Lauritz

1.6K posts

Lauritz

@_lauritz_

IT-Security Researcher, Pentester and Bug Hunter. Passionate about 💻, 🤽‍♂️, ⚜️, 🎸 and ⚽ (@VfLBochum1848eV ) #Kaeferjaeger + H1 Ambassador

Germany Katılım Nisan 2012

997 Takip Edilen2.1K Takipçiler

Sabitlenmiş Tweet

Lauritz@_lauritz_·18 Ara

[Blog Post] Flickr: Zero User-Interaction Account Takeover 👉 security.lauritz-holtmann.de/advisories/fli… 👉 hackerone.com/reports/1342088 #appsec #sso #aws #cognito #flickr #bugbounty

English

150

479

Lauritz retweetledi

pwn.ai@pwn_ai·1d

🚨 ZERODAY: ImageMagick 🚨 Our autonomous pentester pwn.ai just dropped multiple zeroday chains in ImageMagick that achieve RCE and File Leak from a single .jpg or .pdf file, bypassing EVERY security policy (Default, Limited, AND Secure). 🤯 💥 Affects Ubuntu, Debian, WordPress & millions of servers globally. Happy Monday and Happy Hunting! 🥰 pwn.ai/blog/imagemagi…

English

102

382

30.8K

Lauritz@_lauritz_·16 Mar

@_ArtSec_ I am very happy with my Air 15". IMO it is a great compromise between large display, good specs (upgraded to 24GB RAM) and weight. The Neo is probably a bit too underpowered.

English

156

ArtSec@_ArtSec_·16 Mar

Been thinking about getting a Macbook for travel/LHEs but I’m not sure if I need a Macbook Pro or the Air/Neo would be enough. Probably won’t be using too much heavy stuff since I hack on my tower build 99% of the time.

English

1.8K

Lauritz retweetledi

Patrik Grobshäuser@ITSecurityguard·6 Mar

I finally let Claude do my pentest this week. Full 5-day engagement, zero human input. Here's what the client got: 😏 clawd.it/posts/10-repla… #bugbounty #pentesting #AI #cybersecurity #infosec #claudeai

English

209

935

107.7K

Lauritz@_lauritz_·6 Mar

@_ArtSec_ Don't blame yourself for taking a much-needed and well-deserved break in late 2025. And if something already feels off and burnout is creeping in… listen to your body.

English

Lauritz@_lauritz_·6 Mar

@_ArtSec_ Not sure I personally agree with the "momentum" narrative. Sometimes you have a run, but IMO that never lasts forever. Recharging your batteries, on the other hand, is something you should definitely keep an eye on. Everything else is just unsustainable.

English

ArtSec@_ArtSec_·5 Mar

I'm getting very close to a burnout currently, haven't found a bug in 4 weeks and imposter syndrome is rising quickly. I gotta find a way to break out somehow.

English

140

10.5K

Lauritz@_lauritz_·5 Mar

@marcolivermunz @intigriti Glückwunsch! :)

Deutsch

Oli (C..1..P.H.Y)@marcolivermunz·5 Mar

Honored to be selected as a Hacker Ambassador for Germany 🇩🇪 in the new @intigriti Ambassador Program. Excited to support the ethical hacking community and help grow bug bounty 🤝 Learn more 👇 intigriti.com/blog/business-… Badge 🏅 app.intigriti.com/profile/c1phy?…

English

3.1K

Lauritz@_lauritz_·3 Mar

@MrTuxracer @Hacker0x01 @printfection Extra work for paper receipts (if any) handed out by delivery persons. Plus having to pay in cash (while the delivery person in most cases has no change). 😂

English

170

Julien | MrTuxracer 🇪🇺@MrTuxracer·3 Mar

@_lauritz_ @Hacker0x01 @printfection If you received the gift in connection with your freelance work, you can fully deduct the costs as a business expense and reclaim the VAT with your preliminary VAT return. So why do you even care 🙂?

English

863

Lauritz@_lauritz_·3 Mar

Swag from @Hacker0x01 is sent by @printfection (now Swag Pro). It is sent with "Recipient pays VAT": help-center.swag.com/hc/en-us/artic… I see that switching to "Shipper Pays Customs" would increase the costs for H1. Would it be possible to pay these additional costs as recipient? 1/3

English

2.1K

Lauritz@_lauritz_·3 Mar

So: Would it be somehow possible to let the recipient opt to cover the VAT (€1,41) directly during checkout / redemption of swag links, instead of blindly sending the items as-is and letting DHL figure out taxes? 3/3

English

220

Lauritz@_lauritz_·3 Mar

Why am I asking? While the VAT is not that much (€1,41), @DHLPaket is so nice to add €7,50 to each swag item received from @Hacker0x01, which is suboptimal IMO. To my understanding, this could be prevented if someone covers the extra costs for "DDP" via @printfection. 2/3

English

313

Lauritz@_lauritz_·17 Şub

@PinkDraconian this_is_fine.jpg

English

349

PinkDraconian@PinkDraconian·17 Şub

Ugh ☠️

PinkDraconian@PinkDraconian

This is exciting 🧑‍💻

7.7K

Lauritz@_lauritz_·13 Şub

@ITSecurityguard @senorarroz Yeah, I also do not get their wording and especially marketing and timing. Weren't the first concerns regarding the TOS changes posted already early this week? Why not transparently address these first? Instead, vague marketing videos like x.com/hacker0x01/sta… are posted.

HackerOne@Hacker0x01

Point-in-time pentests can’t keep up, while fully autonomous testing creates noise. The solution? HackerOne Agentic PTaaS pairs specially trained AI agents with elite human validation to deliver results based on real-world exploitability, not theory. This 50-second video shows you how it works.

English

193

Patrik Grobshäuser@ITSecurityguard·12 Şub

@senorarroz Where is that "years of pentest experience" coming from? I do want to believe that the agents are not trained on researcher submissions, but your vague marketing material does not do it any favour. hackerone.com/blog/agentic-p…

English

1.7K

Patrik Grobshäuser@ITSecurityguard·12 Şub

HackerOne@Hacker0x01

ZXX

285

23.8K

Lauritz retweetledi

Harley Kimball@infinitelogins·22 Oca

A researcher found that the List-Unsubscribe email header, designed to help users leave mailing lists with one click, can become a stored XSS and blind SSRF gadget when webmail clients auto-render unsubscribe buttons. A single malicious email header becomes a cross-surface attack as JavaScript URIs execute when clicked in Horde Webmail (CVE-2025-68673), while server-side unsubscribe handlers in Nextcloud Mail App trigger blind SSRF to internal destinations. Full write-up by @_lauritz_ 👇 security.lauritz-holtmann.de/post/xss-ssrf-… #BugBounty

English

119

7.5K

Lauritz@_lauritz_·7 Oca

Bug Bounty Meetup vol. 5 of the German @Hacker0x01 club will be held Feb 14th to Feb 22nd (remote). 👨‍💻 20 seats, swag, remote space for networking, a bug bounty target and lots of collaboration. RSVP now: h1.community/e/mbcd6v/

English

388

Lauritz@_lauritz_·23 Ara

[Blog Post] Turning the List-Unsubscribe SMTP Header into an SSRF/XSS Gadget security.lauritz-holtmann.de/post/xss-ssrf-… Once again, ancient RFCs and overlooked security hot spots in specifications turned out to be worthwhile for security research. Read the spec!

English

193

8.6K

André Baptista@0xacb·16 Ara

This is really cool writeup. Self-XSS + Login CSRF + SSO gadget to ATO Nice find @_lauritz_! security.lauritz-holtmann.de/post/xss-ato-g…

English

269

13.2K

Lauritz@_lauritz_·16 Ara

@0xacb Thanks for the shoutout @0xacb! :)

English

524

Lauritz@_lauritz_·13 Ara

Because the ACTUAL default is: HACKING IS A CRIME, unless you've got PERMISSION TO TEST. Don't be foolish. Don't risk to go to jail folks.

English

202

Lauritz@_lauritz_·13 Ara

I realized this is indeed an issue. Good to see, that BB has become somewhat the new expectation towards companies, as IMO it is a crucial tool for security. BUT: Keep in mind what VDP/BB policies brought us: Safe Harbour Agreements and PERMISSION TO TEST in a certain scope.

dawgyg - WoH@thedawgyg

Bug hunting on random sites without written permission or a publicly posted VDP/BBP is a crime.

English

439

Keşfet

@_ArtSec_ @marcolivermunz @intigriti @MrTuxracer @Hacker0x01 @printfection @DHLPaket @PinkDraconian