Dharineesh Goldberg, also known as Hack-Bat, has been inducted into the NASA Hall of Fame after finding critical vulnerabilities on their platform.
After starting off with Google Dorking, a technique of using specific search terms to find misconfigurations and vulnerabilities, Goldberg found nothing of note and spent five consecutive submissions being rejected by NASA’s bug bounty programme.
He then found a fresh CVE (CVE-2025-4123), a vulnerability in the Grafana analytics application that is used by NASA which could lead to account takeover; the difficulty then lay in finding an exposed instance of Grafana, which Goldberg managed through a lengthy subdomain hunt using a variety of different tools.
After finally finding a suspicious-looking Grafana panel, Goldberg was able to successfully exploit the vulnerability and earned a place in NASA’s hall of fame.
The key lessons, according to Goldberg, are to mix and match techniques, always be timely, analyse rejections and adjust approaches, and to fully document the process along the way.