About
I'm Ashton Vaughan, an 18-year-old cybersecurity student at the Queensland University of Technology in Brisbane, Australia. Most of my practical work happens outside the classroom, in bug bounty programs and independent projects.
I hunt vulnerabilities on HackerOne and Bugcrowd as @ashtonvaughan, where I've documented 300+ findings across 95+ programs as independent security research. They cluster around a few areas: authentication and session handling, access control and multi-tenancy, and business-logic flaws in web applications and APIs. I report through coordinated disclosure and only test what a program puts in scope. One of those reports, to KOHO's HackerOne program, was triaged, resolved, and awarded a bounty.
Right now I'm getting deeper at the same things: the authentication and authorization layers where a small implementation gap turns into account takeover, and writing up the techniques behind the work. I build tooling along the way when a hunt needs something that doesn't exist yet.
Skills & tooling
- Python · JavaScript / TypeScript · Bash
- nuclei · httpx · subfinder · ffuf · curl · Chrome DevTools
- Authentication & sessions · Access control & multi-tenancy · Business logic · API security
- Deepening auth & access-control testing; building hunting tooling
Contact
Email is the fastest way to reach me. You can also find me on HackerOne and Bugcrowd as @ashtonvaughan, on GitHub, and on LinkedIn.