Responsible Disclosure

Bug Bounty Findings

Security vulnerabilities responsibly disclosed to major technology companies through their bug bounty programs. Detailed technical write-ups are available in the Member Zone.

6+
Total Findings
4
Companies Reported To
3
High/Critical
100%
Acknowledged
GitHub · 2024 High

Data Exposure

Identified a security flaw allowing unauthorised access to sensitive repository data, reported to GitHub Security.

Data ExposureAccess ControlGitHub
Acknowledged Full write-up in Member Zone
Atlassian · 2023 High

Security Flaw

Reported a critical security vulnerability in Atlassian's platform affecting access to sensitive project data.

AtlassianJiraAccess Control
Acknowledged Full write-up in Member Zone
Microsoft · 2023 High

Account Takeover

Identified an account takeover vector in Microsoft's authentication flow, reported through Microsoft MSRC.

MicrosoftATOAuthentication
Acknowledged Full write-up in Member Zone
GitHub · 2024 Medium

Access Control Bypass

Discovered a bypass mechanism in GitHub Copilot's access controls, enabling unauthorised feature access.

Access ControlGitHub CopilotBypass
Acknowledged Full write-up in Member Zone
GitHub · 2024 Medium

Business Logic Flaw

Found a business logic vulnerability allowing bypassing of Copilot subscription pricing controls.

Business LogicPricing BypassGitHub Copilot
Acknowledged Full write-up in Member Zone
Wiz · 2024 Medium

Security Finding

Discovered a security issue in Wiz's cloud security platform, responsibly disclosed to their security team.

Cloud SecurityWizResponsible Disclosure
Acknowledged Full write-up in Member Zone

Access Full Write-Ups

Detailed technical write-ups, proof-of-concept code, and remediation guidance are available exclusively in the Member Zone.

Access Member Zone