Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
837,323 coordinated disclosures
468,298 fixed vulnerabilities
1278 bug bounties with 2,437 websites
21,731 researchers, 1281 honor badges

geeknikTop-50 VIP Open Redirect Reporter Top Security Researcher of the Month Top VIP Security Researcher of the Month | Security Researcher Profile


Security researcher geeknik has already helped fix 10056 vulnerabilities.



Researcher reputation:  430

Real name:
Brian Carpenter

About me:
Geeknik Labs is a security research lab operating from Oklahoma since 1999. Our primary mission is to make the Internet safer for everyone around the world. We believe that all technology contains flaws and that the public plays a crucial role in identifying these flaws. Our research into open source software alone has helped better secure the likes of OpenSSL, Firefox, PHP, Perl, libxml2, libpng, tcpdump, libcurl, and more, resulting in almost 200 security advisories since 2016.

How to contact me:
Please email our principal researcher, Brian Carpenter, at [email protected]

All communications will be kept private.

Alternative Contacts:
https://geeknik-labs.com/

Certifications & Diplomas:
High school graduates and college dropouts.

Experience in Application Security
over 5 years

Award / Bug Bounty I prefer:
If you're feeling generous:

amazon gift cards, paypal, cash app, cryptocurrency

Halls of Fame:
https://hackerone.com/geeknik
https://bugcrowd.com/geeknik
https://www.intigriti.com/researcher/profile/geeknik
https://cs.detectify.com/profile/geeknik

Follow me on:
Twitter

Recommendations and Acknowledgements | Full List:

@avulatharun5531     18 July, 2020
    Twitter avulatharun5531 @avulatharun5531 :
I am really big fan of you bro. You are my inspiration
@KenDennis     3 April, 2020
    Twitter KenDennis Ken from KDTS:
Brian helped to identify an XSS Vuln on a client's wordpress implementation and was quick and helpful to respond to our query. With his notes, we were able to quickly mitigate this issue and we appreciate his help and professionalism.
@phistrom     2 March, 2020
    Twitter phistrom Phillip from The Stromberg Group:
Really appreciate your help identifying an XSS exploit on our website. Your responsible disclosure and example URL allowed us to immediately find and correct the problem. Thank you for helping us keep the internet safe.
@reinisroz     26 February, 2020
    Twitter reinisroz Reinis Rozenbergs from Orion:
Our product was made long time ago and quite a lot of issues has not been addressed. Thanks for pointing out the problem! Means a lot!
@eingemaischt     31 January, 2020
    Twitter eingemaischt Philipp from imi:
Thank you for reporting a XSS vulnerability on our portal. We were able to reproduce and fix it within 2 days.
@uwatmosscicomp1     22 January, 2020
    Twitter uwatmosscicomp1 David Warren from University of Washington:
Thanks for reporting our security problem. You were very helpful in finding, and fixing it.
@digiguide     12 January, 2020
    Twitter digiguide Dan from Digiguide.tv:
Thank you so much for your report; it was wonderful to get an email responsibly informing us of an issue which we fixed within a few hours of receiving notification. We are very grateful to you, thanks!
@karim_ouda     11 January, 2020
    Twitter karim_ouda Karim from QuranAnalysis:
Thanks geeknik for your report, in addition to fixing the vulnerability I learned something new as well
@nickwest     3 December, 2019
    Twitter nickwest Nick West from University of Washington Information School:
Brian responded to my request for details very quickly and was nothing but professional. He shared details that allowed us to quickly fix the issue the geeknik team discovered. Really great talking with him and appreciate the work!
@nickwest     3 December, 2019
    Twitter nickwest Nick West from University of Washington Information School:
Brian responded very quickly with detailed information that allowed us to quickly fix the exploit that the folks at Geeknik Labs discovered. Perfectly professional and a complete pleasure to communicate with.
@Kol_Fish     2 December, 2019
    Twitter Kol_Fish Kolby from Undisclosed:
Brian was a pleasure to work with. Due to his concise, well explained report of a misconfiguration on my site, I was able to quickly patch the site, and rotate the exposed credentials.

Brian was prompt in responding to my requests for additional information, allowing me to determine the scope of the leaked information and who may have accessed it. He is definitely a top tier security researcher.

Thanks a ton!
@notinhalloffame     26 November, 2019
    Twitter notinhalloffame Theodore from NotinHallofFame:
Thanks for the report, and working with me to recreate it on my end so I could patch it properly.
@themattrauch     7 November, 2019
    Twitter themattrauch Matt from eagle.ca:
Brian spotted a misconfiguration on one of our websites that would leak information that could be used maliciously. Brian explained the issue clearly and concisely and was excellent at explaining what needed to be done to resolve the issue. Thank you Brian, excellent work!
@NewLineHorizon1     3 August, 2019
    Twitter NewLineHorizon1 Melisa from NewLineHorizon:
Dear,

Thanks for participating in responsible disclosure program.
The reports you submitted were extremely helpful to our team and provided us the details we needed to resolve the issues that you identified.
We are deeply committed to provide a safe and secure experience to our users and are therefore grateful for your efforts to help us improve our services.

Best Regards!
@ToonPlanet     26 July, 2019
    Twitter ToonPlanet Young J. from Behr Paint:
Thanks for the report of the security research. This helped to find and fix the problem.
@twoucan     1 July, 2019
    Twitter twoucan Twoucan Support from Twoucan:
In your report, I was able to fix the vulnerability due to misconfiguration.
Thank you.
@RMV1983     27 June, 2019
    Twitter RMV1983 Michael from eduvdom:
Thanks for the report of the security research. This helped to find and fix the problem.
@wirismath     14 May, 2019
    Twitter wirismath Sonia Gago from WIRIS MATH:
Hello, @geeknik! We want to thank you for your vulnerabity report. Thanks to your information and collaboration, we could fix a security issue in one of our websites. Great job!
@mardigr     9 April, 2019
    Twitter mardigr Mardi from Higher Education:
Brian notified us responsibly in relation to an issue with one of our websites. Upon seeking further information, his response was prompt and thorough. I see one if his goals is to 'to help make the Internet safer for everyone, near and far'. He is certainly doing this, thank you Brian!
@tropicaljeremy     5 April, 2019
    Twitter tropicaljeremy Jeremy C from Montessori Services:
Brian notified us of a vulnerability, responding immediately via email with further details, so we could remedy it. Professional and clear communication. No expectation of payment. He's one of the GOOD guys!
@jleproust     25 March, 2019
    Twitter jleproust Julien L from Diwi:
Brian has responsibly reported a misconfiguration on one of my servers that could have led to sensitive information disclosure. He clearly and quickly explained the issue and its potential implications, and made it clear he did not expect anything for this.

Brian is a true internet hero, we need more people like Geeknik. Thanks a lot for making the internet safer.

Please login via Twitter to add a recommendation

Honor Badges


Number of Secured Websites

10+ Secured Websites Badge
50+ Secured Websites Badge
500+ Secured Websites Badge
Web Security Veteran Badge
10+ Websites
50+ Websites
500+ Websites
WEB SECURITY VETERAN
1000+ Websites

Advanced Security Research

WAF Bypasser Badge
CSRF Master Badge
AppSec Logic Master Badge
Fastest Fix Badge
WAF Bypasser
CSRF Master
30+ Reports
AppSec Logic Master
30+ Reports
Fastest Fix
Fix in 24 hours

Outstanding Achievements

Secured OBB Badge
OBB Advocate Badge
Improved OBB Badge
Secured OBB
OBB Advocate
Improved OBB

Commitment to Remediate and Patch

Patch Master Badge
Patch Guru Badge
Patch Lord Badge
Patch Master
55% Patched
Patch Guru
65% Patched
Patch Lord
75% Patched

Recommendations and Recognition

REPUTABLE Badge
FAMOUS Badge
GLOBALLY TRUSTED Badge
REPUTABLE
10+ Recommends
FAMOUS
25+ Recommends
GLOBALLY TRUSTED
50+ Recommends

Distinguished Blog Author

Distinguished Blog Author Badge
Distinguished Blog Author Badge
Distinguished Blog Author Badge
1 Post
3 Posts
5+ Posts

Research Statistics



Total reports:40340
Total reports on VIP sites:1155
Total patched vulnerabilities:10056
Total vulnerabilities on Hold (Open Bug Bounty):484
Recommendations received:21
Active since:14.07.2015
Top Security Researcher Awards:Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month
Top VIP Security Researcher Awards: Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week

Open Bug Bounty Certificate


Researcher Certificate

Reported Vulnerabilities

All Submissions VIP SubmissionsFeatured Submissions

  Latest Patched

 08.03.2021 zonenet.me
 08.03.2021 zootemplate.com
 08.03.2021 meteociel.fr
 08.03.2021 shipmonk.com
 08.03.2021 nikq.nothing.sh
 08.03.2021 imprint5.com
 08.03.2021 viva.ro
 08.03.2021 xsky.me
 07.03.2021 steersearch.com

  Latest Blog Posts

10.02.2021 by Renzi25031469
Sysadminotaur nº88
10.02.2021 by Open Bug Bounty
Higher Submissions Quality Standard
25.12.2020 by _Y000_
How to bypass mod_security (WAF)
10.12.2020 by _Y000_
sql injection to bypass Mod_Security
10.12.2020 by _Y000_
Create encoded sql payloads

  Recent Recommendations

@_mrjd0g_     4 March, 2021
    Twitter _mrjd0g_:
Thank you for the report and responding so quickly to our request for more information, it helped us track the issue down and fix it. Appreciate the work you do.
@_lhordd     3 March, 2021
    Twitter _lhordd:
Thanks for helping me with the flaws in my site. The best work i’ve ever seen.
@_Kkommi     3 March, 2021
    Twitter _Kkommi:
Thanks for reporting xss in my site.
@_Kkommi     3 March, 2021
    Twitter _Kkommi:
Thanks
@CERT_rlp     1 March, 2021
    Twitter CERT_rlp:
The team of CERT-rlp would like to thank Cyber_India for a responsible and coordinated disclosure of vulnerabilities.