BRADLEY JOHNSON


I’m a passionate security researcher and security professional with over six years within the information technology sector and over a year and a half in a dedicated security role. I’ve been security researching since being admitted into university and I’ve been awarded multiple security researcher acknowledgements throughout the years from massive technology companies such as Microsoft and Apple.

Throughout my whole life I’ve always had a fascination with technology and seeing it rapidly change and adapt to the world around us. I love the mindset that comes with taking a specific concept that was developed for one purpose and then exploiting it to do another.

I have a strong interest in incident response, anomaly detection, malware analysis, emerging security threats and vulnerabilities as well as workflow automation surrounding security processes and infrastructure. I enjoy venturing out and indulging in security focussed podcasts and eBooks for additional knowledge surrounding the topic.

Security Researching

Security researching to me is like being placed in a locked room, being handed a key and a box full of padlocks and then being asked to find the lock that the key opens. Instead of being frustrated if none of the padlocks are opened by the key, perhaps the real test of the puzzle was to think outside of that box all along.

It’s important to mention that I only looked for vulnerabilities within sites that openly encouraged and/or permitted security researching and responsible disclosure. None of the vulnerabilities I discovered were discovered with automated tools, through unauthorized access of systems or data and weren’t exploited by myself. All were discretely disclosed to the respective companies as well as being discovered by manually reviewing the code on public external facing websites.

My experience with finding vulnerabilities within massive companies like Microsoft and Apple, as well as the other mentioned in this section, varied vastly in difficulty to find as well as the time invested in digging for them. Some took a few days to discover, others took a few weeks of prodding around specific sections of their massive online platforms.

The major motivator and most enjoyable aspect of the journey of discovery for each vulnerability was knowing the positive impact I was making for responsibly disclosing my findings to the respective companies. Sure, it was great assisting the company be proactive and patch the vulnerability to protect themselves, but I was mainly looking out for the end users that could have ended up being potential targets of someone who had more malicious intentions.

Admittedly, since the discoveries mentioned, I’ve placed external security vulnerability research on the back-burner for the past few years as it’s primarily due to not having the abundant amount of free time to dedicate to the craft as I once had whilst doing in it in my spare time at university.

Microsoft

Discovery Date:
October 2012

Vulnerability Type:
Cross-site Scripting (XSS)

Acknowledgement URL:
https://technet.microsoft.com/en-us/security/cc308575.aspx

Apple

Discovery Date:
June 2013

Vulnerability Type:
Cross-site Scripting (XSS)

Acknowledgement URL:
https://support.apple.com/en-au/HT207627

Adobe

Discovery Date:
January 2013

Vulnerability Type:
Cross-site Scripting (XSS)

Acknowledgement URL:
https://helpx.adobe.com/security/
acknowledgements.html

Oracle

Discovery Date:
July 2013

Vulnerability Type:
Cross-site Scripting (XSS)

Acknowledgement URL:
http://www.oracle.com/technetwork/topics/
security/cpujuly2013-1899826.html

AT&T

Discovery Date:
July 2013

Vulnerability Type:
Cross-site Scripting (XSS)

Acknowledgement URL:
https://bugbounty.att.com/hof.php

Contact

Hey!

Thanks for looking into getting in contact, feel free to use the contact form or the contact information provided below and I’ll endeavour to reply to you as soon as possible.

Contact Information

Socials