Michael Skelton

3 events, 3 days, over $3m paid and a new bug bash industry record. If you’re not hacking on @Bugcrowd you’re missing out on the best events the industry has to offer. Love our crowd. You are all so incredible.

@hakluke Agree... though margins are so thin for farmers, and most people don't like to pay what it costs a larger grower to allow them to sell with the losses they incur without herbicide, unfortunately

Yeah that’s a good shout - our local markets are actually good for sourcing stuff. It’s just a pain in the ass, I don’t need another full time job. Worth it though. I just wish organic, locally grown, in season food without harmful packaging was the norm rather than something you have to seek out.

My wife just spent days figuring out how we can source all of our food organic, without BPA, without pesticides, without PFAS, without heavy metals, without microplastics... Why is this so hard? Why is it so normal to include poison in food and food containers? It's insane!

@hakluke Depending how particular you are with chemicals, also be sure to ask properties if they participate in the Woolworths/Coles scrap system. They provide free vegetables by the trailer load for properties to compost/use, but does mean there's going to be trace chemicals that way

@hakluke If you want to grow yourself, you can source more natural fertilizer via horse properties using the same method. Chickens also work well, provided you compost coop straw to give it time to rest before using it. You can also trade the eggs for vegetables easily.

@bev_ben @hakluke Nice as the idea is, in execution it’s very hard to get enough diversity and calories off the land to fully sustain without outside sources

@hakluke How about starting farm for yourself and family?

How do you get into cyber? Need to bridge the gap from no experience to jr? Today we are releasing three modules for FREE from our course “Hacking Your Career”! These modules cover my favorite training resources across every domain: Blue, Purple, and Red additionally organized by cost tier: free, cheap, and expensive. Each recommendation made the cut because it actually builds skill, and most include certifications you can add to your resume! executiveoffense.beehiiv.com/p/free-modules…

@PhilippeDelteil @Bugcrowd There’s a process called aged submissions that should re-surface these to the customer on a regular basis. It doesn’t look like it trig'd here (since priv comments aren’t showing on the timeline). I’ve raised it to confirm why and to see if we can get this addressed for you now

Sad! 7 months, still no bounty @Bugcrowd

@TheContractorio @Bugcrowd @SAP Not quite following all the specifics here, but if you can send me a sub id ill dig I’ll have someone take another look at this later today for you

@public___void I've passed this to the rep for this customer now, they will reach out on your behalf

Hi @codingo_ Sorry to bring this here. While my submission [e4790432-20d7-4952-8f17-d07f903580e2] has been stalled for 26 days, with 7 days of silence since Customer resolved the blocker, the program's own data shows P1s - P4s are handled within (24h ~ 96h). Evidence attached.

@Matshi_M @Mr_white_arts @nischalxdp @Bugcrowd @Hacker0x01 No, not at all! Was completely unrelated

@codingo_ @Mr_white_arts @nischalxdp @Bugcrowd @Hacker0x01 I'm hoping this isn't related to my comments? I must have missed something. Anyway thanks for taking time to engage in here @codingo_ and happy father's day to you. Have a good one

@Mr_white_arts @Hacker0x01 I recommend going back to `9a25e17c-7e8a-40b8-afe6-7d59ceca4324` from three years ago, the two issues are the same and I explained it in more detail to you there.. That same lesson applies also on this newer submission

@Mr_white_arts @Hacker0x01 A good takeaway for your reporting is to always try to answer the question "as a hacker I could", in this case, you can demonstrate a cname is present, but not host content, or impact users or the customer negatively. If you believe otherwise, host an md5 of your username

Hi @codingo_ LOL, they closed my subdomain takeover bug as N/A in the in-scope domain. I have submitted detailed PoC . If I submit it to @Hacker0x01 , they will either triaged it or ask for more information. Bugcrowd also lacks knowledge of subdomain takeover issue .

@Mr_white_arts @Hacker0x01 Nota proof of concept, and that service doesn't appear vulnerable to takeover. A CNAME alone doesn't represent a bug, if the service it's tied to doesn't allow for re-deployment. In either case, this is also VDP, so wouldn't have an impact (positively, or negativly) to you

@codingo_ @Hacker0x01 3e16744e-2a32-48f6-891f-d27de9f3c08e // just tell me, is it good to directly close this type of bug as N/A? If you are unable to see the impact or reproduce it, just ask for more information.

@community_bug @AliHassanKhan_ @Bugcrowd @davegerryjr That's the one - these route only to managers/principles, as a soft appeal process. We're about to rollout an improvement to make them better (more soon), but is also the best approach if you want to question an outcome for now

@AliHassanKhan_ @Bugcrowd @codingo_ @davegerryjr this?

Feels like @Bugcrowd @codingo_ @davegerryjr only cares about top hunters or those with big profiles. As a new hunter, getting a Not applicable with no feedback is demotivating. Even gave proper details and was still asked for “impact” on a known CVE. How are we supposed to grow?

@nischalxdp @Bugcrowd These have been re-routed to a principle ASE, feel free to reach out if not sorted in a few hours, but underway now