SLAC conference workshop

Posted on Mon 02 March 2026 in security • Tagged with conference, security

conference workshop

I will give a workshop on Web App Security & Bug Bounty Lessons Learned on the SLAC Conference 2026 (May 13, 2026)

The topics covered are:

  • Real-world vulnerabilities (SQLi, XSS, RCE, Path Traversal) based on actual Bug Bounty reports
  • Attacker's perspective: how external researchers think and what internal teams miss
  • Practical defense strategies at code, server & browser level
  • Bug Bounty operations: triaging, researcher communication, false positives vs. real findings
  • Live demos with industry-standard hacking tools (ffuf, nuclei, BeEF, Juice Shop)
  • Actionable takeaways for Admins, DevOps & Security Engineers

more details and registration

the details page can be found here

bbot-ui - a terminal gui for bbot

Posted on Fri 05 December 2025 in security • Tagged with tools, python, security

what is it

A self-contained terminal UI for browsing and analyzing bbot scan results. bbot is an awesome tool made by blacklanternSecurity.

License: MIT Python 3.8+ Platform GitHub release Textual TUI

screenshot

source

the sources, documentation and releases are located here

bug bounty

Posted on Fri 31 December 2021 in security

Motivation

Ich investiere gern einen Teil meiner Freizeit in die Suche und das Melden von Schwachstellen. Selbstverständlich erwarte ich hierfür keinerlei Gegenleistung.

Dennoch möchten sich die meisten Betreiber gern erkenntlich zeigen und meine Arbeit unterstützen.

Unterstützung

Wenn Sie meine Arbeit unterstützen möchten können Sie dies auf folgende Weise:

1) Eine Spende für

  • Servermiete / Laborumgebung (ca. 50€/Monat)
  • Software Lizenzen (z.B. Burp Suite: 350€/Jahr)
  • die geplante Schulung und Zertifizierung als Ethical Hacker (ca. 2500€)

PayPal
https://paypal.me/KarBerlin

2) Amazon-Wunschliste

Amazon
https://www.amazon.de/hz/wishlist/ls/16BKUO7S8QAYB

3) Eine Empfehlung

via LinkedIn

4) Karma

oder ganz klassisch mit einem "Danke sehr" oder einem originellen T-Shirt (in Größe L).

big vpn providers are owned by one company

Posted on Mon 29 November 2021 in security • Tagged with vpn, privacy, security

vpn providers

according to a well-investigated article these four vpn providers are now owned by one company alongside with vpn review sites.

make sure to read the original article before choosing a vpn service of trust:

  • ExpressVPN
  • CyberGhost
  • Private Internet Access
  • Zenmate

source

the referred article can be found here

zabbix http/s checks from yaml dict

Posted on Sun 11 April 2021 in devops • Tagged with ansible, zabbix, gitlab, monitoring

motivation

to maintain the principle of configuration-as-code this tools helps to bulk create and update http/s checks from your zabbix server

imagine you need to monitor many different http/s microservice endpoints
you can create them using the zabbix gui, or note them down in a simple yaml dict. this automation uses ansible to utilize the zabbix api to create zabbix http/s checks with graphs and alert trigger

health_checks:
    - check_url:              "https://www.example.com/blog/"
    - check_url:              "https://api.example.com/endpoint/search?query=token"
      check_searchstring:     "Results for: token"
    - check_url:              "https://api.example.com/long/running/api"
      check_timeout:          "10s"
    - check_url:              "https://api.example.com/special/returncode"
      check_returncode:       "200,206"
    - check_url:              "https://static.example.com/images/"

source

the sources, documentation and examples are located here