milestones

Got acknowledgement from NCIIPC

This was one of my first achievement. After learning few bug types, I started to hunt on our Indian government official sites and I found a Local File Inclusion vulnerability, NCIIPC aka National Nodal Agency for Critical Information Infrastructure Protection acknowledge this issue and deployed a fix.

Email screenshot Fri, 4 Jun 2021

Got acknowledgement and swag from Dutch National Cyber Security Centre (Government)

In June I started to hunt on Dutch (Netherlands) government, and within one week, I found 3 Cross-Site Scripting (XSS) on their official domain and got 3 swags (T-Shirt) as a gift.

Email screenshot Swag My Post Sat, 26 Jun 2021

Got on the KFC Hall of Fame

In July, I was focusing on VDPs, and I was able to find a critical Local File Inclusion vulnerability on one of the KFC's official website's subdomain which allows me to access customer's personal data including phone number, name, order data of few restaurants.

My Post My HoF Thu, 15 July 2021

Got on the Facebook Hall of Fame

In last week of July I was focusing on VRPs and specially on Facebook's bug bounty program. And I was about to find a logic flaws in the android app of Facebook which allows me to share any deleted post of anyone. Which got me on Hall of Fame of Facebook, and also I got a bounty for the report.

My Post My HoF My profile Wed, 1 Sept 2021

Got on Google Honorable mention

After facebook, I decided to hunt on Google. And I was able to find a IDOR on google's domain which allows me disclose the user details of the users through password reset functionality. Which got me on Honorable mention page of Google

My HM My profile YouTube video Thu, Aug 26 2021

Got on Sony Hall of Fame

In Feb 2022 I was able to find security misconfiguration on two admin panels of Sony which allows me access Sony's sensitive files and internal data of Sony employs. Sony fix these issue and rewarded me 2 Swag(T-shirt) as a gift and also got on Hall of Fame in 2022.

My HoF My Tweet Feb 3 & Mar 7th 2022

Got acknowledgement from NCIIPC for a critical vulnerability

In June, I was able to find a critical IDOR and multiple bugs on the Indian official Voter Portal which allows me to access 780 million of Indian residential and personal information. Which they acknowledge and fixed the vulnerability

My blog My Post Tool Used Mon, 27 Jun 2022

Got on ProtonMail Hall of Fame

I was able to find a Cross-site request forgery (CSRF) in the most secure email service provider Proton. I was able to delete the API keys of proton users with CSRF. Which got me in their Hall of fame and also I received a bounty for it.

My HoF My Post Thu, 12 Jan 2023

Got on IBM Hall of Fame

I was able to find a security misconfiguration on the largest industrial research organization in the world IBM, Which got me in their Hall of fame

My HoF Thu, 12 Jan 2024

Timeline: