Bug Bounty Meetup: "Friendly Edition"
Save the date: Our next meetup is around the corner and will come with a surprise - stay tuned!
Hi there 👋
My name is Lauritz and I am an IT-Security researcher and penetration tester based in Germany.
Upcoming Events
Talks, workshops, and meetups I will host or am scheduled to attend.
Past Events 6
SSO Security Workshop
A remote workshop covering SSO fundamentals, OAuth and OpenID Connect attack surfaces, and practical hardening guidance.
Bug Bounty Meetup vol. 5
The fifth Hacking Meetup of the HackerOne Club Germany was fully-remote again. We hacked on two live targets, connect via a WorkAdventure virtual space, collaborated, and learned a lot.
Bug Bounty Meetup vol. 4
For our fourth meetup we gathered in Essen and scored almost 15k $ in bounties on a fresh target. We had a great time connecting, collaborating, and learning together!
Bug Bounty Meetup vol. 3
Our third meetup was ground-breaking: We had a record-breaking 95k $ in bounties on Exness. 🤯 This was our first remote meetup, but we still gathered virtually for our Show&Tell session and collaborated a lot throughout the event.
Bug Bounty Meetup vol. 2
New year, new meetup! We had a great time connecting, collaborating, and learning together in Bochum. Partner program was Grab and we scored over 15k $ in bounties.
Bug Bounty Meetup vol. 1
The beginning of something great: Our first meetup was a blast! We had a great time connecting, collaborating, and learning together in Bochum. We hacked on ToolsForHumanity and scored over 10k $ in bounties.
Recent Advisories
Recent research and write-ups on relevant web security topics.
Sign-in with World ID: XSS and ATO via OIDC Form Post Response Mode
Recently, Tools for Humanity partnered with the German HackerOne Club to run a one-week virtual and in-person Hacking Meetup. In the course of the meetup, a critical vulnerability within the Sign-in with World ID implementation was found, which affected the OpenID Connect form_post Response Mode and could allow malicious actors to take over end-user accounts at third-party applications that utilize the Sign-in with World ID mechanism. The vulnerability was addressed within a few hours after triage.
Personal Access Token Disclosure in Asana Desktop Application
This post gives an insight into a sensitive data exposure vulnerability in Asana for Mac that was rated as P1 and was awarded a bounty. This was the very first report of that kind for me. Still, I think this type of deployment and build chain issue is more common than one may think.
Flickr Account Takeover
This post gives a deep dive into a critical security flaw that was present in Flickr’s login flow. The authentication at identity.flickr.com is implemented using AWS Cognito. By exploiting configuration issues and violations of the OpenID Connect specification, it was possible to takeover any Flickr account without user interaction.