Microsoft MSRC Quarterly Leaderboard from my security bug reports submitted.
Table of Contents
— Part 0 — Whoami? — Part 1 — Selecting a program — Part 2 — Let the hunt begin! — Part 3 — Reporting — Part 4 — Claims the Rewards — Disclosure Timelines
Hello, I am Supakiad Satuwan, a Security Consultant from Thailand. In this article, I will go through the story of my first valid bug found on Microsoft bug bounty program. This has given me an opportunity to be ranked in MSRC 2022 Q3 Security Researcher Leaderboard. Let’s get started!
What is MSRC?
The Microsoft Security Response Center(MSRC) is part of the microsoft defender community and on the front line of microsoft security response evolution. This platform engaged with security researchers working to protect Microsoft’s customers and the broader ecosystem. For more details: Microsoft Security Response Center
Analyzing the target
I started the hunt on Power Apps Platform.
While analyzing the Power Apps Platform and the applications on it, I noticed that an application sent requests to https://apps.powerapps.com
It caught my attention. Therefore, I navigated to the following URL: