Exposed secret keys leading to multiple site defacement for $800

Finding secret keys in a JS fileā€”this is like finding money in a trashcan. Yeah that’s a JavaScript is trash joke.

Leaking employee emails at a large corporation for $250

Information disclosure can be easy - and profitable. Revisiting one of my first paid bounties.

Remote code execution in a billion-dollar publicly traded company

How I legally hacked a billion-dollar company with their permission - with the highest severity