Lauritz
@lauritz-holtmann.de
IT-Security Researcher, Pentester and Bug Hunter. Passionate about π», π€½ββοΈ, βοΈ, πΈ and β½ #meinVfL
#Kaeferjaeger + H1 Ambassador
π https://security.lauritz-holtmann.de
#Kaeferjaeger + H1 Ambassador
π https://security.lauritz-holtmann.de
Pinned
Lauritz
@lauritz-holtmann.de
Β· Nov 15
The Flickr ATO using AWS Cognito recently turned "3" and it is still my favorite bug bounty story π
Check out the blog post in case you missed it: security.lauritz-holtmann.de/advisories/f...
H1 disclosure: hackerone.com/reports/1342...
Check out the blog post in case you missed it: security.lauritz-holtmann.de/advisories/f...
H1 disclosure: hackerone.com/reports/1342...
Bug Bounty Meetup vol. 5 of the German @hacker0x01.bsky.social club will be held Feb 14th to Feb 22nd (remote). π¨βπ»
20 seats, swag, remote space for networking, a bug bounty target and lots of collaboration.
RSVP now: h1.community/e/mbcd6v/
20 seats, swag, remote space for networking, a bug bounty target and lots of collaboration.
RSVP now: h1.community/e/mbcd6v/
January 7, 2026 at 9:50 AM
Bug Bounty Meetup vol. 5 of the German @hacker0x01.bsky.social club will be held Feb 14th to Feb 22nd (remote). π¨βπ»
20 seats, swag, remote space for networking, a bug bounty target and lots of collaboration.
RSVP now: h1.community/e/mbcd6v/
20 seats, swag, remote space for networking, a bug bounty target and lots of collaboration.
RSVP now: h1.community/e/mbcd6v/
[Blog Post] Turning the List-Unsubscribe SMTP Header into an SSRF/XSS Gadget
security.lauritz-holtmann.de/post/xss-ssr...
Once again, ancient RFCs and overlooked security hot spots in specifications turned out to be worthwhile for security research.
Read the spec!
security.lauritz-holtmann.de/post/xss-ssr...
Once again, ancient RFCs and overlooked security hot spots in specifications turned out to be worthwhile for security research.
Read the spec!
Turning List-Unsubscribe into an SSRF/XSS Gadget
The List-Unsubscribe SMTP header is standardized but often overlooked during security assessments. It allows email clients to provide an easy way for end-users to unsubscribe from mailing lists.
This ...
security.lauritz-holtmann.de
December 23, 2025 at 7:38 AM
[Blog Post] Turning the List-Unsubscribe SMTP Header into an SSRF/XSS Gadget
security.lauritz-holtmann.de/post/xss-ssr...
Once again, ancient RFCs and overlooked security hot spots in specifications turned out to be worthwhile for security research.
Read the spec!
security.lauritz-holtmann.de/post/xss-ssr...
Once again, ancient RFCs and overlooked security hot spots in specifications turned out to be worthwhile for security research.
Read the spec!
Recap of our @hacker0x01.bsky.social Hacking Meetup in September π
Leaderboard (still in progress): leaderboards.hackerone.live/germany-meet...
π h1.community/e/mbkdm3/
#BugBounty #Meetup #HackerOne
Leaderboard (still in progress): leaderboards.hackerone.live/germany-meet...
π h1.community/e/mbkdm3/
#BugBounty #Meetup #HackerOne
October 6, 2025 at 9:15 PM
Recap of our @hacker0x01.bsky.social Hacking Meetup in September π
Leaderboard (still in progress): leaderboards.hackerone.live/germany-meet...
π h1.community/e/mbkdm3/
#BugBounty #Meetup #HackerOne
Leaderboard (still in progress): leaderboards.hackerone.live/germany-meet...
π h1.community/e/mbkdm3/
#BugBounty #Meetup #HackerOne
Reposted by Lauritz
I reported a single, highly critical vulnerability that earned the top payout of the event. π₯π
Big thanks to @exness6.bsky.social for putting together such a great virtual meetup, and a special shoutout to @lauritz-holtmann.de!
Everything was incredibly well organized! π
Big thanks to @exness6.bsky.social for putting together such a great virtual meetup, and a special shoutout to @lauritz-holtmann.de!
Everything was incredibly well organized! π
Hacking Meetup vol. 3 of the German @hacker0x01.bsky.social Club - supported by @exnessofficial.bsky.social - was a blast! π₯
We x6 the overall bounties of our previous meetup and scored over 94,000$ overall bounties. π€―
Additionally, H1 swag is on the way to all attendees and will arrive soon. π€
We x6 the overall bounties of our previous meetup and scored over 94,000$ overall bounties. π€―
Additionally, H1 swag is on the way to all attendees and will arrive soon. π€
June 26, 2025 at 5:15 PM
I reported a single, highly critical vulnerability that earned the top payout of the event. π₯π
Big thanks to @exness6.bsky.social for putting together such a great virtual meetup, and a special shoutout to @lauritz-holtmann.de!
Everything was incredibly well organized! π
Big thanks to @exness6.bsky.social for putting together such a great virtual meetup, and a special shoutout to @lauritz-holtmann.de!
Everything was incredibly well organized! π
Leaderboard: leaderboards.hackerone.live/germany-meet...
June 26, 2025 at 4:13 PM
Leaderboard: leaderboards.hackerone.live/germany-meet...
Thank you very much to everyone who made the event possible! β€οΈ
Congrats to c1phy (hackerone.com/c1phy) for securing the well-deserved 1st place. π₯
Join your local h1.community chapter to not miss opportunities like this!
h1.community/chapters/
#BugBounty #Meetup #HackerOne
Congrats to c1phy (hackerone.com/c1phy) for securing the well-deserved 1st place. π₯
Join your local h1.community chapter to not miss opportunities like this!
h1.community/chapters/
#BugBounty #Meetup #HackerOne
June 26, 2025 at 4:13 PM
Thank you very much to everyone who made the event possible! β€οΈ
Congrats to c1phy (hackerone.com/c1phy) for securing the well-deserved 1st place. π₯
Join your local h1.community chapter to not miss opportunities like this!
h1.community/chapters/
#BugBounty #Meetup #HackerOne
Congrats to c1phy (hackerone.com/c1phy) for securing the well-deserved 1st place. π₯
Join your local h1.community chapter to not miss opportunities like this!
h1.community/chapters/
#BugBounty #Meetup #HackerOne
Hacking Meetup vol. 3 of the German @hacker0x01.bsky.social Club - supported by @exnessofficial.bsky.social - was a blast! π₯
We x6 the overall bounties of our previous meetup and scored over 94,000$ overall bounties. π€―
Additionally, H1 swag is on the way to all attendees and will arrive soon. π€
We x6 the overall bounties of our previous meetup and scored over 94,000$ overall bounties. π€―
Additionally, H1 swag is on the way to all attendees and will arrive soon. π€
June 26, 2025 at 4:13 PM
Hacking Meetup vol. 3 of the German @hacker0x01.bsky.social Club - supported by @exnessofficial.bsky.social - was a blast! π₯
We x6 the overall bounties of our previous meetup and scored over 94,000$ overall bounties. π€―
Additionally, H1 swag is on the way to all attendees and will arrive soon. π€
We x6 the overall bounties of our previous meetup and scored over 94,000$ overall bounties. π€―
Additionally, H1 swag is on the way to all attendees and will arrive soon. π€
Join our (or your local) club on h1.community to not miss future events in your region: h1.community/germany-hack...
The leaderboard of the event can be found here: leaderboards.hackerone.live/germany-meet...
Event wrap-up: h1.community/e/mgswsg/
The leaderboard of the event can be found here: leaderboards.hackerone.live/germany-meet...
Event wrap-up: h1.community/e/mgswsg/
H1 | HackerOne Community
At HackerOne, we're making the internet a safer place. Thousands of talented people β hackers, employees, and community members β have dedicated ourselves to making the internet safer by helping organ...
h1.community
March 27, 2025 at 7:03 AM
Join our (or your local) club on h1.community to not miss future events in your region: h1.community/germany-hack...
The leaderboard of the event can be found here: leaderboards.hackerone.live/germany-meet...
Event wrap-up: h1.community/e/mgswsg/
The leaderboard of the event can be found here: leaderboards.hackerone.live/germany-meet...
Event wrap-up: h1.community/e/mgswsg/
Overall, we submitted 21 vulns and scored (by now) over 13k$ in bounties. And there are still some reports in triage or pending bounty state π€
Thanks to @hacker0x01.bsky.social and Grab for supporting the event and everyone who attended and collaborated!
Thanks to @hacker0x01.bsky.social and Grab for supporting the event and everyone who attended and collaborated!
March 27, 2025 at 7:03 AM
Overall, we submitted 21 vulns and scored (by now) over 13k$ in bounties. And there are still some reports in triage or pending bounty state π€
Thanks to @hacker0x01.bsky.social and Grab for supporting the event and everyone who attended and collaborated!
Thanks to @hacker0x01.bsky.social and Grab for supporting the event and everyone who attended and collaborated!
Our @hacker0x01.bsky.social meetup (vol.2) last month was a blast! π₯
Almost 40 signups, ~25 active remote attendees and 12 attendees from all over Germany who travelled to #Bochum and hacked together in person on Grab's assets. π€―
#BugBounty #Meetup
Almost 40 signups, ~25 active remote attendees and 12 attendees from all over Germany who travelled to #Bochum and hacked together in person on Grab's assets. π€―
#BugBounty #Meetup
March 27, 2025 at 7:03 AM
Our @hacker0x01.bsky.social meetup (vol.2) last month was a blast! π₯
Almost 40 signups, ~25 active remote attendees and 12 attendees from all over Germany who travelled to #Bochum and hacked together in person on Grab's assets. π€―
#BugBounty #Meetup
Almost 40 signups, ~25 active remote attendees and 12 attendees from all over Germany who travelled to #Bochum and hacked together in person on Grab's assets. π€―
#BugBounty #Meetup
The new year starts with a bang: #BugBounty Meetup Vol. 2 of the German @hacker0x01.bsky.social Club will take place on February 22nd in #Bochum, Germany! π§βπ»
We will organize the event like a Mini-LHE: Like last year, there will be again a collaborating H1 program and a leaderboard.
(1/3)
We will organize the event like a Mini-LHE: Like last year, there will be again a collaborating H1 program and a leaderboard.
(1/3)
February 4, 2025 at 7:41 AM
π§βπ» #BugBounty Meetup Vol. 2 of the German
@hacker0x01.bsky.social Club x Grab
The event is organised like a Mini-LHE:
π 15.02. - 21.02.25 Remote Hacking
π 22.02.25 In-Person Day
π#Bochum (Work Inn Bochum-FiftyOne)
βΌοΈ Signup Deadline: Wednesday, Feb 12th.
π h1.community/e/mgswsg/
@hacker0x01.bsky.social Club x Grab
The event is organised like a Mini-LHE:
π 15.02. - 21.02.25 Remote Hacking
π 22.02.25 In-Person Day
π#Bochum (Work Inn Bochum-FiftyOne)
βΌοΈ Signup Deadline: Wednesday, Feb 12th.
π h1.community/e/mgswsg/
February 4, 2025 at 6:48 AM
π§βπ» #BugBounty Meetup Vol. 2 of the German
@hacker0x01.bsky.social Club x Grab
The event is organised like a Mini-LHE:
π 15.02. - 21.02.25 Remote Hacking
π 22.02.25 In-Person Day
π#Bochum (Work Inn Bochum-FiftyOne)
βΌοΈ Signup Deadline: Wednesday, Feb 12th.
π h1.community/e/mgswsg/
@hacker0x01.bsky.social Club x Grab
The event is organised like a Mini-LHE:
π 15.02. - 21.02.25 Remote Hacking
π 22.02.25 In-Person Day
π#Bochum (Work Inn Bochum-FiftyOne)
βΌοΈ Signup Deadline: Wednesday, Feb 12th.
π h1.community/e/mgswsg/
True, it does. Whoops π
January 28, 2025 at 9:31 AM
True, it does. Whoops π
In case space is no problem, you could also use good old jsfuck.com
JSFuck - Write any JavaScript with 6 Characters: []()!+
JSFuck is an esoteric and educational programming style based on the atomic parts of JavaScript. It uses only six different characters to execute code.
jsfuck.com
January 27, 2025 at 5:38 PM
In case space is no problem, you could also use good old jsfuck.com
window['aler'+'t']()
Does this π count?
Does this π count?
January 27, 2025 at 3:25 PM
window['aler'+'t']()
Does this π count?
Does this π count?
πSignup here:
h1.community/events/detai...
This is a community event that is organized by volunteers and supported by H1, e.g. by sponsoring the venue. Thanks to @hacker0x01.bsky.social for their support! β€οΈ
(3/3)
h1.community/events/detai...
This is a community event that is organized by volunteers and supported by H1, e.g. by sponsoring the venue. Thanks to @hacker0x01.bsky.social for their support! β€οΈ
(3/3)
German HackerOne Club: Hacking Meetup vol. 2 | HackerOne Community
Hybrid Event - Join the second Hacking Meetup of the HackerOne Club Germany! We are going to hack on a live target, connect, collaborate, and learn.
This Meetup is open for all skill levels. Sign up...
h1.community
January 6, 2025 at 4:35 PM
πSignup here:
h1.community/events/detai...
This is a community event that is organized by volunteers and supported by H1, e.g. by sponsoring the venue. Thanks to @hacker0x01.bsky.social for their support! β€οΈ
(3/3)
h1.community/events/detai...
This is a community event that is organized by volunteers and supported by H1, e.g. by sponsoring the venue. Thanks to @hacker0x01.bsky.social for their support! β€οΈ
(3/3)
The event will consist of a remote part and the final in-person day in Bochum.
15.02. - 21.02.25 Remote hacking and knowledge exchange on Discord
22.02.25 In-Person event in Bochum, Germany
Please sign up ASAP as we only have limited space available.
(2/3)
15.02. - 21.02.25 Remote hacking and knowledge exchange on Discord
22.02.25 In-Person event in Bochum, Germany
Please sign up ASAP as we only have limited space available.
(2/3)
January 6, 2025 at 4:35 PM
The event will consist of a remote part and the final in-person day in Bochum.
15.02. - 21.02.25 Remote hacking and knowledge exchange on Discord
22.02.25 In-Person event in Bochum, Germany
Please sign up ASAP as we only have limited space available.
(2/3)
15.02. - 21.02.25 Remote hacking and knowledge exchange on Discord
22.02.25 In-Person event in Bochum, Germany
Please sign up ASAP as we only have limited space available.
(2/3)
The new year starts with a bang: #BugBounty Meetup Vol. 2 of the German @hacker0x01.bsky.social Club will take place on February 22nd in #Bochum, Germany! π§βπ»
We will organize the event like a Mini-LHE: Like last year, there will be again a collaborating H1 program and a leaderboard.
(1/3)
We will organize the event like a Mini-LHE: Like last year, there will be again a collaborating H1 program and a leaderboard.
(1/3)
January 6, 2025 at 4:35 PM
The new year starts with a bang: #BugBounty Meetup Vol. 2 of the German @hacker0x01.bsky.social Club will take place on February 22nd in #Bochum, Germany! π§βπ»
We will organize the event like a Mini-LHE: Like last year, there will be again a collaborating H1 program and a leaderboard.
(1/3)
We will organize the event like a Mini-LHE: Like last year, there will be again a collaborating H1 program and a leaderboard.
(1/3)
Just landed at #38c3 π€©
Ping me here or via βοΈ5876 if you want have a chat, talk about things like #BugBounty or just want to have a Tschunk together. :)
I also have a handful of #H1 stickers with me to spread. π
Ping me here or via βοΈ5876 if you want have a chat, talk about things like #BugBounty or just want to have a Tschunk together. :)
I also have a handful of #H1 stickers with me to spread. π
December 27, 2024 at 8:49 AM
Just landed at #38c3 π€©
Ping me here or via βοΈ5876 if you want have a chat, talk about things like #BugBounty or just want to have a Tschunk together. :)
I also have a handful of #H1 stickers with me to spread. π
Ping me here or via βοΈ5876 if you want have a chat, talk about things like #BugBounty or just want to have a Tschunk together. :)
I also have a handful of #H1 stickers with me to spread. π
Blog: #Android App Links Allowed Hijacking Arbitrary #SSO Flows
π security.lauritz-holtmann.de/post/sso-and...
Discover how twitter.com/_kun_19 and I uncovered a severe issue allowing hijack of SSO flows on Android⦠only to find we were years late to the party.
#BugBounty #Security #FuckUp
π security.lauritz-holtmann.de/post/sso-and...
Discover how twitter.com/_kun_19 and I uncovered a severe issue allowing hijack of SSO flows on Android⦠only to find we were years late to the party.
#BugBounty #Security #FuckUp
Android App Links autoVerify=false Allowed Hijacking Authentication Flows
Research is a constant process of failure and iteration. However, in most cases, you only see the one-in-a-thousand (successful) attempt. To normalize f*ck ups, and because I believe the behavior we i...
security.lauritz-holtmann.de
December 18, 2024 at 5:34 PM
Blog: #Android App Links Allowed Hijacking Arbitrary #SSO Flows
π security.lauritz-holtmann.de/post/sso-and...
Discover how twitter.com/_kun_19 and I uncovered a severe issue allowing hijack of SSO flows on Android⦠only to find we were years late to the party.
#BugBounty #Security #FuckUp
π security.lauritz-holtmann.de/post/sso-and...
Discover how twitter.com/_kun_19 and I uncovered a severe issue allowing hijack of SSO flows on Android⦠only to find we were years late to the party.
#BugBounty #Security #FuckUp
Oof. The comments here are baffling - I did not get to drive in the US, yet. π€― Fortunately, you do not see as many cars running red here in Germany. Maybe because getting caught running a red light that is red for >1sec means loosing your drivers license for at least a month (?) or so.
December 17, 2024 at 6:33 AM
Oof. The comments here are baffling - I did not get to drive in the US, yet. π€― Fortunately, you do not see as many cars running red here in Germany. Maybe because getting caught running a red light that is red for >1sec means loosing your drivers license for at least a month (?) or so.
I blog about web and SSO things from time to time. :)
Most referenced post about an AWS Cognito ATO in Flickr: security.lauritz-holtmann.de/advisories/f...
Most recent post about POST-based SSO Flows leading to XSS issues: security.lauritz-holtmann.de/post/sso-sec...
Most referenced post about an AWS Cognito ATO in Flickr: security.lauritz-holtmann.de/advisories/f...
Most recent post about POST-based SSO Flows leading to XSS issues: security.lauritz-holtmann.de/post/sso-sec...
POST to XSS: Leveraging Pseudo Protocols to Gain JavaScript Evaluation in SSO Flows
In 2020, a blog post was published here about the real-world security implications of a vague specification of the Redirect URI within the OAuth 2.0 RFC1. At that time, I focussed on redirect-based fl...
security.lauritz-holtmann.de
December 2, 2024 at 11:55 AM
I blog about web and SSO things from time to time. :)
Most referenced post about an AWS Cognito ATO in Flickr: security.lauritz-holtmann.de/advisories/f...
Most recent post about POST-based SSO Flows leading to XSS issues: security.lauritz-holtmann.de/post/sso-sec...
Most referenced post about an AWS Cognito ATO in Flickr: security.lauritz-holtmann.de/advisories/f...
Most recent post about POST-based SSO Flows leading to XSS issues: security.lauritz-holtmann.de/post/sso-sec...
I mean, with something like this, one could even evaluate to Auto-Triage selected reports/vuln categories, and directly forward reports to engineering that fulfil certain criteria.
Of course hackers will hack, but could be worth it. π€·ββοΈ
Of course hackers will hack, but could be worth it. π€·ββοΈ
November 29, 2024 at 12:51 PM
I mean, with something like this, one could even evaluate to Auto-Triage selected reports/vuln categories, and directly forward reports to engineering that fulfil certain criteria.
Of course hackers will hack, but could be worth it. π€·ββοΈ
Of course hackers will hack, but could be worth it. π€·ββοΈ