Sebastian Neef

@[email protected]
58 Followers
100 Following
15 Posts

PhD Candidate & Freelancer. WhiteHat. Bughunter. CTFs @enoflag

Blogs: blog.gehaxelt.in, 0day.work, blogbasis.net and internetwache.org

PhD Candidatehttps://sebastian-neef.de
Bloghttps://blog.gehaxelt.in
Freelance Workhttps://it-solutions-neef.de
Sebastian NeefJan 6
Show threadAnneDec 12

Special thanks to @gehaxelt, who is the co-author of the paper that is based on his previous work on identifying #SSHFP misconfigurations, and Peter Mayer. Also many thanks to the organizers and the great audience at #ACSAC for an overall great conference!

🔗 full paper can be read here: https://publikationen.bibliothek.kit.edu/1000186330

@kitcybersec @SECUSO_Research @kastel @KIT_Karlsruhe

Sebastian NeefOct 15
SECUSO ResearchOct 15
The #paper “Fix It - If you Can! Towards Understanding the Impact of Tool Support and Domain Owners’ Reactions to SSHFP Misconfigurations" by Anne Hennig, Sebastian Neef, and Peter Mayer has been accepted for presentation at the @ACSAC_Conf! The paper sent notifications to domain owners with misconfigured #SSHFP records, investigating the effect of tool support. While the sender of the #notification itself has no effect, the results suggest that tool support might increase remediation when the sender of the notification is different than the institution providing the tool. By analyzing domain owners’ responses to the authors' notification, multiple reasons for non-remediation were identified, supporting the argument that remediation rate should not be considered a success measure for a notification campaign but instead individual challenges faced by domain owners should be taken into account. ACSAC will take place December 8 to 12, 2025, in Honolulu, Hawaii, USA: https://www.acsac.org/
@Aryderwood @gehaxelt
Annual Computer Security Applications Conference (ACSAC)

The Annual Computer Security Applications Conference (ACSAC) brings together cutting-edge researchers, with a broad cross-section of security professionals drawn from academia, industry, and government, gathered to present and discuss the latest security results and topics. With peer reviewed technical papers, invited talks, panels, national interest discussions, and workshops, ACSAC continues its core mission of investigating practical solutions for computer and network security technology.

Sebastian NeefSep 11, 2025
AnneSep 11, 2025

Great work by @gehaxelt, who presented the results or paper on the state of coordinated vulnerability disclosure processes in German DAX 40 companies. Paper will be available soon, published in the Proceedings of the European Symposium on Usable Security (#EuroUSEC25). Main takeaway: The situation for security researchers significantly increased in the last two years, but there is still room for improvement.

@SECUSO_Research

Sebastian NeefJul 15, 2025

New blog post: L3AK CTF 2025 Writeups

Had quite some fun solving the well-made challenges from #L3ak CTF in presence with @enoflag. Here are my writeups for the more interesting web challs: https://blog.gehaxelt.in/p/l3ak-ctf-2025-writeups-2025-07-13/

L3AK CTF 2025 Writeups | Gehaxelt's Blog

Last weekend, I participated in the L3AK-CTF as part of team ENOFLAG. We were just a few people meeting up at the university, but we had quite some fun with the CTF. This post contains the writeups for some of the challenges I solved.\n

Gehaxelt's Blog
Sebastian NeefJul 10, 2025

ENOWARS 9 is coming in less than 2 weeks! The A/D CTF will take place on July 19, 2025.

Don't forget to sign up! :)

https://9.enowars.com/

#CTF #ENOWARS

ENOFLAG CTF Setup

Sebastian NeefJul 10, 2025

I'm relaunching my blog: "Gehaxelt's Blog Is Live Again"

https://blog.gehaxelt.in/p/gehaxelts-blog-is-live-again-2025-07-01/

#blog

Gehaxelt's Blog Is Live Again | Gehaxelt's Blog

It is 2025 and time to relaunch this blog!\n

Gehaxelt's Blog
Sebastian NeefMay 31, 2024

It was a pleasure to give a sneak peak into our upcoming academic paper about FUEL (File Upload Exploitation Lab) to evaluate UFU vulnerability scanners.

If you missed it, you can rewatch the preliminary version here: https://media.ccc.de/v/gpn22-347-help-us-identify-ufus-em-powering-vulnerability-scanners-with-fuel

#GPN22

Help Us Identify UFUs: (Em)Powering Vulnerability Scanners with FUEL

media.ccc.de
Sebastian NeefMay 31, 2024
The second iteration of the bugbounty workshop was as nice as the first. Lots of good questions and comments - Awesome! Thanks for attending and have fun hacking. Keep it legal :)
Sebastian NeefMay 31, 2024
@md Cool, Danke!
Sebastian NeefMay 30, 2024

Finished my workshop on bugbounties and resp. disclosure at #gpn22 a few minutes ago. It was fun and there were great questions / comments!

If you missed it, there'll be another iteration tomorrow, but it might already be fully booked.

Also, don't miss the presentation on my upcoming paper about UFUs at 10:00 in Medientheater.