(👀 also stay tuned for the recording of my @MSFTBlueHat Asia presentation about this!)

Check out Microsoft's blog post about variant hunting and research I did during my summer internship with MSRC! My research ranged from working on tools for multi-tenant authorization issues to identifying a new trend of issues with remote MCP auth inside Microsoft!

At BlueHat Asia, Cameron Vincent (@SecretlyHidden1), Senior Security Researcher, Microsoft, and Brian McNulty (@brianjmcnulty), MSRC Summer Intern and University of Michigan graduate student, shared their journey hunting security variants across the Microsoft ecosystem.

The talk will also be recorded and uploaded for everyone to watch on MSRC’s YouTube channel! I’ll be sure to post the link here on Twitter as well afterwards!

Super excited to be presenting at #BlueHatAsia about authorization variant hunting I did during my Microsoft summer internship! I will be speaking about critical vulnerabilities I found at Microsoft, the tools I made to find them, and remote MCP server security!

Thank you @metabugbounty and everyone who attended Meta’s Bug Bounty Researcher Conference #MBBRC2025 in Tokyo! It was nice catching up with everyone and meeting new people! I had an amazing time and enjoyed all of the talks and events!

Got to catch up with these awesome peeps for the second time this year! Thanks @Meta for organising all the fun at #hackersummercamp! Little late to posting but we had to be @brianjmcnulty ‘s first rt 😂 also w/ @Farah_Hawaa @GoldmanIlay @_RobinJustin_ and more, till next year!