Security Engineer & Penetration Tester — Germany
25 - Berlin & Chemnitz. I break things professionally and find vulnerabilities that have been sitting in production for years because nobody bothered to look. Broken software pisses me off. That's the whole reason.
🔴 Red Teaming — AD environments, AV/EDR evasion, phishing campaigns, C2 (Cobalt Strike, Sliver)
🐧 Linux — Debian-first, manual hardening, LXC/LXD
🛡️ SecEng — Threat modeling, detection engineering (YARA, Suricata), SIEM pipelines
Blog · CRTO · LPIC-1 · BSI §8a · IHK
| CVE | CVSS | Description |
|---|---|---|
| CVE-2026-55872 | 8.7 High | Stored XSS · Low Privileged |
| CVE-2026-55871 | 6.5 Medium | SQL Injection · High Privileged |
| Pending | 9.8 Critical | Missing Authorization · Auth Bypass |
| Pending | 9.8 Critical | OS Command Injection · RCE |
| Pending | 8.7 High | Heap-based Buffer Overflow · Off-by-One |
| Pending | 8.1 High | Argument Injection · Arbitrary File Write / DoS |
Low-quality findings in low-quality projects with at least a few hundred stars. Still CVEs.
| CVE | CVSS | Description |
|---|---|---|
| Pending | 9.8 Critical | SQL Injection · Unauthenticated |
| Pending | 9.8 Critical | SQL Injection · Unauthenticated |
| Pending | 9.8 Critical | SQL Injection · Auth Bypass |
| Pending | 9.3 Critical | Reflected XSS · Unauthenticated |
| Pending | 9.3 Critical | Reflected XSS · Unauthenticated |
| Pending | 9.3 Critical | Reflected XSS · Low Privileged |
| Pending | 8.7 High | Stored XSS · Low Privileged |
| Pending | 7.4 High | Weak Authentication · MD5 Type Juggling |
| Pending | 7.2 High | SQL Injection · High Privileged |
| Pending | 6.5 Medium | External File Path Control · File Delete |