| Blog | https://security.lauritz-holtmann.de/ |
| https://twitter.com/_lauritz_ | |
| https://www.linkedin.com/in/lauritz-holtmann/ | |
| Intigriti | https://app.intigriti.com/profile/_lauritz_ |
Bug Bounty Meetup vol. 5 of the German @Hacker0x01 club will be held Feb 14th to Feb 22nd (remote). π¨βπ»
20 seats, swag, remote space for networking, a bug bounty target and lots of collaboration.
RSVP now: https://h1.community/e/mbcd6v/
Recap of our
@Hacker0x01 Hacking Meetup in September π
Leaderboard (still in progress): leaderboards.hackerone.live/germany-meetup-sept-2025
π h1.community/e/mbkdm3/
Hacking Meetup vol. 3 of the German @Hacker0x01 Club - supported by EXNESS - was a blast! π₯
We x6 the overall bounties of our previous meetup and scored over 94,000$ overall bounties. π€―
Additionally, H1 swag is on the way to all attendees and will hopefully arrive soon. π€
Our @Hacker0x01 meetup (vol.2) last month was a blast! π₯
Almost 40 signups, ~25 active remote attendees and 12 attendees from all over Germany who travelled to #Bochum and hacked together in person on Grab's assets. π€―
#BurpSuite #Bambda to detect Blind SSRF via OpenID Connect "request_uri" using out-of-bound detection (e.g. Collaborator).
The vulnerable URL is b64-encoded and included within the canary URL.
π https://gist.github.com/lauritzh/7b3ebfb5f541b6027152e5cee2f11b0d
π https://security.lauritz-holtmann.de/post/sso-security-ssrf/
Finally found time to automate the build process of my @[email protected] blog and its deployment using a @[email protected] workflow πͺ
The setup was actually easier than expected, tbh π
