Lauritz

Screenshot taken from https://valdotr.github.io/medium-webinar/map.json by Vlado Romao.

Bug Bounty Meetup vol. 5 of the German @hacker0x01.bsky.social club will be held Feb 14th to Feb 22nd (remote). 👨‍💻

20 seats, swag, remote space for networking, a bug bounty target and lots of collaboration.

RSVP now: h1.community/e/mbcd6v/

[Blog Post] Turning the List-Unsubscribe SMTP Header into an SSRF/XSS Gadget

security.lauritz-holtmann.de/post/xss-ssr...

Once again, ancient RFCs and overlooked security hot spots in specifications turned out to be worthwhile for security research.

Read the spec!

Recap of our @hacker0x01.bsky.social Hacking Meetup in September 👀

Leaderboard (still in progress): leaderboards.hackerone.live/germany-meet...

👉 h1.community/e/mbkdm3/

#BugBounty #Meetup #HackerOne

I reported a single, highly critical vulnerability that earned the top payout of the event. 💥🐞

Big thanks to @exness6.bsky.social for putting together such a great virtual meetup, and a special shoutout to @lauritz-holtmann.de!
Everything was incredibly well organized! 🙌

Leaderboard: leaderboards.hackerone.live/germany-meet...

Thank you very much to everyone who made the event possible! ❤️

Congrats to c1phy (hackerone.com/c1phy) for securing the well-deserved 1st place. 🥇

Join your local h1.community chapter to not miss opportunities like this!

h1.community/chapters/

#BugBounty #Meetup #HackerOne

Hacking Meetup vol. 3 of the German @hacker0x01.bsky.social Club - supported by @exnessofficial.bsky.social - was a blast! 💥

We x6 the overall bounties of our previous meetup and scored over 94,000$ overall bounties. 🤯

Additionally, H1 swag is on the way to all attendees and will arrive soon. 🤞

H1 | HackerOne Community At HackerOne, we're making the internet a safer place. Thousands of talented people – hackers, employees, and community members – have dedicated ourselves to making the internet safer by helping organ...

Join our (or your local) club on h1.community to not miss future events in your region: h1.community/germany-hack...

The leaderboard of the event can be found here: leaderboards.hackerone.live/germany-meet...

Event wrap-up: h1.community/e/mgswsg/

Overall, we submitted 21 vulns and scored (by now) over 13k$ in bounties. And there are still some reports in triage or pending bounty state 🤞

Thanks to @hacker0x01.bsky.social and Grab for supporting the event and everyone who attended and collaborated!

Our @hacker0x01.bsky.social meetup (vol.2) last month was a blast! 🔥

Almost 40 signups, ~25 active remote attendees and 12 attendees from all over Germany who travelled to #Bochum and hacked together in person on Grab's assets. 🤯

#BugBounty #Meetup

bsky.app/profile/laur...

🧑‍💻 #BugBounty Meetup Vol. 2 of the German
@hacker0x01.bsky.social Club x Grab

The event is organised like a Mini-LHE:
📅 15.02. - 21.02.25 Remote Hacking
📅 22.02.25 In-Person Day
📍#Bochum (Work Inn Bochum-FiftyOne)

‼️ Signup Deadline: Wednesday, Feb 12th.

👉 h1.community/e/mgswsg/

eval is overwritten using eval=console.log resulting in alert(1) being logged. This indicates jsfuck uses eval.

True, it does. Whoops 🙈

JSFuck - Write any JavaScript with 6 Characters: []()!+ JSFuck is an esoteric and educational programming style based on the atomic parts of JavaScript. It uses only six different characters to execute code.

In case space is no problem, you could also use good old jsfuck.com

window['aler'+'t']()

Does this 👆 count?

German HackerOne Club: Hacking Meetup vol. 2 | HackerOne Community Hybrid Event - Join the second Hacking Meetup of the HackerOne Club Germany! We are going to hack on a live target, connect, collaborate, and learn. This Meetup is open for all skill levels. Sign up...

👉Signup here:
h1.community/events/detai...

This is a community event that is organized by volunteers and supported by H1, e.g. by sponsoring the venue. Thanks to @hacker0x01.bsky.social for their support! ❤️

(3/3)

The event will consist of a remote part and the final in-person day in Bochum.

15.02. - 21.02.25 Remote hacking and knowledge exchange on Discord
22.02.25 In-Person event in Bochum, Germany

Please sign up ASAP as we only have limited space available.

(2/3)

LHE Leaderboard of the last H1 Meetup in Bochum

The new year starts with a bang: #BugBounty Meetup Vol. 2 of the German @hacker0x01.bsky.social Club will take place on February 22nd in #Bochum, Germany! 🧑‍💻

We will organize the event like a Mini-LHE: Like last year, there will be again a collaborating H1 program and a leaderboard.

(1/3)

#38c3 was 🚀

Just landed at #38c3 🤩

Ping me here or via ☎️5876 if you want have a chat, talk about things like #BugBounty or just want to have a Tschunk together. :)

I also have a handful of #H1 stickers with me to spread. 😏

🔜🚀 #38c3

Blog: #Android App Links Allowed Hijacking Arbitrary #SSO Flows

👉 security.lauritz-holtmann.de/post/sso-and...

Discover how twitter.com/_kun_19 and I uncovered a severe issue allowing hijack of SSO flows on Android… only to find we were years late to the party.

#BugBounty #Security #FuckUp

Oof. The comments here are baffling - I did not get to drive in the US, yet. 🤯 Fortunately, you do not see as many cars running red here in Germany. Maybe because getting caught running a red light that is red for >1sec means loosing your drivers license for at least a month (?) or so.

I blog about web and SSO things from time to time. :)

Most referenced post about an AWS Cognito ATO in Flickr: security.lauritz-holtmann.de/advisories/f...

Most recent post about POST-based SSO Flows leading to XSS issues: security.lauritz-holtmann.de/post/sso-sec...

I mean, with something like this, one could even evaluate to Auto-Triage selected reports/vuln categories, and directly forward reports to engineering that fulfil certain criteria.

Of course hackers will hack, but could be worth it. 🤷‍♂️

Have not looked much into it, but I like the approach of www.facebook.com/whitehat/fbdl

At least for (most of the times) easy reproducible things like XSS.

I suppose in these cases you also do not give much IP out of hand that would enable anyone to automize your manual methodology. 😅

Got my #38c3 ticket, see you in Hamburg 🚀

Dead Domain Discovery - Chrome Web Store Scans the page for external iFrames, Scripts, and Styles, logs them to the console, and checks if their domains are resolvable.

The "Dead Domain Discovery" Extension is now available from Chrome Web Store:

👉 chromewebstore.google.com/detail/opfeo...

Keep in mind that the extension needs broad permissions to work. I'd recommend to only install it to your "research browser".

Github: github.com/lauritzh/dea...

The Flickr ATO using AWS Cognito recently turned "3" and it is still my favorite bug bounty story 😅

Check out the blog post in case you missed it: security.lauritz-holtmann.de/advisories/f...

H1 disclosure: hackerone.com/reports/1342...

#BurpSuite #Bambda to detect Blind SSRF via OpenID Connect "request_uri" using out-of-bound detection (e.g. Collaborator).

The vulnerable URL is b64-encoded and included within the canary URL.

👉 gist.github.com/lauritzh/7b3...
📚 security.lauritz-holtmann.de/post/sso-sec...