About
My name is Maximilian Hildebrand aka m10x and I’m a penetration tester @ G DATA Advanced Analytics GmbH.
I’ve pursued a master’s degree in IT-Security @ Ruhr-Universität Bochum, with a focus on web, network and SSO security.
Interests
- Web, SSO pentesting
- API pentesting
- AI Application pentesting
- Mobile pentesting
- External pentesting
- Internal pentesting, especially Active directory
- Red Teaming
Certificates
- Hack The Box Certified Web Exploitation Specialist (HTB CWES)
- Certified Red Team Operator (CRTO)
- Offensive Security Certified Professional (OSCP)
- eLearnSecurity Web Application Penetration Tester Extreme v2 (eWAPTXv2)
- Practical Network Penetration Tester (PNPT)
- eLearnSecurity Mobile Application Penetration Tester (eMAPT)
- eLearnSecurity Junior Penetration Tester (eJPT)
CVEs (56 Total)
- RCE, SQLi, XSS and More in e-TMS by Andsoft (CVE-2025-59735 - CVE-2025-59774)
- Privilege Escalation in Tandoor Recipes (CVE-2025-57396)
- SSTI (RCE), Arbitrary File Read & XSS in Tandoor Recipes (CVE-2025-23211,CVE-2025-23212,CVE-2025-23213)
- BACs leading to Priv Escs and More in Mealie (CVE-2024-55070 - CVE-2024-55073)
- XSS, CSRF & BAC in Grocy (CVE-2024-55074 - CVE-2024-55076)
- SQLi, XSS & more in TOPqw Webportal (CVE-2024-45875 - CVE-2024-45879)
Hall of Fame
- MariaDB (Read-Only SQL statement bypass)
- Dailymotion (Web cache poisoning leading to DoS)
- Doctolib (Web cache poisoning leading to open redirect/DoS)
Programming languages [I’ve use(d) the most and done projects with]
- Go
- Python
- C#
- Java
Hobbys
- Selfhosting various services (utilizing Proxmox and Docker for Virtualization, Caddy as Reverse Proxy)
- CTFs (HackTheBox)
- Lockpicking (Green Belt)
- Running, Cycling, Weightlifting