The first time I came across John was on tik-tok and this video about hackers up at 3am being lonely which made me like the video, follow John and then troll through the rest of his videos.
Not only is he a very funny content creator but also the co-founder of hacking group ‘Sakura Samurai’.
> Sakura Samurai 桜の侍
Was founded on December 31st, 2020 as a one of a kind hacking group. In Japanese Culture, Sakura means “Cherry Blossom” and is the symbol of rebirth. The creation of this group is the rebirth of hacking culture.
Long are the days since Hacking is regarded as a criminal activity. Sakura Samurai believe in Honor, Trust, Community, and Responsibility.
Anyone can represent the ideals that Sakura Samurai stand for, but not everyone can be part of our group.
Lead as I lead, step as I step, but none of us will walk the same path. @SakuraSamuraii
John is most known for multiple CVE and Enterprise Security Research contributions. Jackson currently resides in Denver, Colorado. He spends much of his time hacking, but also enjoys reading, writing, and making music.
Jackson has contributed to the threat and vulnerability space, disclosing several pieces of cyber vulnerability research and assisting in resolution for the greater good. He continues to work on several projects and collaborates with other researchers to identify major cyber vulnerabilities. John is a champion for the Information Security Research space and believes that there should be better protection in place for hackers.
> Mr. Hacking 氏。ハッキング (John Jackson @johnjhacking) ===================================================
John Jackson is the Founder of Sakura Samurai. His nickname is Mr. Hacking, originally Buzzkill, he was inadvertantly given the nickname. Intially when he got his start as a hacker, he chose to go by “John J Hacking”.
On social media and elsewhere, his “hacking name” is known as @johnjhacking, which resulted in confused newcomers calling Jackson “Mr. Hacking”.
Ironically, the name stuck when Google also became confused about his nickname. Jackson is a rounded hacker, dabbling in all arts.
You are a cybersecurity professional, senior penetration tester application security engineer, author, hacking advocate, security researcher, bug bounty hunter, and the founder of the Hacking Group Sakura Samurai but how did you get started in hacking, I am assuming it was a pretty young age?
The presumption is that I always started hacking at a young age, I didn’t. I actually started hacking when I was 23 years old – so I found myself playing catch up.
I have been looking at every course I can, trying to do every guide and walkthrough server on TryHackMe, every course I can get my hands on but still struggle to decide on a specific “path” to follow (noticed during looking up stuff for this interview I already had your post ‘The Ultimate OSCP Preparation Guide, 2021’ as one of the bookmarks I already had), if you could go back and give yourself when starting out one piece of advice what would it be?
Make more friends early on. The worst possible thing you can do for yourself as a hacker is to attempt to be a lone wolf. You can compile a big guide of resources and consume them one-by-one or you can work on learning while your friends are constantly throwing challenges at you. I would recommend working with other hackers, you’ll get more exposure to realistic exploitation scenarios.
You are the founder of white hat hacking group Sakura Samurai, what made you want to start the group?
To be honest I wanted to join a hacking group, and then I joked about making my own hacking cult, kind of like Cult of the Dead Cow. It was a half-baked joke that I started to take seriously when I realized that there was a possibility of making a difference.
What as a group do you do specifically?
We hack anything and everything. Besides the obvious answer, we attempt to use legal hacks to garner media attention to show society that hacking isn’t innately ‘evil’ per se. We also share hacking knowledge among our small circle of friends, some that aren’t in the group, but are contingent to what we do.
Do you have people on a daily basis asking to join hahaha?
Not every day, sometimes every other day or every three days, but undoubtedly multiple times (if not more) a week.
I have been using PowerShell more and more in my day job and have always thought more about digging more into Python, I will definitely be learning more PowerShell through necessity and because I enjoy it but how important do you think Python is the learn for ethical hacking?
I think you should have a general understanding of most major programming languages. I have friends that won’t touch Python, and instead religiously live by Bash – it’s a matter of preference contrary to what you’re told, but you should at least learn how to read and understand code. There’s multiple ways to develop exploits across the different langs.
You have hacked Credit Karma, Upwork, TripAdvisor, Zynga, Telefonica, HealthifyMe, Jack Daniel’s to name just a few, is there one you are more proud of than the others?
Probably Jack Daniels. It was hilariously ironic to hack into the secret club that I’ve wanted to be part of for years. The entire situation was funny, and the business logic flaw I used to perform account takeover still exists. Oh, and they sent me a custom polo.
I see online you use Brave as a browser and startpage as your search engine. I’ve been using duckduck go and was wondering why you chose these specific ones?
Brave is built off of chrome, and I have always liked the feel of Google Chrome’s browser style. Their security team is amazing and responsive too, so I put a lot of trust in their willingness to fix bugs. I’ve built a relationship with Startpage over the last couple of years and I believe they are moving in the right direction, personal preference if you will.
What does the rest of 2021 and into 2022 hold for you and Sakura Samurai going forward?
Keep doing cult things with my cult friends. In all seriousness though, I can’t predict that. I find that the best hacks we’ve been involved in have sporadically popped off with a small lead that has ended up in something much bigger. Our plan is to keep pushing forward legal research to show the world that hackers are needed and that current legislation in place is dated.
I am always fascinated as to how someone chooses what to hack, do you use a platform like hackerone, I mean how do you choose where to target?
We don’t choose targets, they choose us. We all poke around at different things until someone has a lead. It’s not usual that we collaborate on Bug Bounty too often. Too many collaborators on paid bugs makes it worthless – but each one of us use different Bug Bounty Platforms, with our primary choice currently being Bugcrowd, and the occasional Hackerone when we stumble across a bug on an organization that uses Hackerone specifically. Most of our paid bugs are not the ones that the general public hears about though.
Johns Twitter = https://twitter.com/johnjhacking
Johns Instagram = https://instagram.com/johnjhacking
Johns TikTok = https://tiktok.com/@johnjhacking
Johns Website = https://johnjhacking.com/
Sakura Samurai Website = https://sakurasamurai.pro/
Sakura Samurai Twitter = https://twitter.com/SakuraSamuraii