Responsible Disclosure

Security Research Program

Through our responsible disclosure program, we identify and report security vulnerabilities to major technology companies. Our research helps strengthen the security ecosystem while demonstrating our offensive security capabilities.

6+
Total Findings
4
Companies Reported To
3
High/Critical
100%
Acknowledged
GitHub · 2024 High

Data Exposure

Identified a security flaw allowing unauthorised access to sensitive repository data, reported to GitHub Security.

Data ExposureAccess ControlGitHub
Acknowledged Full write-up in Member Zone
Atlassian · 2023 High

Security Flaw

Reported a critical security vulnerability in Atlassian's platform affecting access to sensitive project data.

AtlassianJiraAccess Control
Acknowledged Full write-up in Member Zone
Microsoft · 2023 High

Account Takeover

Identified an account takeover vector in Microsoft's authentication flow, reported through Microsoft MSRC.

MicrosoftATOAuthentication
Acknowledged Full write-up in Member Zone
GitHub · 2024 Medium

Access Control Bypass

Discovered a bypass mechanism in GitHub Copilot's access controls, enabling unauthorised feature access.

Access ControlGitHub CopilotBypass
Acknowledged Full write-up in Member Zone
GitHub · 2024 Medium

Business Logic Flaw

Found a business logic vulnerability allowing bypassing of Copilot subscription pricing controls.

Business LogicPricing BypassGitHub Copilot
Acknowledged Full write-up in Member Zone
Wiz · 2024 Medium

Security Finding

Discovered a security issue in Wiz's cloud security platform, responsibly disclosed to their security team.

Cloud SecurityWizResponsible Disclosure
Acknowledged Full write-up in Member Zone

Access Full Write-Ups

Detailed technical write-ups, proof-of-concept code, and remediation guidance are available exclusively in the Member Zone.

Access Member Zone