• Press

    Bug hunter wins 'Researcher of the Month' award for DOD account takeover bug: ZDnet

    John was asked to provide perspective on a Bug Bounty Report in which a Security Researcher managed to abuse an IDOR vulnerability to escalate to a full Account Takeover.

    Chrome changes how its cache system works to improve privacy: ZDNet

    Chrome 86 introduced new privacy-focused "cache partitioning" mechanism. Catalin reached out to John to discuss the detrimental security effects of unified partitioning.

    Privacy in Action: John Jackson, Cybersecurity Expert & Author

    John was interviewed by Startpage and was asked a multitude of questions regarding his privacy stance, favorite tools, and view on data overall.

    Report: Researchers Find 'Backdoor' Security Flaw in TCL Smart TVs

    John was featured in PCMag's article that reported on the TCL Vulnerability research that he helped conduct. In addition to PCMag, the TCL Research was featured in Tech Times, Tom's Guide, Slashdot, Hackaday and a multitude of International Articles.

    Talkspace threatened to sue a security researcher over a bug report: TechCrunch

    John noted a Business Logic Flaw in May of 2020 that allowed premium Talkspace Therapy Subscriptions to be acquired, for free. Upon reporting and evaluation of the situation, he was served a Cease and Desist letter.

    Twitter warns of possible API keys leak: ZDNet

    It was discovered that incorrect server settings on the Twitter Developer portal led to browsers caching API keys, account access token and secret. John's perspective on the caching vulnerability was featured in the article.

    Undisclosed Apache Velocity XSS vulnerability impacts GOV sites

    John helped helped Jackson Henry achieve disclosure on the Apache XSS that Henry identified.

    United Nations data breach exposed over 100k UNEP staff records

    John worked with his team, Sakura Samurai to find and report a Data Breach of the UNEP.

    Vulnerable NPM security module allowed attackers to bypass SSRF defenses

    John identified a vulnerability affecting the npm private-ip package, assigned CVE-2020-28360. Portswigger decided to report on the severity of the vulnerability after covered in The Security Ledger by Paul Roberts.

    While Twitter was buzzing about a fake Parler data leak, a hacker says he actually breached some user data from the conservative social network

    John assisted the Founder of Anonymous (Aubrey Cottle) in validating that Political Media, one of Parler's vendors, had suffered a Data Breach - exposing some of Parler's data including at least a dozen of other Companies.

  • Guest Speaking

    CSNP: Episode #6

    In this episode we meet John Jackson, Application Security Engineer at Shutterstock. Topics discussed include the OSCP, why “Hacking is Not a Crime,” John’s transition from the Marine Corps to what ultimately became a career in offensive cyber security, and how others can embrace the learning journey to achieve similar ambitions.

    Hacking Into Security: Episode #31

    John never thought he would have a career sitting at a computer, let alone in cybersecurity. We walk through John's journey from being a Petroleum Engineer in the United States Marine Corps to eventually working in application security, penetration testing, security research and bug bounties.

    Hacking is NOT a Crime: #HackerStories Feature

    John was requested by Hacking Is NOT a Crime to present his experience disclosing a vulnerability to Talkspace for the HackerStories Video Series. He described his experiences during public disclosure, and some of the challenges that he had faced. John gives the viewers perspective into some of the issues that Security Researchers regularly have to mitigate.

    OWASP Georgetown, 2020

    An invitation was extended to John to speak in-front of the Georgetown, TX chapter of OWASP. He discussed some of the issues that occur in Bug Bounty Program Management and talked about the book that he is releasing with Wiley.

  • Honors & Achievements

    Hacking is NOT a Crime: Advocate

    John was invited to be an Advocate for HINAC after publicly addressing concerns with a major media outlet allowing a journalist to use the word "hacker" to describe cyber-crime. Hacking is NOT a Crime is a non-profit organization seeking to raise awareness about the pejorative use of the terms "hacker" and "hacking" throughout the media and popular culture. Specifically, the negative connotation in which the terms are so often associated. Hackers are often vilified and portrayed as evil, menacing, and even threatening individuals.

    Third Place: Cyber Hacktics/CyberUp Hacktober CTF Hacking Competition, 2020

    3rd place out of 1062 teams. Challenges addressed a wide range of topics including: Cryptography, Steganography, Traffic Analysis, Exploitation, OSINT, Programming, SQL

    Top Ten: CyberUp NCSAM CTF Hacking Competition, 2019

    8th place out of 59 teams Challenges addressed a wide range of topics including: Exploitation, Reverse Engineering, Cryptography, Stenography, Forensics, Memory Analysis, Registry Analysis, Password Cracking

    United States Marine

    In October of 2012, John successfully graduated Marine Corps Recruit Training at MCRD Parris Island, with his platoon: 2nd Battalion, Hotel Company, Platoon 2085. He earned the title of "United States Marine" after three long months of rigorous training.

  • Publications

    Bug Bounty Program Book

    Currently in process of writing a book for Wiley. Stay tuned!

    The Privacy Glass House Mentality

    John was invited to write a guest article for Startpage. In this article, John talks about the importance of identifying privacy as an 'essential' and not a 'futile' effort.