Skip to main content
TechNet
Bewerten 

 

Bounty Hunters: The Honor Roll

The following researchers have submitted a qualifying vulnerability or new mitigation bypass techniques to Microsoft as part of the Microsoft Security Response Center (MSRC) Bounty Programs. We thank them greatly for their participation and for working with us to help keep customers safe.

Please send vulnerability reports or questions about the Microsoft Bounty Programs to secure@microsoft.com.

Total bounties paid to date: Over $500,000.00

Mitigation Bypass

NameCompanyAmountYearDonation to Charity
Yu Yang
(@tombkeeper)
Tencent's
Xuanwu Lab
$50,0002016 
Moritz Jodeit
(@moritzj)
Blue Frost
Security GmbH
$100,0002016 

Zhang Yunhai

(@_f0rgetting_)

NSFOCUS
Security
Team
$30,0002016 
Henry Li TrendMicro$15,0002016 

Kai Song

(Exp-sky)

Tencent's
Xuanwu Lab
$5,0002016 
Quantumz Tencent's
Xuanwu Lab
$20,0002016 
Fermin J. Serna Google, Inc$25,0002016 
Haifei Li $70,0002015 

Linan Hao

(@holynop)

Qihoo 360
Vulcan Team
$10,0002015 
Rh0 $25,0002015 

Ivan Fratric

(@ifsecure)

Google, Inc$25,0002015 

AbdulAziz Hariri (@abdhariri)

Brian Gorenc (@maliciousinput)

Simon Zuckerbraun (@HexKitchen)

HP's ZDI$125,0002015

University Montreal

Khan Academy

Texas A&M University

Yu Yang
(@tombkeeper)

Tencent's

Xuanwu Lab

$45,0002015 

Zhang Yunhai

(@_f0rgetting_)

NSFOCUS
Security
Team
$25,0002015 

Zhang Yunhai

(@_f0rgetting_)

NSFOCUS
Security
Team
$75,0002014 

Fermin J. Serna

(@fjserna)

Google, Inc$25,0002013 
James Forshaw (@tiraniddo) Context Security$100,0002013 
Yu Yang (@tombkeeper) NSFOCUS
Security Team
$100,0002013 

Online Services

Current quarter (April – June 2016)

NameLinkQuarter - Year
Abdel Hafid Ait Chikh https://www.facebook.com/Abdel.Hafid.Ait.ChikhQ2 - 2016
Abdulrahman Alqabandi http://twitter.com/qabQ2 - 2016
Adi Ivascu Q2 - 2016
Ayoub Fathi http://sacurify.comQ2 - 2016
Chris McCown https://www.linkedin.com/cmccownQ2 - 2016
David Ferreira https://www.char49.com/Q2 - 2016
Hadji Samir http://www.evolution-sec.comQ2 - 2016
Hamza Bettache https://www.twitter.com/Alfredgotu
https://www.fb.com/alfredgotu
Q2 - 2016
Jack Whitton https://fin1te.net/Q2 - 2016
Jakub Palaczynski http://ingservicespolska.pl/Q2 - 2016
Jun Kokatsu https://twitter.com/shhnjkQ2 - 2016
Richard Shupak Q2 - 2016
Satish Bommisetty https://twitter.com/satishb3 Q2 - 2016
Saurabh Pundir Q2 - 2016
Shamanth Rao https://wesecureapp.com/Q2 - 2016
Steve Syfuhs Q2 - 2016
Ysrael Gurt http://bughunting.gurt.co.ilQ2 - 2016

Previous quarter

NameLinkQuarter - Year
Chris McCown https://www.linkedin.com/in/cmccownQ1 - 2016
Coltuneac Alexandru https://twitter.com/dekeeuQ1 - 2016
Daniel Laczi www.telekom.comQ1 - 2016
Harry M. Gertos http://hmgmakarovich.blogspot.comQ1 - 2016
Ioannis Kakavas https://twitter.com/ilektrojohnQ1 - 2016
Jack Whitton https://fin1te.netQ1 - 2016
Jonas Obrist https://hde.co.jp/en/Q1 - 2016
Karim Valiev https://www.linkedin.com/in/valievkarimQ1 - 2016
Klemen Bratec https://si.linkedin.com/in/klemenbratecQ1 - 2016
Nirmal Kirubakaran https://www.linkedin.com/in/nirmalkirubakaranQ1 - 2016
Richard Shupak Q1 - 2016
Wesley Wineberg www.synack.comQ1 - 2016
Yassine Aboukir http://www.hacktify.io/Q1 - 2016
Abdulrahman
Alqabandi
http://twitter.com/qabQ4 - 2015
Adi Ivascu Q4 - 2015
Ahmed Jerbi Web PlusQ4 - 2015
Amir Borovac https://github.com/aborovacQ4 - 2015
Anton Staykov http://blogs.staykov.net/Q4 - 2015
Antonio Sanso http://intothesymmetry.blogspot.com/Q4 - 2015
Coltuneac Alexandru https://twitter.com/dekeeuQ4 - 2015
Emiel Florijn http://www.leakfree.nl/Q4 - 2015
Hamza Bettache https://www.facebook.com/alfredgotuQ4 - 2015
Justin Khoo FreshInboxQ4 - 2015
Masato Kinugawa https://twitter.com/kinugawamasatoQ4 - 2015
Stefan Schurtz http://darksecurity.deQ4 - 2015
Wesley Wineberg SynackQ4 - 2015
Yakov Shafranovich http://www.shaftek.org/Q4 - 2015
Zhang Xujun Alibaba Security AgencyQ4 - 2015

Previous quarters

NameLinkQuarter - Year
Ankit Mittal https://twitter.com/secureZiQ3 2015
Antonio Sanso https://intothesymmetry.blogspot.com/Q3 2015
Atulkumar Hariba Shedage http://suruji.com/Q3 2015
Gopinath Madurai https://www.linkedin.com/pub/gopinath-kandasamy/10/254/497Q3 2015
Hamza Bettache https://twitter.com/alfredgotuQ3 2015
John Page http://hyp3rlinx.altervista.orgQ3 2015
Lorenzo Fontana Q3 2015
Luciano Corsalini Q3 2015
Nikhil Srivastava and Sunny Vaghela http://techdefencelabs.com/Q3 2015
Richard Shupak Q3 2015
Shahmeer Amir http://maadssec.comQ3 2015
Yongshao (zhiyong feng) http://www.tass.com.cn/Q3 2015
Adi Ivascu Q2 2015
Darius Petrescu https://twitter.com/akkilion/Q2 2015
Deepanshu Kapoor http://deepanshukapoor.blogspot.com/Q2 2015
Ignacio Garrido https://www.versprite.com/Q2 2015
Jyoti Ranjan Acharya https://www.facebook.com/jyoti.racharya/Q2 2015
Neelesh Swami https://www.facebook.com/neelesh.swami/Q2 2015
Nicolai Grødum https://www.cisco.com/Q2 2015
Sergey Markov Q2 2015
Shahmeer Amir https://www.maadssec.com/Q2 2015
Wesley Wineberg https://www.synack.com/Q2 2015
Adi Ivascu Q1 2015
Ben Hayak http://www.benhayak.comQ1 2015
Darius Petrescu https://twitter.com/@akkiliON_Q1 2015
Francisco Correacl.linkedin.com/pub/francisco-correa/76/428/7ba/Q1 2015
Jack "fin1te"
Whitton
http://www.includesecurity.com/Q1 2015
Jon https://bitquark.co.uk/Q1 2015
Mario Gomestwitter.com/netfuzzerQ1 2015
Prakash http://www.ensolnepal.com and https://twitter.com/1lastbr3athQ1 2015
Sergey Markov Q1 2015
Stephen Sclafani http://stephensclafani.comQ1 2015
Yunusov Timur http://twitter.com/a66atQ1 2015
Zhang Xujunhttps://twitter.com/midzer0Q1 2015
Adi Ivascu Q4 2014
Aditya Gujar http://www.betterhacker.comQ4 2014
Alex Davies https://pwndizzle.blogspot.comQ4 2014
Clifford Trigo www.twitter.com/MrTrizaeronQ4 2014
Cernica Ionut Cosminro.linkedin.com/pub/cernica-ionut/45/447/ba8/Q4 2014
Darius Petrescu https://twitter.com/@akkiliON _Q4 2014
Francisco Correa http://cl.linkedin.com/pub/francisco-correa/76/428/7baQ4 2014
Frans Rosén https://detectify.comQ4 2014
Ghorab Mostafa Anouar https://www.facebook.com/GHORAB.Mostafa.AnouarQ4 2014
Jack "fin1te" Whitton http://www.includesecurity.com/Q4 2014
Jakub Żoczek http://zoczus.blogspot.comQ4 2014
John Koerner http://johnkoerner.comQ4 2014
Juan SaccoJuan Sacco Exploit Pack http://exploitpack.comQ4 2014
Mariano Di Martino Q4 2014
Mathias Karlsson http://avlidienbrunn.seQ4 2014
Nikhil Srivastava https://twitter.com/niksthehackerQ4 2014
Olivier Beg http://www.olivierbeg.nlQ4 2014
Ravindra Rathore http://aksitservices.co.inQ4 2014
Neelesh Swami www.Facebook.com/neelesh.swamiQ4 2014
Sergey Markov Q4 2014
Stephen Sclafani http://stephensclafani.comQ4 2014
Wesley wesley@exfiltrated.com and www.synack.comQ4 2014
Yunusov Timur http://twitter.com/a66atQ4 2014

Microsoft Edge technical preview formerly known as Project Spartan (Program Closed)

April - June 2015

NameLink

Amount

Awarded

Quarter - Year
Atte Kettunen OUSPG$11,000Q2 2015
Chi Hong Tsang $1,500Q2 2015
Dhanesh Kizhakkinan FireEye, Inc$1,500Q2 2015
Haifei Li $1,500Q2 2015
Jaehun Jeong(@n3sk) WINS, WSEC Analysis Team$7,500Q2 2015
Jose Antonio Vazquez Gonzalez $1,500Q2 2015
Kai Song Tencent’s Xuanwu Lab$1,500Q2 2015
Linan Hao Qihoo 360 Vulcan Team$1,500Q2 2015
Liu Long Qihoo 360$1,500Q2 2015
Manuel Caballero Cracking.com$6,000Q2 2015
Mario Heiderich Cure53$18,000Q2 2015
Masato Kinugawa https://twitter.com/kinugawamasato$7,500Q2 2015
Nicolas Joly https://twitter.com/n_joly$45,000Q2 2015
Zheng Wen Bin Qihoo 360 Vulcan Team$6,000Q2 2015

Internet Explorer 11 Technical Preview (Program Closed)

NameCompanyVulnerabilities
Found
Amount AwardedDonation to CharityYear
James Forshaw (@tiraniddo) Context Security4$4,400
* Received $5,000 bonus for finding cool IE design vulnerabilities
 2013

Fermin J. Serna

(@fjserna)

Google, Inc1$500Save the Seattle Humane Society2013
Jose Antonio Vazquez Gonzalez Yenteasy - Security Research5$5,500World Food Program USA2013
Ivan Fratric Google, Inc. Security Team1$1,100Save the Children Fund2013
Masato Kinugawa 2$2,200 2013
Peter Vreugdenhil Exodus Intelligence1*Tier 1 2013

Want to know more?

MSRC Blog

SRD Blog