukejahnke shared an interesting way to still send POST requests without a content type request header to help exploit certain CSRF vulnerabilities!

2024 was a milestone year for us at Intigriti and we couldn’t resist creating our very own 2024 wrapped to reflect this – check out the numbers below 👇

Want the break-down of these numbers? Head to our accompanying blog to read more 👀

Back in December we kicked off the holiday season with our end of year parties for both our UK & Belgium offices.

In the UK, the team enjoyed a drinks reception and some virtual clay pigeon shooting (no pigeons were harmed in the making of this event 😉)

Meanwhile over in Belgium our team enjoyed some festive team building exercises (courtesy of Escape the Box) followed by a team dinner to kick off the holiday’s!

Our researchers are at the core of everything we do. If you have feedback or suggestions to help us build and grow, we want to hear from you!  

Pop a note over to [email protected] and we’ll take it from there!

As we step into the promise of a new year, January can often be a time to reflect and set goals. 

Intigriti is no exception to the rule - we’ve set big goals to ensure we continue to deliver a leading bug bounty platform for all. 

Whatever your ethical hacking goals, we’re looking forward to supporting you every step of the way. 

Wishing you a ‘bounty-full' start to the year ahead and become the researcher you always wished,