Review of the last months

A lot of time has passed since we published the last blog post. We want to give a brief status update and an overview of the events of the recent months.

Internetwache is now over 2 years old. We have over 600 followers on Twitter @internetwache and we have about 2000 tweets. We would like to thank all the readers and supporters and look forward to further awesome whitehacking-years.

Other notable events:

Participation in the project

In mid-April we were asked by the Lanaru team to participate in their project. This project is similar to Bugcrowd or Crowdcurity has the goal to become a crowdsourced security platform for the region NL, BE, GER and it consumed most of our spare time during the last 6 month. The other team members are all awesome people and we really had a lot of fun learning new things there. Unfortunately, repeated delays and team-internal disagreements had led us to the decision quit the project. Nevertheless, we wish them all the best and we’re looking forward to be testers on their platform.


Currently, Tim is working on a new ​​security project. However, at this time there is no clear concept, but we will inform you once there are any news.

Expiration of our wildcard SSL certificate and switchover to a self-signed one.

In early August, our wildcard SSL certificate expired after one year. We had obtained the SSL-certificate for $ 10 during a campaign. Unfortunately, these certificate are not that cheap (~ 100 + € / year). Arguing that we mainly only offer static HTML files and without a lot of personal data except accessed URLs/cookies, we decided to go with a self-signed certificate.

You might experience a SSL warning when accessing the HTTPS version.

SHA-256 fingerprint 
57 0A 50 DE DC C8 B2 E8 66 F8 92 AB FD E8 60 CC 
C4 39 3F 86 F2 A8 84 7F 73 EB 02 4A 32 03 48 B2 

SHA-1 Fingerprint 
F8 E7 6B 1F 5E 47 85 E7 4D 46 F3 26 82 6E 13 0D 
F4 62 71 1D 

Release of an encoding tool on GitHub

During Sebastians holidays in Spain, he had the idea to develop a small web application providing different (web) en-/decoding algorithms. You can use the version hosted on our domain or use the sourcecode to host your own version. The whole en-/decoding process in implemented in javascript (please don’t look at the code :P), so we cannot see your awesome XSS/HTML bypasses.

We’d be happy if you push back any code changes (e.g. implementing more algorithms) to our repo (Pull requests are awesome!).

Hacking at Bugcrowd to stay in the Top10

The competitiors never sleep - unlike us - ;). In order to keep us in Bugcrowds Top10, we submitted a load of vulnerabilities. So far, the validation resulted in a bunch of duplicates, but we came across some (interesting) valid vulnerabilities, too. We hope to keep our place in the top 10 in 2014!

Publication of a Lin klist

During a trip through Poland, Sebastian had another indea: A public link list containing links to some resources about hacking. Often you stumble upon some interesting links on Twitter or somewhere else (e.g. new tools/exploits/papers…). In order to put all the bookmarks in one place and share them you (sharing is sexy! ;) ), we feature a Link List now. Additions to the list are very welcome, just send us a tweet or an email if you find a nice website/tool/exploit/something else.

Hacking other bug bounties

Even though we’ve been quite silent lately, we were of course surfing the internet. We have attended some bounties and have even received rewards. We have been particularly active on HackerOne. Since HackerOne reports are publicly available, we do not write about them anymore. If you are intrested in some of our bugs just take a look at our HackerOne Account or search for “Internetwaceh” on the unofficial H1 disclosure timeline. Unfortunately, all the “interesting” reports are still on hold for public disclosure.

Personal stuff

Sebastian faces his 5th semester of computer science degree and hacks here and there ;) He has been busy with his studies and therefore has not been so active in whitehacking. Addtionally, I’m working on some non-security projects. My Twitter

In the meantime Tim gained his A-levels and started a degree in business IT. After graduation, I traveled to Malaysia and Cambodia and visited @Yappare , a top-hunter from Bugcrowd. It was really nice to talk to him and I wish him all the best! I also got ​​many cultural impressions and experiences. In addition to that, I got some new power and ideas for hopefully nice projects in the future. Latest projects can always be found on my website or on my Twitter @TimPhSchaefers.

Stay tuned, the team of