Jon Bottarini
@jon_bottariniSecurity Stuff @Google - I post about bug bounties, infosec, and everything in between. This is a personal account. Formerly: @Hacker0x01
Similar User
@bbuerhaus
@fransrosen
@inhibitor181
@emgeekboy
@malcolmx0x
@Yassineaboukir
@0xacb
@ITSecurityguard
@0xteknogeek
@bogdantcaciuc7
@uraniumhacker
@MrTuxracer
@Th3G3nt3lman
@gwendallecoguic
@akita_zen
Just fully disclosed ~30 reports encompassing over two years of hacking on New Relic - hackerone.com/jon_bottarini - most of the reports are PrivEsc/IDOR but there are some business logic bugs in here as well. No recon here! Just getting really familiar with the application itself :)
1 Bug, $50K+ in bounties: how Zendesk left a backdoor in hundreds of companies #bugbountytips gist.github.com/hackermondev/6…
Hey this was my bug! Thanks to Doppa for digging in and writing such a detailed post + PoC!
Analyst CVE-2024-8698 on KeyCloak - huydoppa.hashnode.dev/analyst-cve-20…
New writeup from @_specters_ and I: we're finally allowed to disclose a vulnerability reported to Kia which would've allowed an attacker to remotely control almost all vehicles made after 2013 using only the license plate. Full disclosure: samcurry.net/hacking-kia
Nation state behavior but you only have $20 - Taking over the mobi TLD WHOIS server: labs.watchtowr.com/we-spent-20-to…
In April, @samwcyo and I discovered a way to bypass airport security via SQL injection in a database of crewmembers. Unfortunately, DHS ghosted us after we disclosed the issue, and the TSA attempted to cover up what we found. Here is our writeup: ian.sh/tsa
This... Just creates a WordPress user with the name "admin"... There is no vulnerability here. This could only be an issue if the site is configured to set every new user role as an Administrator but that would be exceedingly rare and it wouldn't matter what your username is.
Excited to share the inaugural blog post from the Android Offensive Security team - Featuring research on exploiting vulns in Android Binder from Gulshan Singh, @vxradius, and @abc_sup -androidoffsec.withgoogle.com/posts/attackin…
New writeup: "Hacking Millions of Modems (and Investigating Who Hacked My Modem)" samcurry.net/hacking-millio… Thanks for reading! Huge thanks to @blastbots, @bbuerhaus, @infosec_au, @d0nutptr, @iangcarroll, and everyone who reviewed the post beforehand.
My colleague @hash_kitten and I discovered a full-read SSRF vulnerability in Next.js (CVE-2024-34351). We published our research today on @assetnote's blog: assetnote.io/resources/rese…. Thank you to the Vercel team for a smooth disclosure process.
Enjoy our next blog post this time an SQL Injection on Apple’s Infra. Another win nets us a $25,000 bounty! 💻💰 #AppleSecurity #Research #bugbountytips #bugbounty blog.projectdiscovery.io/hacking-apple-…
Check out our latest research blog, including detailed overview of how we discovered an SQL injection vulnerability (+ nuclei template) in Masa/Mura CMS and Hacked into Apple's Infrastructure. blog.projectdiscovery.io/hacking-apple-… #AppleSecurity #Research #CyberSecuirty #BugBounty
This is a very clever phishing attempt… read the whole thread!
holy shit i almost got my steam hacked my friend asked me to vote for his friends on some website - they were in second place and just needed 3 more votes but to vote, you had to log in with steam!
Today we disclosed serious security issues our team discovered in over three million hotel locks that could allow anyone to create master keys. We’ve been working on this for almost two years to ensure it’s fixed responsibly. Thanks to Andy for the great coverage!
Security researchers found flaws in Saflok hotel keycard locks, used on 3 million doors in 13,000 properties worldwide, that can be used to open them in seconds. The lockmaker Dormakaba has been working on a fix but told them only 36% of locks are updated. wired.com/story/saflok-h…
From the @WyzeCam security incident: "As a result of increased demand, <the caching library> mixed up device ID and user ID mapping and connected some data to incorrect accounts." I'm intrigued! Wish there were more technical details around this point. forums.wyze.com/t/update-on-in…
There are people actively impersonating me reaching out to friends / colleagues asking bizarre questions. I have not changed my phone number, if you get a weird message from someone pretending to be me from a new phone number please don't respond or give them any info.
Forging signed commits on GitHub ($10k bug) iter.ca/post/gh-sig-pw… (Credit goes to @_smitop)
United States Trends
- 1. #UFC309 57,8 B posts
- 2. #MissUniverse 145 B posts
- 3. Brian Kelly 9.502 posts
- 4. Mac Miller N/A
- 5. Beck 15 B posts
- 6. Jim Miller 5.788 posts
- 7. #AEWCollision 11,9 B posts
- 8. Feds 37,4 B posts
- 9. Mizzou 6.912 posts
- 10. Nebraska 12,5 B posts
- 11. Romero 18,2 B posts
- 12. Onama 2.800 posts
- 13. Tennessee 40,6 B posts
- 14. Wisconsin 45,3 B posts
- 15. Gators 11,5 B posts
- 16. Louisville 7.329 posts
- 17. Dinamarca 9.309 posts
- 18. Dalton Knecht 3.299 posts
- 19. #LAMH N/A
- 20. #Svengoolie 2.228 posts
Who to follow
-
Brett Buerhaus
@bbuerhaus -
Frans Rosén
@fransrosen -
Cosmin
@inhibitor181 -
Geekboy
@emgeekboy -
mohammed eldeeb
@malcolmx0x -
Yassine Aboukir 🐐
@Yassineaboukir -
André Baptista
@0xacb -
Patrik Fehrenbach
@ITSecurityguard -
Joel Margolis (teknogeek)
@0xteknogeek -
Bogdan Tcaciuc
@bogdantcaciuc7 -
Uranium238
@uraniumhacker -
Julien | MrTuxracer 🇪🇺
@MrTuxracer -
Th3g3nt3lman
@Th3G3nt3lman -
Gwendal Le Coguic
@gwendallecoguic -
Akita ZeN 🇦🇷
@akita_zen
Something went wrong.
Something went wrong.