Let's imagine I discovered an exploit involving escalation privileges on bash for windows that allows me to acces the entire host drive and perform any operation. Wich would be the way to report this (getting paid) without exposing myself? Would the Linux community benefitiate in any way (more Wine compatibility, idk).
Let's imagine I discovered an exploit involving escalation privileges on bash for windows that allows me to acces the...
Other urls found in this thread:
technet.microsoft.com
twitter.com
Just search for Microsoft bug bounties.
How about you dont tell anyone anbout it and become a 1337 haxor and hack da gubburment
Results only show Ms bullshit and an email address. If I use temporary mail I don't think they will answer me. And even if they answered I don't feel safe sending an email with my BC address.
Btw how much can you get paid for such an exploit?? More than 5k? 15k maybe?
Is asking for 15k too much?
Release it into the Linux community first, do the good thing instead of the monetary thing
15k? Probably too much. Aim low, and build a reputation, if the opportunity ever arises again, and you find yourself in a similar situation, they'll be more willing to compensate you again.
That's how you stay poor.
That's why I asked if Linux community would even use the exploit. Since it needs to be run on a windows host I dont think would be used.
Or you can get a job and stop needing to dig for money every chance you get
Well it goes like this. You give it to MS, they cover it, patch it, keep it secret keep it safe. Or you give it to the community to see what they can do with it. Maybe it'll result in something new and awesome, maybe it'll get parched out. But it's better than guaranteeing nothing comes of it at all
Thanks. I will email them to see what they answer. But I don't think the reputation method will work since I don't want to reveal myself.
>being slave to a boss that decides whether you earn or not, eat or not
Sorry user, some people like to live free
I work from home as my own boss, good job assuming though
also
>claim to be free
>need to do whatever you can to get money
sounds like you're a slave to a different owner that the human you can directly see.
OP here again.
Does anyone know if I will have to sign any document for the exploit bounty in order to get the money? Like some bullshit that doesn't allow me to talk about the exploit or release it? Will that document be relevant since I live in a different country?
You probably would have to
You seem autistic and they'll fuck you over faggot.
Yeah, most likely.
>implying doing whatever I can isn't enjoyable to me and a passion I pursue
>That's how you stay poor.
I hope someone else finds the exploit and you get nothing.
>I hope someone else finds the exploit and you get nothing
I'm not even OP. Nice try though.
Meant for
share it :D :D it will get used im sure
The fact it requires Microsoft makes it distinct from a pure Linux vuln. I respect OP for seeking a bug bounty and doing the right thing in the process. Otherwise, selling it on the black market seems like a no brainier, imo. That's a big reason bug bounties exist.
That's true, but you don't really know what could come out of it if it were released into the wild first. The MRI machine was invented because of some astronomer wanting to identify what elements made up gas clouds in space, after all.
That pic. Kek
This. Hackers scam everyone.
technet.microsoft.com
Scroll down and find the applicable Bounty Program for the exploit.