Ashton Vaughan AV

Brisbane, Australia · UTC+10

Ashton Vaughan

Cybersecurity student & bug bounty hunter

I'm an 18-year-old cybersecurity student at QUT in Brisbane, Australia. I hunt vulnerabilities on HackerOne and Bugcrowd as @ashtonvaughan, reporting through coordinated disclosure. My focus is authentication, access control, and business-logic flaws in web applications and APIs. Alongside the hunting, I publish technical writeups and build independent projects.

Read writeups About me
Status
Hunting
Focus
Auth · Access control
Research
300+ findings · 95+ programs
Handle
@ashtonvaughan

Latest writeup

Exposing the whole Montoya API: driving Burp Suite from an AI agent

3 min

TOOLING · AI · SECURITY

Featured project

burp-mcp-ultimate

A Burp Suite extension that exposes the entire Montoya API as an MCP server, so an AI agent can actually drive a hunt instead of just summarising proxy history.

View project

Elsewhere

Focus

What I look for

How I move through a target, recon to logic.

RECON AUTH FLOWS ACCESS CONTROL BUSINESS LOGIC

01 / RECON

Map the real attack surface: subdomains, JS bundles, exposed config, and the endpoints the UI never shows.

Writeups

Recent research

All writeups

Disclosure

Coordinated disclosure

The lifecycle of the reports I file, redacted where a program's terms require it.

  1. ████████.com NDA
    high IDOR
    1. reported
    2. triaged
    3. resolved
    4. disclosed
  2. [PRIVATE PROGRAM] NDA
    medium
    1. reported
    2. triaged
    3. resolved
    4. disclosed
  3. ██████████.io NDA
    critical SSRF
    1. reported
    2. triaged
    3. resolved
    4. disclosed
  4. [PRIVATE PROGRAM] NDA
    race condition
    1. reported
    2. triaged
    3. resolved
    4. disclosed
  5. ████████.com NDA
    high access control
    1. reported
    2. triaged
    3. resolved
    4. disclosed

Projects

Tools and experiments

All projects

active 2026

burp-mcp-ultimate

A Burp Suite extension that exposes the entire Montoya API as an MCP server, so an AI agent can actually drive a hunt instead of just summarising proxy history.

Kotlin · Montoya API · MCP · JDK 21

active 2026

AgentBrowser

A browser runtime built for AI agents instead of retrofitted from one: an API that speaks goals, a real visible cursor, per-site memory, and a replayable audit trail.

TypeScript · Playwright · CDP · MCP

active 2026

ProjectTriage

An autonomous, hypothesis-driven pentesting agent that hunts like a researcher rather than a scanner: reasoning modules and scaffolding over a large tool surface.

Python · LLM agents · MCP

Contact

Get in touch

Questions about a finding, a writeup, or a program I have reported to: email is the fastest way to reach me.

Read writeups GitHub Email
/.well-known/security.txt 
# security.txt for ashtonvaughan.com (RFC 9116)
# PLACEHOLDER: edit the PGP fingerprint below to match the real key.
# PGP fingerprint: 0000 0000 0000 0000 0000  0000 0000 0000 0000 0000

Contact: mailto:security@ashtonvaughan.com
Encryption: https://ashtonvaughan.com/pgp.asc
Preferred-Languages: en
Canonical: https://ashtonvaughan.com/.well-known/security.txt
Expires: 2027-06-12T00:00:00.000Z