#BugBytes

From the Retaliation against Rogue Researcher section of John Jackson’s BugBounty Book I bought because I was intuitively doing what he recommends researchers do in section 1.12.1 in order to learn and understand as a citizen and co-founder of a small research/consulting firm.

“One wrong move in which a researcher is confused as a threat actor could ruin a company’s (individual’s) reputation…..a program manager should proceed with caution to avoid a witch hunt”

“even in a carefully planned scenario in which the security researcher is not satisfied with outcome can prove quite deadly”

Seems like you all did every single thing you tell people not to do while determining if I was a bad actor exploiting a vulnerability despite the fact you wrote the book on it.

Seems like some major hypocrisy all things experienced. You know considering I came to all of you for help doing what you do just to get treated like some pariah compared to every single other person I watched you all engage. This combined with the fact I also attempted to communicate directly with all of you to gain clarity and resolution without causing unnecessary harm just like you recommend people do in these exact scenarios in your book but you just Jekyll and Hyde(d) me, told me I was no longer under protection, and attempted several (out of scope) social engineering efforts to Stockholm Syndrome my silence based on assumptions I was guilty and not being satisfied with the fact whatever was considered a vulnerability was leaked by accident, zero proof of similar activity with malicious intent despite you and yours social engineering it from scraped extorted scraps. Complete lack of communication towards reasonable resolution which resulted in witch hunting me and harm to my reputation, personally and professionally.

I’m willing to admit I messed up, when, where, how, why and always was but you were never interested in resolving things and only found ways to avoid accountability for your mistake and/or torture me while justifying it as just another bug bounty.

Pretty sure things should have been communicated more clearly when you pentested my buddy’s party February 2021 on behalf of whichever company you all deemed me a threat actor of

or

All the documented times I reached out to InfoSec to Network professionally or asking for clarity respectfully just like your book recommends people do. Eventually I just gave up trying to network according to your book’s recommendations and only engaged when poked at maliciously to request the social engineered harassment stop using and abusing me like BugBounty bait.

There was never a moment where any of you behaved like mature reasonable professionals and it was made clear in so many ways I wasn’t welcome as a peer, personally or professionally so I tried to stay away and go my own way but you still stalked, scraped, and bullied me into being bug bounty bait in unethical out of scope ways.

There is plenty of documentation to back up my version should it be needed.

GET WELL SOON, XOXO