Contact

• Twitter: https://twitter.com/bbuerhaus
• LinkedIn: https://www.linkedin.com/in/bbuerhaus/
• Email: brett@buer.haus

Resume

Brett Buerhaus Resume - May 2023.

Press

• Researchers Used a Sirius XM Bug to Easily Hijack a Bunch of Different Cars
  Lucas Ropek, November 30, 2022 (gizmodo.com)
• Researchers Secure Bug Bounty Payout to Help Raise Funds for Infant’s Surgery
  Lorenzo Franceschi-Bicchierai, April 26, 2021 (vice.com)
• A group of hackers won $288,500 from Apple for telling the company about 55 bugs, including one that would've let an attacker steal someone's iCloud photos
  Aaron Holmes, October 9, 2020 (businessinsider.com)
• Apple pays $288,000 to white-hat hackers who had run of company’s network
  Dan Goodin, October 8, 2020 (arstechnica.com)
• Where are Canada's white hat hackers? While U.S. ramps up 'bug bounty' cyber-defence programs, Trudeau government demurs
  Stuart Thomson, June 5, 2018 (nationalpost.com)
• The Two-Month Hunt To Beat A Puzzle Game And Win $9,000
  Nathan Grayson, April 26, 2018 (kotaku.com) (An article on my crypto team solving the Montecrypto puzzle game)
• HackerOne Hacker Interviews: @ziot
  HackerOne, February 16, 2018 (hackerone.com)
• Air Force Pays Pair of Hackers Over $10K for Uncovering Website Bug
  Denisse Rauda, December 20, 2017 (military.com)
• Hacking the U.S. Air Force (again) from a New York City subway station
  HackerOne, December 18, 2017 (hackerone.com)
• Air Force Hackers Earn Biggest Government Bug Bounty Ever
  Kate Conger, December 18, 2017 (gizmodo.com)
• Researcher Gets $5,000 for XSS Flaw in Google Apps Admin Console
  Eduard Kovacs, January 21, 2015 (securityweek.com)
• As 0days get meaner, Google defenses increasingly outpace Microsoft
  Dan Goodin, January 22, 2015 (arstechnica.com)
• Google Apps Flaw Allowed Hacker to Hijack Account and Disable Two-factor Authentication
  Wang Wei, January 23, 2015 (thehackernews.com)

CVEs

Some CVEs from my security research:

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27651
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17400

Most Valuable Hacker at HackerOne's H1-212 - Hack the Airfoce 2.0 (2017)

I won the Most Valuable Hacker (MVH) and Exterminator award for the best vulnerability reported at the HackerOne Hack the Airforce 2.0 event in New York City

• https://twitter.com/Hacker0x01/status/958755523293270017

DEFCON 24 Uber Badge Winner

My team "Council of 9"​ won LosT's badge challenge at DEFCON 24.

• http://co9.io/post/148716614744/defcon-24-badge-challenge

DEFCON 23 Uber Badge Winner

My team "Council of 9"​ won LosT's badge challenge contest at DEFCON 23.

• http://potatohatsecurity.tumblr.com/post/126411303994/defcon-23-badge-challenge

Security Bounties

• HackerOne Top 25 (2018)
• Bugcrowd Top 20 (2016)
• Google Hall of Fame
• Facebook Hall of Fame
• Valve Hall of Fame
• Twitter Hall of Fame
• Yahoo Hall of Fame
• Paypal/Magento Hall of Fame
• Ebay Hall of Fame