Perks of being a Bug Bounty Hunter: Found a bug in GitHub, got it accepted, and now I have GitHub Pro for FREE… FOREVER.

Beautiful scenes on @Bugcrowd. #bugbounty #bugcrowd

Authentication Bypass via forgot password 18 days in triage is never a good sign though. #bugbounty

Today I found a promising CORS misconfiguration that should have leaked PII! Here’s a critical detail that’s often missed. For successful exploitation, the ‘SameSite’ attribute on the cookie must be set to ‘Lax’ or ‘None’. In this case it was set to ‘Strict’🛡️ #BugBounty #CORS

My first paid bug on Bugcrowd was an Authentication Bypass. I will definitely push a write up after I’m done with my research! :)

Of course, why would I work for free ¯\_(ツ)_/¯