Because You Gotta Beg for Disclosure!

My name is Parsia Hakimian. I am a security engineer at Electronic Arts. This is where I (hopefully) collect my disclosed security issues.

I am not a proper bug bounty hunter, I’d rather play videogames in my spare time. Click on the link above to go to my personal website.

Chaining Three Bugs to Get RCE in Microsoft AttackSurfaceAnalyzer

Write up is at https://parsiya.net/blog/2019-06-18-chaining-three-bugs-to-get-rce-in-microsoft-attacksurfaceanalyzer/.

Fix PRs:

CVE-2020-13621 - Websites Can Run Arbitrary Code on Machines Running the ‘PlayStation Now’ Application - $15,000

Write up is at https://hackerone.com/reports/873614. My first (and highest to date) bounty.

Unfortunately, the images do not show up in the summary because the rest of the report is not disclosed. However, the report goes through the whole discovery process and should give you enough information to find your own bugs.