Lauritz
@lauritz-holtmann.de
IT-Security Researcher, Pentester and Bug Hunter. Passionate about 💻, 🤽♂️, ⚜️, 🎸 and ⚽ #meinVfL
#Kaeferjaeger + H1 Ambassador
🏠 https://security.lauritz-holtmann.de
#Kaeferjaeger + H1 Ambassador
🏠 https://security.lauritz-holtmann.de
Leaderboard: leaderboards.hackerone.live/germany-meet...
June 26, 2025 at 4:13 PM
Leaderboard: leaderboards.hackerone.live/germany-meet...
Thank you very much to everyone who made the event possible! ❤️
Congrats to c1phy (hackerone.com/c1phy) for securing the well-deserved 1st place. 🥇
Join your local h1.community chapter to not miss opportunities like this!
h1.community/chapters/
#BugBounty #Meetup #HackerOne
Congrats to c1phy (hackerone.com/c1phy) for securing the well-deserved 1st place. 🥇
Join your local h1.community chapter to not miss opportunities like this!
h1.community/chapters/
#BugBounty #Meetup #HackerOne
June 26, 2025 at 4:13 PM
Thank you very much to everyone who made the event possible! ❤️
Congrats to c1phy (hackerone.com/c1phy) for securing the well-deserved 1st place. 🥇
Join your local h1.community chapter to not miss opportunities like this!
h1.community/chapters/
#BugBounty #Meetup #HackerOne
Congrats to c1phy (hackerone.com/c1phy) for securing the well-deserved 1st place. 🥇
Join your local h1.community chapter to not miss opportunities like this!
h1.community/chapters/
#BugBounty #Meetup #HackerOne
Join our (or your local) club on h1.community to not miss future events in your region: h1.community/germany-hack...
The leaderboard of the event can be found here: leaderboards.hackerone.live/germany-meet...
Event wrap-up: h1.community/e/mgswsg/
The leaderboard of the event can be found here: leaderboards.hackerone.live/germany-meet...
Event wrap-up: h1.community/e/mgswsg/
H1 | HackerOne Community
At HackerOne, we're making the internet a safer place. Thousands of talented people – hackers, employees, and community members – have dedicated ourselves to making the internet safer by helping organ...
h1.community
March 27, 2025 at 7:03 AM
Join our (or your local) club on h1.community to not miss future events in your region: h1.community/germany-hack...
The leaderboard of the event can be found here: leaderboards.hackerone.live/germany-meet...
Event wrap-up: h1.community/e/mgswsg/
The leaderboard of the event can be found here: leaderboards.hackerone.live/germany-meet...
Event wrap-up: h1.community/e/mgswsg/
Overall, we submitted 21 vulns and scored (by now) over 13k$ in bounties. And there are still some reports in triage or pending bounty state 🤞
Thanks to @hacker0x01.bsky.social and Grab for supporting the event and everyone who attended and collaborated!
Thanks to @hacker0x01.bsky.social and Grab for supporting the event and everyone who attended and collaborated!
March 27, 2025 at 7:03 AM
Overall, we submitted 21 vulns and scored (by now) over 13k$ in bounties. And there are still some reports in triage or pending bounty state 🤞
Thanks to @hacker0x01.bsky.social and Grab for supporting the event and everyone who attended and collaborated!
Thanks to @hacker0x01.bsky.social and Grab for supporting the event and everyone who attended and collaborated!
The new year starts with a bang: #BugBounty Meetup Vol. 2 of the German @hacker0x01.bsky.social Club will take place on February 22nd in #Bochum, Germany! 🧑💻
We will organize the event like a Mini-LHE: Like last year, there will be again a collaborating H1 program and a leaderboard.
(1/3)
We will organize the event like a Mini-LHE: Like last year, there will be again a collaborating H1 program and a leaderboard.
(1/3)
February 4, 2025 at 7:41 AM
True, it does. Whoops 🙈
January 28, 2025 at 9:31 AM
True, it does. Whoops 🙈
In case space is no problem, you could also use good old jsfuck.com
JSFuck - Write any JavaScript with 6 Characters: []()!+
JSFuck is an esoteric and educational programming style based on the atomic parts of JavaScript. It uses only six different characters to execute code.
jsfuck.com
January 27, 2025 at 5:38 PM
In case space is no problem, you could also use good old jsfuck.com
window['aler'+'t']()
Does this 👆 count?
Does this 👆 count?
January 27, 2025 at 3:25 PM
window['aler'+'t']()
Does this 👆 count?
Does this 👆 count?
👉Signup here:
h1.community/events/detai...
This is a community event that is organized by volunteers and supported by H1, e.g. by sponsoring the venue. Thanks to @hacker0x01.bsky.social for their support! ❤️
(3/3)
h1.community/events/detai...
This is a community event that is organized by volunteers and supported by H1, e.g. by sponsoring the venue. Thanks to @hacker0x01.bsky.social for their support! ❤️
(3/3)
German HackerOne Club: Hacking Meetup vol. 2 | HackerOne Community
Hybrid Event - Join the second Hacking Meetup of the HackerOne Club Germany! We are going to hack on a live target, connect, collaborate, and learn.
This Meetup is open for all skill levels. Sign up...
h1.community
January 6, 2025 at 4:35 PM
👉Signup here:
h1.community/events/detai...
This is a community event that is organized by volunteers and supported by H1, e.g. by sponsoring the venue. Thanks to @hacker0x01.bsky.social for their support! ❤️
(3/3)
h1.community/events/detai...
This is a community event that is organized by volunteers and supported by H1, e.g. by sponsoring the venue. Thanks to @hacker0x01.bsky.social for their support! ❤️
(3/3)
The event will consist of a remote part and the final in-person day in Bochum.
15.02. - 21.02.25 Remote hacking and knowledge exchange on Discord
22.02.25 In-Person event in Bochum, Germany
Please sign up ASAP as we only have limited space available.
(2/3)
15.02. - 21.02.25 Remote hacking and knowledge exchange on Discord
22.02.25 In-Person event in Bochum, Germany
Please sign up ASAP as we only have limited space available.
(2/3)
January 6, 2025 at 4:35 PM
The event will consist of a remote part and the final in-person day in Bochum.
15.02. - 21.02.25 Remote hacking and knowledge exchange on Discord
22.02.25 In-Person event in Bochum, Germany
Please sign up ASAP as we only have limited space available.
(2/3)
15.02. - 21.02.25 Remote hacking and knowledge exchange on Discord
22.02.25 In-Person event in Bochum, Germany
Please sign up ASAP as we only have limited space available.
(2/3)
Oof. The comments here are baffling - I did not get to drive in the US, yet. 🤯 Fortunately, you do not see as many cars running red here in Germany. Maybe because getting caught running a red light that is red for >1sec means loosing your drivers license for at least a month (?) or so.
December 17, 2024 at 6:33 AM
Oof. The comments here are baffling - I did not get to drive in the US, yet. 🤯 Fortunately, you do not see as many cars running red here in Germany. Maybe because getting caught running a red light that is red for >1sec means loosing your drivers license for at least a month (?) or so.
I blog about web and SSO things from time to time. :)
Most referenced post about an AWS Cognito ATO in Flickr: security.lauritz-holtmann.de/advisories/f...
Most recent post about POST-based SSO Flows leading to XSS issues: security.lauritz-holtmann.de/post/sso-sec...
Most referenced post about an AWS Cognito ATO in Flickr: security.lauritz-holtmann.de/advisories/f...
Most recent post about POST-based SSO Flows leading to XSS issues: security.lauritz-holtmann.de/post/sso-sec...
POST to XSS: Leveraging Pseudo Protocols to Gain JavaScript Evaluation in SSO Flows
In 2020, a blog post was published here about the real-world security implications of a vague specification of the Redirect URI within the OAuth 2.0 RFC1. At that time, I focussed on redirect-based fl...
security.lauritz-holtmann.de
December 2, 2024 at 11:55 AM
I blog about web and SSO things from time to time. :)
Most referenced post about an AWS Cognito ATO in Flickr: security.lauritz-holtmann.de/advisories/f...
Most recent post about POST-based SSO Flows leading to XSS issues: security.lauritz-holtmann.de/post/sso-sec...
Most referenced post about an AWS Cognito ATO in Flickr: security.lauritz-holtmann.de/advisories/f...
Most recent post about POST-based SSO Flows leading to XSS issues: security.lauritz-holtmann.de/post/sso-sec...
I mean, with something like this, one could even evaluate to Auto-Triage selected reports/vuln categories, and directly forward reports to engineering that fulfil certain criteria.
Of course hackers will hack, but could be worth it. 🤷♂️
Of course hackers will hack, but could be worth it. 🤷♂️
November 29, 2024 at 12:51 PM
I mean, with something like this, one could even evaluate to Auto-Triage selected reports/vuln categories, and directly forward reports to engineering that fulfil certain criteria.
Of course hackers will hack, but could be worth it. 🤷♂️
Of course hackers will hack, but could be worth it. 🤷♂️
Have not looked much into it, but I like the approach of www.facebook.com/whitehat/fbdl
At least for (most of the times) easy reproducible things like XSS.
I suppose in these cases you also do not give much IP out of hand that would enable anyone to automize your manual methodology. 😅
At least for (most of the times) easy reproducible things like XSS.
I suppose in these cases you also do not give much IP out of hand that would enable anyone to automize your manual methodology. 😅
www.facebook.com
November 29, 2024 at 12:47 PM
Have not looked much into it, but I like the approach of www.facebook.com/whitehat/fbdl
At least for (most of the times) easy reproducible things like XSS.
I suppose in these cases you also do not give much IP out of hand that would enable anyone to automize your manual methodology. 😅
At least for (most of the times) easy reproducible things like XSS.
I suppose in these cases you also do not give much IP out of hand that would enable anyone to automize your manual methodology. 😅