2/26/21
Couple hours of hunting for auth bugs
2/27/21
Family Time
2/28/21
2 hrs of poking before bed and found a cool oracle bug to access secret data
Submitted as a crit, but waiting for triage to agree
3/1/21
1 hr of hunting for nothing
3/2/21
6 hrs of hunting for a single little auth bug
https://infosecwriteups.com/grafana-admin-panel-bypass-in-google-acquisition-virustotal-c5ecc9d7b8ae
3/3/21
Triage disagreed vehemently with my oracle bug :(
Spend the morning reading all kinds of entropy documents to try and learn more about it.
Then company reopened, so its just going to be one of ‘those’ tickets
https://orwaatyat.medium.com/your-full-map-to-github-recon-and-leaks-exposure-860c37ca2c82
3/4/21
3 hrs hunting and lots of time scripting for work
Weekly Wrap up
Got just under $2k in payouts this week for Business Logic/Auth bugs, things are starting to slow down with this app.
I did reach out to the team and asked if they would give me a premium version of the app to play with, and they did!
Already got in some great bugs on fresh app, looking forward to them paying out :)
Finally at 10% of the goal
