Pikagi
Cam Profile Banner
Cam Profile
Cam

@SecretlyHidden1

1,621
Followers
218
Following
4
Media
179
Statuses

Former full time bug bounty hunter - now doing security stuff at places :)

Joined October 2015
Don't wanna be here? Send us removal request.
Last Seen Profiles
お餅!

@JiaTengkoh64754

DMRhythm

@DMRhythm

evli gizliyim

@evligiz60125833

Tony Ersland

@TonyErsland

うーご@副業フリー

@ugo_fukugyo

Matti Aaltonen

@Sarkatakki

The Colony Cougar Baseball

@TC_cougbaseball

Yulia Kovanova

@yuliakovanova

Maven Silicon

@MavenSilicon

Allison Jacobie

@GoldenDiva

Crafty Mart

@CraftyMart

LovingSylviaPlath

@LovingSPlath

Valle

@TetrisPie

Devon and Somerset Fire and Rescue Service

@DSFireUpdates

Mariah

@riahnocarey

INFO BOKEP LOKAL TANTE SEMOK

@bokeplokalmalam

JKHuna Laguna

@cilokmuncrat

DSBrett Takes Photos

@dsbrett

PEDRO

@pdrosntt_

AdalyticsHQ

@AdalyticsHQ

June

@SaintOliverJune

Tor

@tor_soup

Vu Le (with one E)

@NonprofitAF

Агент Осбб🔫

@Agent_osbb

Ashlee 🏳️‍⚧️ En español

@Ashlee_vr

DOFUSTouch_EN

@DOFUSTouch_EN

芸芸

@yueyun0318

かずサン 須永和昭

@kazufan01

Royal Ballet and Opera

@rbo_org

The Everlasting Yeah (ex-That Petrol Emotion)

@everlastingyeah

C.A. Martin Art

@camartinart

Trivela Sports

@trivelaspors_

BingX(ビンエックス)

@BingXJapan

Benyamin Chao

@benyaminchao

Alcaldía de Urumita

@AlcaldiaUrumita

Noves

@Noves_fi

@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
New Blog Post! Beginning my series of writeups. Still working on deciding what from Microsoft I will writeup but here is a post from my research with Google. In short, how to become a super admin on someone elses Gsuite Organization:)
5
50
167
@SecretlyHidden1
Cam
@SecretlyHidden1
1 month
Leaking All Users Google Drive Files -
5
28
132
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
New write up coming soon, it involves taking over anyone’s domain on , having full admin permissions, and as a result taking over their connected gsuite account ;)
Google Domains | Official Site – Google Domains
domains.google
3
10
115
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
Hey all! I know I don’t tweet much but thought tweeting this would be important. Hopefully in the next few weeks I will begin releasing write ups of the work I’ve done through the Microsoft Bug Bounty program over the years. The goal of the write ups will be to teach external 1/2
4
10
54
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
Couple more Google VRP write ups coming by this weekend for you all to read :), I promise I’m working on MS 😅😅😅😅😅😅
1
0
35
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
Just to add a little more context I also took up a position with the @msftsecresponse as a security engineer so am excited to start this part of my career and hopefully will be able to help external researchers now from the other side :)
5
0
23
@SecretlyHidden1
Cam
@SecretlyHidden1
1 year
Can confirm @phwd_ blog shaped the researcher I am today back when I stumbled across it around 2016-2017. Point being while top researchers may be quiet you for sure learned something from someone. In the spirit of public disclosure go watch my Bluehat talk ;)
3
5
24
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
Researchers how to effectively hunt on Azure/O365. It is a very big platform and I will show you my techniques and methods of how I’ve been doing it for the past few years and the types of issues that Microsoft’s program really looks for. If you have questions please DM me.
4
2
17
@SecretlyHidden1
Cam
@SecretlyHidden1
11 months
Big shout out to the @GoogleVRP team for hosting an incredible event in Tokyo! It was great seeing old friends :)
0
3
17
@SecretlyHidden1
Cam
@SecretlyHidden1
7 years
@prakharprasad Got it today. Cant wait to see some of your methods.
Tweet media one
0
0
15
@SecretlyHidden1
Cam
@SecretlyHidden1
2 years
See everyone there! Please feel free to reach out to me if you are interested in meeting :)
@MSFTBlueHat
Microsoft BlueHat
@MSFTBlueHat
2 years
📣 Speaker Announcement 📣 We’re excited to announce our next speaker, Cameron Vincent @SecretlyHidden1 , Security Researcher at Microsoft. Cameron will join Sean Hinchee to talk about hunting AuthZ/Authorization issues across Microsoft and other services. 👏 #BlueHat
Tweet media one
1
6
26
1
1
14
@SecretlyHidden1
Cam
@SecretlyHidden1
29 days
As promised here is another writeup! A Creative Way To Get Someones YouTube Videos Deleted + A Copyright Strike Against Their YouTube Channel -
1
3
12
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
So I’d like to get some thoughts from everyone. What type of bugs from Microsoft are you looking for/be most interested in that I writeup? What specific product? Don’t ask for XSS @soaj1664ashar took care of that 🤣🤣🤣😂😂😂
4
3
10
@SecretlyHidden1
Cam
@SecretlyHidden1
1 year
Just landed in Seoul for the Meta bug bounty event this week. Super excited! If anyone is around please DM me :)
1
0
8
@SecretlyHidden1
Cam
@SecretlyHidden1
2 years
Awesome event @MSFTBlueHat !!!!!! Glad I got to meet some awesome people and looking forward to some more events.
0
1
9
@SecretlyHidden1
Cam
@SecretlyHidden1
1 month
Glad to see the traction the previous blog post got :) I will be posting another one Monday. The one for Monday is interesting cause it could have resulted in a YouTube video/channel deletion for the target depending on how you did it.
0
0
8
@SecretlyHidden1
Cam
@SecretlyHidden1
2 years
Crazy. I always made jokes about this and finally has happened. Kudos to hackerone for their work on identifying this quickly. Makes me wonder about the scenarios that don’t get caught. This is for sure a type of threat that all companies with BB programs need to watch
@runasand
Runa Sandvik
@runasand
2 years
A HackerOne employee accessed vulnerability data of customers, then re-submitted the security issues to the same customers for personal gain. Interesting report by @Hacker0x01 on the incident and investigation.
21
171
670
0
2
7
@SecretlyHidden1
Cam
@SecretlyHidden1
6 years
Congrats @soaj1664ashar and to everyone else on the list!!
@phillip_misner
Phillip Misner
@phillip_misner
6 years
And here is the blog: . Congratulations to the Top 100!
0
9
23
1
1
7
@SecretlyHidden1
Cam
@SecretlyHidden1
5 years
Congrats to everyone!
@msftsecresponse
Security Response
@msftsecresponse
5 years
It's that time of the year! We unveiled MSRC’s 2018-2019 Most Valuable Security Researchers at Black Hat USA this morning. If you cannot make it to the Microsoft booth, check out the list in our blog. Congratulations and thank you!
4
29
75
1
1
8
@SecretlyHidden1
Cam
@SecretlyHidden1
6 years
Nothing special but hey bug of the week is bug of the week!! :D
@GoogleVRP
Google VRP (Google Bug Hunters)
@GoogleVRP
6 years
BOTW-28: IDOR in the new by @SecretlyHidden1
0
47
109
0
3
7
@SecretlyHidden1
Cam
@SecretlyHidden1
1 year
This was super fun to do and kudos to the artist that drew this! They did a fantastic job! I’m making it my Twitter profile pic 😂😂
@MSFTBlueHat
Microsoft BlueHat
@MSFTBlueHat
1 year
Meet Cameron @secretlyhidden1 , the tech whiz who went from hacking Microsoft to joining our ranks! A Guitar Hero aficionado with a passion for sneakers, his self-taught hacking skills took him to the top of bug bounty leaderboards. Learn more about Cam:
Tweet media one
0
6
28
0
0
7
@SecretlyHidden1
Cam
@SecretlyHidden1
7 years
I usually don't post the awards I get but I will be doing a writeup of this one due to how I found it. Thanks #Google #BugBounty
Tweet media one
1
1
7
@SecretlyHidden1
Cam
@SecretlyHidden1
5 years
It is my goal to rename Mime sniffing to Meme sniffing.
0
1
6
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
I miss this place so much. So thankful @GoogleVRP sent me there 2 years ago. Can’t wait to go back in the future.
@leeyikkeat
YK
@leeyikkeat
3 years
Super rare low fog today in Singapore 📸 got a chance to see it from above
Tweet media one
Tweet media two
Tweet media three
Tweet media four
10
359
1K
1
1
5
@SecretlyHidden1
Cam
@SecretlyHidden1
6 years
@soaj1664ashar @deepsec Very very very good analysis of the Microsoft cloud bounty program. Anyone that needs tips here is the perfect overview.
0
1
5
@SecretlyHidden1
Cam
@SecretlyHidden1
3 months
This is actually a really great resource for anyone doing FT bug bounty hunting.
@Rhynorater
Justin Gardner
@Rhynorater
3 months
@deadvolvo This won't work for everyone, but it has been a good solution for me!
1
1
15
0
0
5
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
Similar to the last bug I wrote up but same impact. However the last bug I wrote up affected only taking over the gsuite account. In this new one you would have been able to manage and take over anyone’s domain hosted there and change everything.
0
0
5
@SecretlyHidden1
Cam
@SecretlyHidden1
5 years
Fucking love hoodie weather whip dem fendi hoodies out
1
0
3
@SecretlyHidden1
Cam
@SecretlyHidden1
7 years
Damn just got a sweet award from Googles bug bounty program. Way higher than I expected. Thank you @Google
0
0
4
@SecretlyHidden1
Cam
@SecretlyHidden1
4 months
This is something I also believe to be very misleading and unfair. Why can a program have a public unpaid bounty program but then behind the scenes have a paid one? It really shouldn’t be allowed and is not fair at all to the individuals who didn’t get invited.
@TheGrandPew
Pew
@TheGrandPew
4 months
Once I reported a Pre Auth RCE to Deutsche Bank ( largest German Bank, largest European Bank? ) through their public VDP on @Bugcrowd for free. I then learned that the Bank had a private program at that exact time paying 25k for crits like what I reported.
13
14
111
1
1
4
@SecretlyHidden1
Cam
@SecretlyHidden1
1 year
@sirdarckcat @b0rn_pur3 would be so proud that’s my name tag.
Tweet media one
1
0
3
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
To confirm this issue was fixed back in 2018. I don’t disclose anything that is not fixed.
0
1
3
@SecretlyHidden1
Cam
@SecretlyHidden1
5 years
Lol I was so drunk last night I was complaining that I wanted the employee only Microsoft blinking badge cause it was the color blue 😂😂
2
0
3
@SecretlyHidden1
Cam
@SecretlyHidden1
5 months
This was an amazing event! Good luck to anyone hunting for an invite ;)
@GoogleVRP
Google VRP (Google Bug Hunters)
@GoogleVRP
5 months
bugSWAT live hacking 📣: We are planning two events this year, one in the US and one in Europe. Invites based on recent submissions and past bugSWAT performance. More details soon - keep those bug reports coming! Here's a peek into our last bugSWAT:
5
15
88
0
0
3
@SecretlyHidden1
Cam
@SecretlyHidden1
10 months
@bsagdic_ @Google @GoogleVRP Nice meeting you man!
1
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
7 years
@hackerspider1 @Hacker0x01 @Bugcrowd Has to be the current record for the highest paid on one xss. :O
0
0
3
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
@wtm_offensi @nicoleperlroth Working for them now haha
2
0
3
@SecretlyHidden1
Cam
@SecretlyHidden1
6 years
I is startin to feel the hackerone programs in me now.......hmmmmm
0
0
3
@SecretlyHidden1
Cam
@SecretlyHidden1
7 years
I swear the best part about @Bugcrowd is the amount of private invites I get even if report is dupe/valid.
0
0
3
@SecretlyHidden1
Cam
@SecretlyHidden1
7 years
I earned $1,000 for my submission on @bugcrowd #ItTakesACrowd Been a while since I got a nice bounty from BC :)
hereiam97 on Bugcrowd

View hereiam97’s researcher profile on Bugcrowd, a platform and team of experts connecting organizations to a global crowd of trusted security researchers.

bugcrowd.com
0
1
2
@SecretlyHidden1
Cam
@SecretlyHidden1
5 years
@princechaddha @Yassineaboukir @armaancrockroax @rootxharsh @AnsariOsama10 @securityidiots Fucccccck I shoulda gone. Looks amazing.
3
0
2
@SecretlyHidden1
Cam
@SecretlyHidden1
5 years
@Kym_Possible It was great meeting you! :)
0
0
2
@SecretlyHidden1
Cam
@SecretlyHidden1
2 years
@ZenOneSec Thanks Wendy :) You all did a fantastic job this event can’t wait for more :D
1
0
2
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
@hamsterz0 😂😂😂 no matter how technical I am when my mom calls me saying can you help me to set up the printer I get scared 😳
0
1
2
@SecretlyHidden1
Cam
@SecretlyHidden1
5 years
Is this actually real lol
1
0
2
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
@omespino That was a different bug ;)
0
0
2
@SecretlyHidden1
Cam
@SecretlyHidden1
1 year
@samm0uda Congrats man! Was awesome meeting you!
0
0
2
@SecretlyHidden1
Cam
@SecretlyHidden1
6 years
@soaj1664ashar I hear that. You go hard bro! Good work
0
0
2
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
@rootxharsh @wtm_offensi I’ll try to squeeze those in cause it kinda correlated with my work with MS but MS will be the main focus right now.
1
0
2
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
Read a good chunk of @nicoleperlroth Book on my flight to seattle and amazing book so far. Was dived into the whole flight
1
0
2
@SecretlyHidden1
Cam
@SecretlyHidden1
1 year
@wtm_offensi @MSFTBlueHat Thanks man! I appreciate the comment :)
0
0
2
@SecretlyHidden1
Cam
@SecretlyHidden1
2 years
Woah I never thought this day would come, remember hearing about that site first as a teenager back in high school through HF 😂😂😂 really is end of a era
@nnwakelam
Nathaniel
@nnwakelam
2 years
Wow ssndob is gone the end of a computer crime era
0
0
8
0
0
2
@SecretlyHidden1
Cam
@SecretlyHidden1
2 years
@wtm_offensi Thanks dude! Hope all has been well with you.
1
0
2
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
I swear the Google VRP has the worst payment update system.
0
0
2
@SecretlyHidden1
Cam
@SecretlyHidden1
2 years
@nnwakelam One of the reasons why I stopped being full time, those types of thoughts will take you over. I couldn’t do it anymore 😂😂
1
0
2
@SecretlyHidden1
Cam
@SecretlyHidden1
3 months
What an amazing story. Felt like a movie 🤣🤣🤣
@Laughing_Mantis
Greg Linares (Laughing Mantis)
@Laughing_Mantis
3 months
Since I'm 6 drinks in for 20 bucks, let me tell you all about the story of how the first Microsoft Office 2007 vulnerability was discovered, or how it wasn't. This was a story I was gonna save for a book but fuck it, I ain't gonna write it anyways.
263
3K
27K
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
7 years
Man this weekend was awesome. So glad I went on this trip. Thank you @msftsecresponse and others for giving me the ability to do this.
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
2 years
@hamsterz0 @xkcdComic This is outrageous, I shall talk to the committee for you.
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
5 years
Lol flew across the ocean to hunt down a plug adapter whooops lmfaooo
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
7 years
I'm still planning on doing a writeup of this. Just waiting for confirmation that it's been fixed.
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
2 years
@wtm_offensi @msftsecresponse Hope everything’s been alright man!
1
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
2 years
@shhnjk Nice meeting you in London :) good luck with everything!
1
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
2 years
@ZenOneSec Thanks Wendy :) excited to see you all next week!
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
That coinbase super bowl ad was harrrrrrd
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
5 years
Not even sure how I feel about this.
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
6 years
@soaj1664ashar @deepsec sounds good bro! if i didnt hate flying id actually try to make the talk. Cant wait either way :), to anyone else though looking to hunt O365 this is def a presentation you want to see.
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
@1Y1M2022 Hey! Thanks for letting me know, will fix that by tonight :)
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
@wtm_offensi Thank you :)
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
@wtm_offensi @rootxharsh Yep!
1
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
7 years
@disclosedh1 Why does this company get so many spam reports lmao
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
@soaj1664ashar ;)
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
4 months
@archyxsec That is even worse. If a VDP has the same scope as a private paid version of their program that should not be allowed. That is extremely misleading.
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
Hello everyone quick favor. Do I have any followers that possibly are/know someone that works at Facebook/Instagram? Need help with something :) thanks
1
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
1 year
@princechaddha @pdiscoveryio Would love to catch up with you again!
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
2 years
Yikes, news org got played hard lmfao. @thewire_in thought this workplace “spoofed” account was someone who had access to instagrams actual internal account.
@guyro
Guy Rosen
@guyro
2 years
The spoof was set up as a free trial Workplace account under the name “Instagram” and using the IG brand as its profile pic. We've locked the account for violating policies and are continuing to investigate. We'll provide further updates as warranted here:
39
460
2K
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
8 years
@cBekrar your ranked #1 on this hahaha
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
2 years
@wtm_offensi Been good, enjoying your reports from my side ;)
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
5 years
@soaj1664ashar Happy birthday!
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
1 year
@nnwakelam One of the reasons I had to stop full time. The mental health aspect of that constantly eating me up drove me insane.
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
6 years
Ummmm what?
0
1
1
@SecretlyHidden1
Cam
@SecretlyHidden1
5 years
@rootxharsh Glad u made it safe man!! :D
1
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
3 years
$125 for a covid rapid test? Wtf wow
2
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
7 years
I don't wanna be bashing the MS support team but I was dying at, "A few minutes later, I’ve received this phone number from the support: (562) 981–7600. Could that be the real deal? A call to this number revealed, that it belongs to the Marine Spill Response Corporation (MSRC)"
@x0rz
x0rz
@x0rz
7 years
Microsoft leaked the private key for *.sandbox.operations.dynamics.com 😱 #crypto #encryption #microsoft #opsec
15
572
635
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
6 years
Thank god finally getting some additions to the program.
@Kym_Possible
KymPossible
@Kym_Possible
6 years
First new Microsoft bounty program of 2019, with more to come! New programs, expansions and improvements to existing programs, new payment options... its gonna be an exciting year. :) #bountyhunter #bugbounty
2
11
30
0
0
1
@SecretlyHidden1
Cam
@SecretlyHidden1
5 years
Man crowdstrike really going to the top now
0
0
1