It was an honor to participate with a German team for the first time - thanks a lot Ariel Garcia and everyone who made the event possible. :) Looking forward to the next AWC 🙌 Make sure to join your regional H1 chapter at h1.community/chapters/ to not miss events like this!

I am getting a lot of spam recently via DM, even though I have the filter for low-quality messages enabled. Sad, but I feel like I have to restrict message requests for now, even though I think open DMs are generally a good thing. If you want to contact me, use Discord or email

I just found the coolest csp bypass ever! did you know that a valid pdf can ALSO be valid javascript? (details below)

I reported a single, highly critical vulnerability that earned the top payout of the event. 💥🐞 Big thanks to Exness for putting together such a great virtual meetup, and a special shoutout to Lauritz! Everything was incredibly well organized! 🙌

I just got the confirmation that I was selected for this year's NULLCON Berlin Bug Bounty Scholarship 🎉 This will actually be my fourth NULLCON, I am looking forward to meeting friends and doing some bug bounty hunting in September. See you there! :) nullcon.net/berlin-2025

Unser HackerOne Bug Bounty Meetup geht in die nächste Runde 🤩 👥 30 Plätze 📆🌐 10. - 20.09.25 (Remote-Hacking) 📆🧑‍💻 20.09.25 (In-Person in Essen) ⏰ 12 - 18 Uhr 📍 Rivvers Essen-Lindenallee rivvers.de/essen/coworkin… 🚝🚶 10min Fußweg vom HbF Essen 👉 h1.community/e/mbkdm3/

NULLCON Berlin was a blast 💥 Thanks for the amazing time, great talks, impactful collaboration with Valeriy in YesWeHack ⠵'s Mini-LHE and all the networking! See you all again next year at NullCon Berlin 2026.🤞 Thanks Antriksh (Yoda) #hardwear_ioNL2025 for organizing this awesome event. ❤️

Secured my First Hacker Award at the 3rd H1 Club Event Germany, as Most Helpful Hacker🫡It's been a pleasure as always, huge thanks to Lauritz and HackerOne for the Event!! Leaderboard results coming soon

If you are using Nextcloud Mail... you may want to make sure to update to the most recent version of the extension. apps.nextcloud.com/apps/mail/rele… Just stumbled over a trivial XSS issue by accident, just to find out, it was apparently addressed yesterday: github.com/nextcloud/mail…

4th place in the German Club LHE 😁 (Even tho not all bugs have been rewarded yet) I had 0 expectations joining the event, just exited to hack with some insanely talented folks, and learn as much as i can. And then out of nowhere i started finding some pretty nice bugs.

Recap of our HackerOne Hacking Meetup in September 👀 Leaderboard (still in progress): leaderboards.hackerone.live/germany-meetup… 👉 h1.community/e/mbkdm3/ #BugBounty #Meetup #HackerOne

ShareHound (Rémi GASCOU (Podalirius)), Conquest C2 (Jakob), Docker Compose path traversal (Ron Masas), dead domain discovery (Lauritz), Narrator persistence/lat movement (Oddvar Moe ), and more! blog.badsectorlabs.com/last-week-in-s…

Made a small and fun research about a technique to leak iframe contents, check this out: blog.bugport.net/auxclickjacking

Hello! Just published a new research with ( Sajeeb Lohani (prodigysml / sml555) , todayisnew) 🍻 Who Needs A Blind XSS? hx01.me/hailcsv.htm #CyberSecurity #BugBounty