Let's imagine I discovered an exploit involving escalation privileges on bash for windows that allows me to acces the entire host drive and perform any operation. Wich would be the way to report this (getting paid) without exposing myself? Would the Linux community benefitiate in any way (more Wine compatibility, idk).
Let's imagine I discovered an exploit involving escalation privileges on bash for windows that allows me to acces the...
James Watson
Other urls found in this thread:
technet.microsoft.com
twitter.com
Jordan Hernandez
Just search for Microsoft bug bounties.
Matthew Scott
How about you dont tell anyone anbout it and become a 1337 haxor and hack da gubburment
Hudson Rogers
Results only show Ms bullshit and an email address. If I use temporary mail I don't think they will answer me. And even if they answered I don't feel safe sending an email with my BC address.
Daniel Stewart
Btw how much can you get paid for such an exploit?? More than 5k? 15k maybe?
Is asking for 15k too much?
Owen Cruz
Release it into the Linux community first, do the good thing instead of the monetary thing
Charles Brown
15k? Probably too much. Aim low, and build a reputation, if the opportunity ever arises again, and you find yourself in a similar situation, they'll be more willing to compensate you again.
That's how you stay poor.
Samuel Martinez
That's why I asked if Linux community would even use the exploit. Since it needs to be run on a windows host I dont think would be used.
Christopher Reed
Or you can get a job and stop needing to dig for money every chance you get
Well it goes like this. You give it to MS, they cover it, patch it, keep it secret keep it safe. Or you give it to the community to see what they can do with it. Maybe it'll result in something new and awesome, maybe it'll get parched out. But it's better than guaranteeing nothing comes of it at all
Julian Roberts
Thanks. I will email them to see what they answer. But I don't think the reputation method will work since I don't want to reveal myself.
Thomas Thomas
>being slave to a boss that decides whether you earn or not, eat or not
Sorry user, some people like to live free
Angel Brown
I work from home as my own boss, good job assuming though
also
>claim to be free
>need to do whatever you can to get money
sounds like you're a slave to a different owner that the human you can directly see.
Benjamin Hughes
OP here again.
Does anyone know if I will have to sign any document for the exploit bounty in order to get the money? Like some bullshit that doesn't allow me to talk about the exploit or release it? Will that document be relevant since I live in a different country?
Bentley Harris
You probably would have to
Cameron Cruz
You seem autistic and they'll fuck you over faggot.
Evan Hill
Yeah, most likely.
Carter Russell
>implying doing whatever I can isn't enjoyable to me and a passion I pursue
Ian Walker
>That's how you stay poor.
I hope someone else finds the exploit and you get nothing.
Joseph Stewart
>I hope someone else finds the exploit and you get nothing
I'm not even OP. Nice try though.
Colton Powell
Meant for
Isaiah Collins
share it :D :D it will get used im sure
Samuel James
The fact it requires Microsoft makes it distinct from a pure Linux vuln. I respect OP for seeking a bug bounty and doing the right thing in the process. Otherwise, selling it on the black market seems like a no brainier, imo. That's a big reason bug bounties exist.
Cameron Cox
That's true, but you don't really know what could come out of it if it were released into the wild first. The MRI machine was invented because of some astronomer wanting to identify what elements made up gas clouds in space, after all.
Jackson King
That pic. Kek
Mason Howard
This. Hackers scam everyone.
Brayden Harris
technet.microsoft.com
Scroll down and find the applicable Bounty Program for the exploit.