Cam
@SecretlyHidden1
Followers
2K
Following
449
Media
5
Statuses
201
Former full time bug bounty hunter - now doing security stuff at places :)
Joined October 2015
My first 10.0 CVE ;).
[1/7] šØ @Microsoft just patched CVE-2025-29813, a severe Azure DevOps vulnerability with a perfect CVSS score of 10.0! This flaw allowed attackers to swap short-term pipeline tokens for long-term ones, potentially extending their access. No user action needed. @AzureDevOps
31
71
2K
RT @gothburz: @Microsoft @AzureDevOps @msftsecurity @VisualStudio @msftsecresponse [5/7] š”ļø MITIGATION: Microsoft states "This vulnerabilitā¦.
0
1
0
If you wanna see some interesting Google vulns I found my Nullcon talk covers them ;) Shoutout the @GoogleVRP team!.
Ever edited someone elseās app on Google Play? š³ @SecretlyHidden1 did ā and got rewarded for it š°. At #NullconGoa2025, he broke down exactly how he hacked the Google Bug Bounty Program and climbed to the top of the leaderboard. š #bughunting #google.
2
1
18
Iām horrible at photos but here are some from the event at the space needle and mariners game! Again truly amazing event and look forward to future research from everyone! @msftsecresponse thank you for including me!
0
0
5
Now that the smoke has settled wanted to tweet about the amazing Zero Day Quest event the @msftsecresponse held. The planning, coordination, and effort all the teams put into making it an amazing event for our top researchers was truly admirable. It was great seeing everyone!.
0
0
2
RT @msftsecresponse: We had a wonderful evening connecting with some of the incredible security researchers participating in the Microsoftā¦.
0
5
0
RT @nullcon: š Bug bounty hunters, this oneās for you!. @SecretlyHidden1, Security Engineer, Microsoft is on stage at #NullconGoa2025. Fromā¦.
0
3
0
RT @msftsecresponse: Cameron Vincent @SecretlyHidden1, Security Researcher at Microsoft, gave a talk about IDOR vulnerabilities to a packedā¦.
0
4
0
RT @msftsecresponse: Join MSRC and special guest Scott Gorlick, Principal Security Architect at Microsoft, next week for a virtual sessionā¦.
0
20
0
Shoutout to the @GoogleVRP as well! They were amazing to work with and fixed everything quickly! Iām excited to share some of my techniques for hunting on Google.
Ever wonder how it was possible to edit other user's apps on the Google Play store? š¤. Join @SecretlyHidden1 at #NullconGoa2025 and discover how to hunt for authorization and logic vulnerabilities across multiple Google products. š #Google #bugbounty
0
1
19
RT @nullcon: Ever wonder how it was possible to edit other user's apps on the Google Play store? š¤. Join @SecretlyHidden1 at #NullconGoa202ā¦.
0
3
0
Excited to announce that Iāll be presenting @nullcon this year about research I did on the @GoogleVRP program. I will be disclosing some of my top findings and provide some tips to help researchers find similar types of bugs :) look forward to seeing everyone!.
4
6
89
RT @satyanadella: 2/ Security is our top priority, and today weāre building on that commitment with Zero Day Quest, a new hacking event witā¦.
0
23
0
RT @msftsecresponse: As part of our Secure Future Initiative and to further the security of our customers, ourselves, and the world, todayā¦.
0
57
0
RT @MSFTBlueHat: Yesterday, the Microsoft community gathered for the internal-only STRIKE Presents: BlueHat conference. The event kicked ofā¦.
0
1
0
Super glad this talk went well with @ericonidentity! Amazing.to work with and look forward to future research!.
In the #BlueHat session "The two sides of UnOAuthorized" Semperis's @ericonidentity and MSRC's @SecretlyHidden1 team up to present discovering and mitigating privilege escalation through Microsoft apps, exemplifying industry collaboration.
0
0
14
RT @MSFTBlueHat: In the #BlueHat session "The two sides of UnOAuthorized" Semperis's @ericonidentity and MSRC's @SecretlyHidden1 team up toā¦.
0
2
0
RT @ericonidentity: Redmond bound for @MSFTBlueHat, co-presenting with @SecretlyHidden1 āThe Two Sides of UnOAuthorizedā š. It will be my sā¦.
0
2
0
Super excited to be doing this collab talk with @ericonidentity.
š£SPEAKER ANNOUNCEMENTš£. We're excited to announce our next #BlueHat speaker, Cameron Vincent (@SecretlyHidden1), Security Researcher at Microsoft. He will be co-presenting a talk titled "UnOAuthorized: Enabling Unexpected Privilege Escalation Through Discovered Authorization"
0
0
13