Florian Hantke

PhD Student, Hacker, Foodie, IT Security Consultant, CTF Player, Web Developer
Contact Me


About Me

Hi, I'm Florian Hantke, a PhD student at CISPA Helmholtz Center for Information Security and a security consultant focusing on web (application) security. Before that, I studied computer science at Friedrich-Alexander Universität Erlangen-Nürnberg in Germany and at Universidade Federal do Paraná in Brazil and worked as consultant at SEC Consult. During my freetime, I enjoy researching and practicing IT security in CTFs with FAUST or while Bug Bounty Hunting. When I find time, I also analyze programs I personally use and write some articles about it.

Apart from hacking in front of my computer, I also love spending time climbing with my friends or cooking a delicious meal to relax. As a PhD student, I am fortunate to travel frequently which gives me the chance to explore new cuisines and discover new meals and recipes to add to my collection 😊

Work Experience

PhD Student

CISPA Helmholtz Center for Information Security | Since Apr. 2022

I am currently pursuing a PhD in the research group of Ben Stock at CISPA. My research focuses on web security and vulnerability disclosure.

IT Security Freelancer

Self | Since Apr. 2022

As an IT security consultant, I assist companies in developing their security strategy to protect against cyber threats. I specialize in web application penetration testing.

Associate Security Consultant

SEC Consult Group | Oct. 2020–Mar. 2022

In my previous role as a security consultant at SEC Consult, I conducted a variety of penetration tests and security assessments for clients. My work helped to identify vulnerabilities and risks in their IT systems, allowing them to take appropriate measures to mitigate potential threats.

Research Assistant

Friedrich-Alexander-University of Erlangen-Nürnberg | May 2019–Sep. 2020

I was a research assistance at the FAU IT Security Infrastructures Lab and developed a programming interface to acquire and analyze forensic data in critical infrastructure using Volatility and the Sleuth Kit. I also did research on forensics options in UEFI with EDK II.

Working Student

Siemens | Feb. 2017–Feb. 2019

I was a working student at Siemens. Mostly I developed SQL reports and automated our main task - license clearing - with Python scripts and Java tools.

Education and Courses


Friedrich-Alexander-Universität Erlangen-Nürnberg | Oct. 2018-Mar. 2022

Master (Exchange)

Universidade Federal do Paraná, Brazil | Aug. 2019-Dec. 2019


Friedrich-Alexander-Universität Erlangen-Nürnberg | Oct. 2014-Mar. 2018


eLearn Security

Academic Publications

You can also find all publications on Google Scholar.

Where Are the Red Lines? Towards Ethical Server-Side Scans in Security and Privacy Research

Florian Hantke, Sebastian Roth, Rafael Mrowczynski, Christine Utz, Ben Stock

Symposium on Security and Privacy 2024 (S&P'24)

You Call This Archaeology? Evaluating Web Archives for Reproducible Web Security Measurements

Florian Hantke, Stefano Calzavara, Moritz Wilhelm, Alvise Rabitti, Ben Stock

Conference on Computer and Communications Security (CCS'23)

HTML violations and where to find them: a longitudinal analysis of specification violations in HTML

Florian Hantke, Ben Stock

Internet Measurement Conference (IMC'22)

How can data from fitness trackers be obtained and analyzed with a forensic approach?

Florian Hantke, Andreas Dewald

Wacco, European Symposium on Security and Privacy (EuroS&PW'20)


Blog Posts

This is only a selection. You can also find all my posts on Medium.

Till Breach Do Us Part
The Uninvited Guest at Your Wedding

Picture this, you’ve just had the perfect wedding. The vows were spoken, the dance floor was packed, but something was wrong...

Cliche Writeup — ångstromCTF 2022
Mutation XSS in DOMPurify and marked

Last weekend, I played the ångstromCTF 2022 with my team FAUST. During the CTF, I came across a relatively simple constructed but clever web challenge that I want to...

Hacking the University in a Few Steps
Escalating a Wrong Date to Get Code Execution

A couple of weeks ago, I was about to continue my application to my University. This is the story of how a wrong date has led to RCE on a university server.

Intigriti — XSS Challenge 0621
XSS via WebAssembly

The Challenge While scrolling through my Twitter feed, I saw a new post from Intigriti — a fresh XSS Challenge. Since I had some free time, I decided to give it a try. In the following...

Intigriti — XSS Challenge 0321
XSS with CSRF Bypass

It was March and Intigriti published a new XSS challenge. Since good XSS challenges are always a way to learn new interesting methods, I gave it a try. XSS The challenge website...

Reversing and analyzing the cooking app KptnCook
My Recipe Collection

I like cooking, it is somewhat relaxing to take some time off and create a delicious meal. So a friend recommended to me an app called KptnCook...

How photovoltaic system data ends up online
Another IoT Story

My parents bought a photovoltaic system developed to produce and use their own energy. Of course, as with every IoT-device nowadays, one may use an App to monitor the produced data. However, ...

© All Rights Reserved. Designed by HTML Codex