@jon_bottarini profile picture
Jon Bottarini @jon_bottarini

Product Manager @ Google. I post about bug bounties, infosec, and everything in between. This is a personal account. Formerly: @Hacker0x01

Joined September 2012
  • Tweets 1,499
  • Following 755
  • Followers 12,634
115 Photos and videos
Pinned Tweet
Jon Bottarini@jon_bottarini
4 Sep 2020
Just fully disclosed ~30 reports encompassing over two years of hacking on New Relic - hackerone.com/jon_bottarini - most of the reports are PrivEsc/IDOR but there are some business logic bugs in here as well. No recon here! Just getting really familiar with the application itself :)

HackerOne profile - jon_bottarini

I ❤️ privilege escalation - https://www.jonbottarini.com

hackerone.com
19
166
596
Jon Bottarini retweeted
skull
@brutecat
Jun 11
Hacking Google with A.I. for $500,000 brutecat.com/r/hacking-googl…

Hacking Google with A.I. for $500,000

What happens when you unleash an AI across all of Google's infrastructure? 1,500 APIs, 3,600 keys, and $500,000 in bounties later, here's what I found.

brutecat.com
59
501
2,465
325,502
Jon Bottarini retweeted
Patrik Grobshäuser@ITSecurityguard
6 Dec 2025
Vercel's (@vercel) bug bounty program is now live on HackerOne—up to $50k for finding WAF bypasses 👀 hackerone.com/vercel_platfor…
Guillermo Rauch
@rauchg
5 Dec 2025
Replying to @infosec_au @assetnote
DM’d you. You have a working repro for bypassing Cloudflare but not Vercel. Would love to correct the record or see the evidence.
5
17
252
48,465
Jon Bottarini retweeted
Dirk-jan@_dirkjan
17 Sep 2025
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-global…

One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens

While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise...

dirkjanm.io
138
903
3,186
475,304
Jon Bottarini retweeted
Awais Nazeer@awais0x1
3 Sep 2025
Facebook Messenger Remote code execution Worth a $111,750 Video Poc Here: youtube.com/watch?v=wvywPUdT… Report: vulnano.com/2025/09/remote-c… @Google @intigriti
2
80
488
28,157
Jon Bottarini retweeted
James Kettle
@albinowax
6 Aug 2025
The whitepaper is live! Learn how to win the HTTP desync endgame... and why HTTP/1.1 needs to die: http1mustdie.com/

HTTP/1.1 Must Die

Upstream HTTP/1.1 is inherently insecure, and routinely exposes millions of websites to hostile takeover. Join the mission to kill HTTP/1.1 now

http1mustdie.com
19
241
749
86,378
Jon Bottarini retweeted
xEHLE
@xEHLE_
7 Jul 2025
New writeup: Early last month, @samwcyo, @sshell_, and I found a Django ORM injection in an online shooter game that let us steal cryptocurrency from the game's wallet. Read the blog post here: blog.p1.gs/writeup/2025/07/0…

Exploiting an ORM Injection to Steal Cryptocurrency from an Online Shooter

blog writeup

blog.p1.gs
36
77
267
19,967
Jon Bottarini retweeted
skull
@brutecat
9 Jun 2025
Leaking the phone number of any Google user brutecat.com/articles/leakin…

Leaking the phone number of any Google user

From rate limits to no limits: How IPv6's massive address space and a crafty botguard bypass left every Google user's phone number vulnerable

brutecat.com
124
180
976
81,632
Entire confession is absolutely wild. Talk about an insider threat risk...
Parker Conrad
@parkerconrad
2 Apr 2025
Deel CEO and company founder @Bouazizalex personally orchestrated his company’s alleged spy scheme, the spy said in a full confession Alex allegedly recruited the spy, received the stolen info, and arranged payment via a person known only by their pseudonym: “The Watchman”
2
1,061
Jon Bottarini retweeted
skull
@brutecat
13 Mar 2025
Disclosing YouTube Creator emails via Content ID for $20,000 brutecat.com/articles/youtub…

Disclosing YouTube Creator Emails for a $20k Bounty

From creator privacy to phishing paradise: How a secret parameter could have exposed the private email addresses of monetized YouTube channels

brutecat.com
11
66
383
23,808
Jon Bottarini retweeted
skull
@brutecat
12 Feb 2025
Leaking the email of any YouTube user for $10,000 brutecat.com/articles/leakin…

Leaking the email of any YouTube user for $10,000

What could've been the largest data breach in the world - an attack chain on Google services to leak the email address of any YouTube channel

brutecat.com
20
142
875
63,733
Jon Bottarini retweeted
Sam Curry
@samwcyo
23 Jan 2025
New blog post with @infosec_au: We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely. The issue was reported and patched. Full post here: samcurry.net/hacking-subaru

Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel

On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK admin panel that gave us unrestricted access to all vehicles and customer accounts in the United...

samcurry.net
47
312
1,027
118,252
Jon Bottarini retweeted
daniel@hackermondev
11 Oct 2024
1 Bug, $50K in bounties: how Zendesk left a backdoor in hundreds of companies #bugbountytips gist.github.com/hackermondev…

1 bug, $50,000 in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500...

1 bug, $50,000 in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies - zendesk.md

gist.github.com
74
336
1,326
2,022,546
Jon Bottarini retweeted
Tanner@itscachemoney
11 Oct 2024
Hey this was my bug! Thanks to Doppa for digging in and writing such a detailed post PoC!
blueblue@piedpiper1616
10 Oct 2024
Analyst CVE-2024-8698 on KeyCloak - huydoppa.hashnode.dev/analys…
2
16
4,493
Jon Bottarini retweeted
Simone Margaritelli
@evilsocket
26 Sep 2024
Attacking UNIX Systems via CUPS, Part I evilsocket.net/2024/09/26/At…

Attacking UNIX Systems via CUPS, Part I | evilsocket

Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Lin…

evilsocket.net
175
1,119
3,612
1,059,725
Jon Bottarini retweeted
cts🌸
@gf_256
26 Sep 2024
Seems like it's in CUPS. GL;HF github.com/OpenPrinting/cups…

Review locking/multi-threading implementation · Issue #36 · OpenPrinting/cups-browsed

According to @evilsocket, cups-browsed can be held up for an extended period of time: The lock acquired here doesn't get unlocked until the IPP server has responded. A malicious IPP server can ...

github.com
cts🌸
@gf_256
24 Sep 2024
Alright yall who's ready for Eternalblue: Linux Edition, dropping October 6?
10
34
448
263,541
Jon Bottarini retweeted
Sam Curry
@samwcyo
26 Sep 2024
New writeup from @_specters_ and I: we're finally allowed to disclose a vulnerability reported to Kia which would've allowed an attacker to remotely control almost all vehicles made after 2013 using only the license plate. Full disclosure: samcurry.net/hacking-kia
1:55
86
973
3,545
344,286
Nation state behavior but you only have $20 - Taking over the mobi TLD WHOIS server: labs.watchtowr.com/we-spent-…

We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI

Welcome back to another watchTowr Labs blog. Brace yourselves, this is one of our most astounding discoveries. Summary What started out as a bit of fun between colleagues while avoiding the Vegas...

labs.watchtowr.com
9
52
4,003
Jon Bottarini retweeted
Ian Carroll
@iangcarroll
29 Aug 2024
In April, @samwcyo and I discovered a way to bypass airport security via SQL injection in a database of crewmembers. Unfortunately, DHS ghosted us after we disclosed the issue, and the TSA attempted to cover up what we found. Here is our writeup: ian.sh/tsa

Bypassing airport security via SQL injection

We discovered a serious vulnerability in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs used by the Transportation Security Administration.

ian.sh
51
624
2,201
188,598
Absolutely massive $500k bounty just awarded by @coinbase to @CertiKSkyfall - wow!
16
31
515
41,706
This... Just creates a WordPress user with the name "admin"... There is no vulnerability here. This could only be an issue if the site is configured to set every new user role as an Administrator but that would be exceedingly rare and it wouldn't matter what your username is.
This tweet is unavailable
2
1
33
7,010
Load more