HunterSuite, Bug Bounties, ZOOM and me


~ 4 minute read
Crafted : 4 months ago Updated : 4 months ago
Tags: #bug-bounty #bugbounty #zoom #huntersuite #life

Hello, luvs, I don't have any technical writeup for some reasons first, some of my reported issues are still unresolved, or their NDA doesn't allow me to disclose details. Next, the past months of my life have been so crazy. Late graduation (because I went to college late), IELTS exam, Individual security assessments, crazy COVID-19 situation and lockdowns, and so on... This post is more like my diary for the past months so pardon me if it's not well organized.

Besides i'm spending all my free time on HunterSuite .

 

Table of contents

Playing on bug bounty platforms 

Things I loved

Things I hated

1-Day Exploit and WebSec challenges 

Conclusion

 

Playing on bug bounty platforms 

I have been doing this for so many years but not on bug bounty platforms, so I joined. HackerOne and BugCrowd.

I worked on Netflix, Bitdefender, Razer, ZOOM, NordVPN, and found and report vulnerability on every single target I've worked on, which makes me so proud. The total worth of vulnerabilities I've discovered in farily short preoid of time pass ~$8k in case you are crious. 

Well, to not give you false hope and information, I've discovered the vulnerabilities on them because I used to work as a penetration tester before bug bounty world. If you are a beginner, I highly suggest you start here and then here.  I also used HunterSuite to automate a lot of parts, and it's not advertising but a fact <3. 


Things I loved

Accessibility: you have so many options to choose from, and it's growing very fast. I solely choose my target based on one single factor.

Love: Do i enjoy using your product? Honestly, that's how I choose my targets. These platforms allowed me to work with tech giants I love efficiently and effectively. 

Credit: when you have successfully found vulnerabilities on biggest names out there, it helps your credibility and resumes a lot 


Things I hated

not really, i don't really hate anything just a title 

Wretched triage

Some triage teams are incredibly awkward, which made me think about what's really wrong with them?  But I also thought about another side of the monitor. There is a problem called "bounty fishing."  amount triages. "Bounty Fishing" means a lot of unskilled researchers try to fool the triage team with some "uninterpreted" scanners' results and even fake data. Being an amateur is not a problem, but this is a scam attempt, which is worse than an unprofessional triage. 

This issue is just "very small" percentage of triage teams, but still was annoying; there are way more awesome people and programs.

Duplicates

For example, Razer paid $1.5k for the critical I've reported, but because it was a duplicate, I got $0, It sucks, and I believe these platforms or newer platforms to come will have better solutions. But for now, it is what it is. 


finally, financial reward part, honestly, I don't want to work on a billion-dollar company for free it doesn't make sense, but as long I'm treated well and paid reasonability I don't really mind, I can enjoy my time spent. 


1-Day Exploit and WebSec challenges 

I also created a PoC for an exciting 1-day exploit. (more than half a million devices affected and the issue is of-course patched)  have done all 138 WebSec academy challenges. (it was very fun and I learned cool stuff)  


The story of ZOOM vulnerability from N/A to high

As their NDA does not allow vulnerability disclosure and issue is still open, I can't give more detail besides the story. 

 

  • Apr 3rd (about 1 month ago)
  • Issue reported using HackerOne
  • Apr 4th (30 days ago)
  • The issue marked as duplicate also closed as N/A. I was furious at HackerOne triage not because of a duplicate of course because I provided a working PoC and video which demonstrate the vulnerability. I was thinking about disclosing the issue because people always deserve the truth. 
  • Apr 4th (30 days ago)
  • I asked if that's the case. I believe people should know about it, and they can judge. 
  • Apr 8th (26 days ago)
  • ZOOM security re-open the issue and confirms this is not a duplicate of the issue closed as N/A and ask for more information? o_O
  • Apr 8th (26 days ago)
  • I spam their inbox with reasons and facts about the issue.  (sorry <3)
  • Apr 16th (17 days ago)
  • The issue triaged marked as high sensitivity. 
  • Apr 29th (5 days ago)
  • A bounty paid.


The moral part of the story? Communication. Even though I got upset about the initial decision, I did not act harshly. I tried to reason with them, and they took it nicely, so I believe ZOOM security is working so hard to keep up with their security.  

Thank you ZOOM and HackerOne <3


Conclusion


I'm doing fine despite sad pandemic and lockdowns. Working with @j3ssie (who eventually kills me with his perfectionism ) almost every day on HunterSuite, Receiving phone calls and, the limited visits I get from my loved ones keep me alive and motivated. I'm also looking for doing a computer science master in the upcoming months. 

That's it for now.

Stay safe, stay sane, and stay home as much as you can.

<3 0xsha

Assist me:
Buy Me a Coffee at ko-fi.com