I was amongst top 5 bounty hunters in MS Q4 2018: https://blogs.technet.microsoft.com/msrc/2018/07/26/recognizing-q4-top-5-bounty-hunters/
Although I am not doing active bug bounty hunting at the moment, this was a great experience. I got this prize because of reporting two RCEs in SharePoint Online.
One of the RCEs was patched in MS July 2018 patch (CVE-2018-8284) and this was an interesting screenshot:
July2018 MS patch (https://t.co/9kY0AVkI4O) is very important for SharePoint. Not talking about CVE-2018-8300 btw. A low priv authenticated user could exploit it. See the novel way of contacting me upon a rev shell attempt by @MSwannMSFT – CCed @msftsecresponse @NCCGroupInfosec pic.twitter.com/2G6NA1G6X4
— Soroush Dalili (@irsdl) July 19, 2018
I did not get any prize for CVE-2018-8300 which was another RCE in SharePoint using the resource files (the issue was similar to a bug reported in another MS project that I was part of its paid engagement).