Recap of our @hacker0x01.bsky.social Hacking Meetup in September 👀

Leaderboard (still in progress): leaderboards.hackerone.live/germany-meet...

👉 h1.community/e/mbkdm3/

#BugBounty #Meetup #HackerOne

Hacking Meetup vol. 3 of the German @hacker0x01.bsky.social Club - supported by @exnessofficial.bsky.social - was a blast! 💥

We x6 the overall bounties of our previous meetup and scored over 94,000$ overall bounties. 🤯

Additionally, H1 swag is on the way to all attendees and will arrive soon. 🤞

Our @hacker0x01.bsky.social meetup (vol.2) last month was a blast! 🔥

Almost 40 signups, ~25 active remote attendees and 12 attendees from all over Germany who travelled to #Bochum and hacked together in person on Grab's assets. 🤯

#BugBounty #Meetup

🧑‍💻 #BugBounty Meetup Vol. 2 of the German
@hacker0x01.bsky.social Club x Grab

The event is organised like a Mini-LHE:
📅 15.02. - 21.02.25 Remote Hacking
📅 22.02.25 In-Person Day
📍#Bochum (Work Inn Bochum-FiftyOne)

‼️ Signup Deadline: Wednesday, Feb 12th.

👉 h1.community/e/mgswsg/

True, it does. Whoops 🙈

The new year starts with a bang: #BugBounty Meetup Vol. 2 of the German @hacker0x01.bsky.social Club will take place on February 22nd in #Bochum, Germany! 🧑‍💻

We will organize the event like a Mini-LHE: Like last year, there will be again a collaborating H1 program and a leaderboard.

(1/3)

#38c3 was 🚀

🔜🚀 #38c3

The Flickr ATO using AWS Cognito recently turned "3" and it is still my favorite bug bounty story 😅

Check out the blog post in case you missed it: security.lauritz-holtmann.de/advisories/f...

H1 disclosure: hackerone.com/reports/1342...

#BurpSuite #Bambda to detect Blind SSRF via OpenID Connect "request_uri" using out-of-bound detection (e.g. Collaborator).

The vulnerable URL is b64-encoded and included within the canary URL.

👉 gist.github.com/lauritzh/7b3...
📚 security.lauritz-holtmann.de/post/sso-sec...