About
My name is Maximilian Hildebrand aka m10x and I’m a penetration tester @ G DATA Advanced Analytics GmbH.
I’ve pursued a master’s degree in IT-Security @ Ruhr-Universität Bochum, with a focus on web, network and SSO security.
Interests
- Web, SSO pentesting
- API pentesting
- Mobile pentesting
- External pentesting
- Internal pentesting, especially Active directory
- Red Teaming
Certificates
- Certified Red Team Operator (CRTO)
- Offensive Security Certified Professional (OSCP)
- eLearnSecurity Web Application Penetration Tester Extreme v2 (eWAPTXv2)
- Practical Network Penetration Tester (PNPT)
- eLearnSecurity Mobile Application Penetration Tester (eMAPT)
- eLearnSecurity Junior Penetration Tester (eJPT)
CVEs
- SSTI (RCE), Arbitrary File Read & XSS in Tandoor Recipes (CVE-2025-23211,CVE-2025-23212,CVE-2025-23213)
- BACs leading to Priv Escs and More in Mealie (CVE-2024-55070, CVE-2024-55071, CVE-2024-55072, CVE-2024-55073)
- XSS, CSRF & BAC in Grocy (CVE-2024-55074, CVE-2024-55075, CVE-2024-55076)
- SQLi, XSS & more in TOPqw Webportal (CVE-2024-45875, CVE-2024-45876, CVE-2024-45877, CVE-2024-45878, CVE-2024-45879)
Programming languages [I’ve use(d) the most and done projects with]
- Go
- Python
- C#
- Java
Hobbys
- Selfhosting various services (utilizing Proxmox and Docker for Virtualization, Caddy as Reverse Proxy)
- CTFs (HackTheBox)
- Lockpicking (Green Belt)
- Running, Cycling, Weightlifting