| Blog | https://security.lauritz-holtmann.de/ |
| https://twitter.com/_lauritz_ | |
| https://www.linkedin.com/in/lauritz-holtmann/ | |
| Intigriti | https://app.intigriti.com/profile/_lauritz_ |
Bug Bounty Meetup vol. 5 of the German @Hacker0x01 club will be held Feb 14th to Feb 22nd (remote). π¨βπ»
20 seats, swag, remote space for networking, a bug bounty target and lots of collaboration.
RSVP now: https://h1.community/e/mbcd6v/
[Blog Post] Turning the List-Unsubscribe SMTP Header into an SSRF/XSS Gadget
https://security.lauritz-holtmann.de/post/xss-ssrf-list-unsubscribe/
Once again, ancient RFCs and overlooked security hot spots in specifications turned out to be worthwhile for security research.
Read the spec!
The List-Unsubscribe SMTP header is standardized but often overlooked during security assessments. It allows email clients to provide an easy way for end-users to unsubscribe from mailing lists. This post discusses how this header can be abused to perform Cross-Site Scripting (XSS) and Server-Side Request Forgery (SSRF) attacks in certain scenarios. Real-world examples involving Horde Webmail (CVE-2025-68673) and Nextcloud Mail App are provided to illustrate the risks.
Recap of our
@Hacker0x01 Hacking Meetup in September π
Leaderboard (still in progress): leaderboards.hackerone.live/germany-meetup-sept-2025
π h1.community/e/mbkdm3/
Thank you very much to everyone who made the event possible! β€οΈ
Congrats to c1phy (https://hackerone.com/c1phy) for securing the well-deserved 1st place. π₯
Join your local h1.community chapter to not miss opportunities like this!
https://h1.community/chapters/
Leaderboard: https://leaderboards.hackerone.live/germany-meetup-june-2025
Hacking Meetup vol. 3 of the German @Hacker0x01 Club - supported by EXNESS - was a blast! π₯
We x6 the overall bounties of our previous meetup and scored over 94,000$ overall bounties. π€―
Additionally, H1 swag is on the way to all attendees and will hopefully arrive soon. π€
Join our (or your local) club on h1.community to not miss future events in your region: https://h1.community/germany-hackerone-club/
The leaderboard of the event can be found here: https://leaderboards.hackerone.live/germany-meetup-feb-2025
Event wrap-up: https://h1.community/e/mgswsg/
At HackerOne, we're making the internet a safer place. Thousands of talented people β hackers, employees, and community members β have dedicated ourselves to making the internet safer by helping organizations close their attack resistance gap.
Overall, we submitted 21 vulns and scored (by now) over 13k$ in bounties. And there are still some reports in triage or pending bounty state π€
Thanks to @Hacker0x01 and Grab for supporting the event and everyone who attended and collaborated!
Our @Hacker0x01 meetup (vol.2) last month was a blast! π₯
Almost 40 signups, ~25 active remote attendees and 12 attendees from all over Germany who travelled to #Bochum and hacked together in person on Grab's assets. π€―
π§βπ» #BugBounty Meetup Vol. 2 of the German #HackerOne Club x Grab
The event is organised like a Mini-LHE:
π
15.02. - 21.02.25 Remote Hacking
π
22.02.25 In-Person Day
π#Bochum (Work Inn Bochum-FiftyOne)
βΌοΈ Signup Deadline: Wednesday, Feb 12th.
Hybrid Event - Join the second Hacking Meetup of the HackerOne Club Germany! We are going to hack on a live target, connect, collaborate, and learn. This Meetup is open for all skill levels. Sign up until February 12th to get the chance to connect with the local bug bounty community and claim some bounties!
