Sebastian Neef
IT Security Research by Heart
PhD candidate. Freelancer. CTF-Player. Speaker & more ;-)
I like building things and hacking stuff. Usually building web applications and hacking websites.
Since September 2019 I'm an research and teaching assistant at the chair for security in telecommunications. View chair's website and publications
Since december 2012 I'm officially a registered freelancer. Since then I've been doing penetration tests and programming tasks for various german customers. I've found security issues in companies like Google, Paypal, Microsoft, Adobe and others. For all references, follow the link below: All references
I registered this domain in 2015, because I thought it was funny. It's my security related blog about CTF write-ups and security research conducted by me. View project
AGRS (working group computer security) is an IT-security student meetup at the Technical University of Berlin. It's home to the CTF team 'ENOFLAG'. In 2018, AGRS became an official student association. Since then, I've been one of the board members and always happy to teach newcomers. View project
I co-founded this project in mid 2012. It's a security blog about our security related research and activity. You'll find write-ups for various bug bounty programs as well as how we obtained flags from Capture the Flag events or which techniques we used to hack your website. Mehr (DE) More (EN)
After deciding to cease blogging on gehaxelt.in, I started the german blogging platform "Blogbasis" in early 2013. There are multiple categories, so a lot of diverse topics are covered. The platform is open for all, but activity decreased over time. Nevertheless, I'm publishing posts every now and then. View project
During the COVID pandemic, a friend and I started a computer-support website. The idea was to sell support services to people who are not as tech-savvy and face problems that appear unsolvable to them. We lost interest in it after the pandemic ended (in 2022) and we followed other interests and projects.
This project aims to provide a place for posting and sharing write-ups, reviews and a list of bug bounty programs. Developement started in late 2014 and was finished in early 2015. Unfortunately, this project didn't receive the anticipated attention by the security community and was therefore terminated in 2019.
On the 20th of february 2016, the first Internetwache CTF was held. It was a 36 hour long jeopardy-style CTF with 30 challenges in six categories. The overall impression and feedback was pretty good (4.5 out of 5). I'm happy with the result in every aspect and I'm looking forward to host another CTF next year! View on ctfime.org
This was my first blog and I registered the domain for my nickname back in 2011. I used it to blog about my every-day technical problems and their solutions as well as my early security investigations. Unfortunately, Google banned me from the index. This was when I started the blogbasis.net project and eventually after a year or two my original blog was indexed again. View project
This project started with redshark1802 as he helped me to develop the first version in early 2014. I continued to extend and run the project on my own. The idea was to build a website where people could enter their *(alt)-coin address to receive a small portion of the crypto currency. I've discontinued this project in mid 2015 due to personal reasons and to make space for other ideas.
This is the first major project with my colleague Codeze.ro and it started in May 2015. The idea is to create a platform where people can participate in giveaways and win CS:GO weapon skins. View project
This was a project started by Oliver Beg. A Bug Bounty platform similar to bugcrowd.com or hackerone.com. He had invited me to join their team and curious as I was, I accepted the invite. Unfortunately the whole team situation didn't really work well, so people (including me) quit.
This was more an a project for myself. A website which uses subbrute as the backend to analyse and save the subdomains of my targets. I didn't publish and abandoned it due to legal concerns.