Florian Hantke
Germany
About Me
Hi, I'm Florian Hantke, doctoral researcher at CISPA Helmholtz Center for Information Security and a security consultant focusing on web (application) security. Before that, I studied computer science at Friedrich-Alexander Universität Erlangen-Nürnberg in Germany and at Universidade Federal do Paraná in Brazil and worked as consultant at SEC Consult. During my freetime, I enjoy researching and practicing IT security in CTFs with FAUST or while Bug Bounty Hunting. When I find time, I also analyze programs I personally use and write some articles about it.
Apart from hacking in front of my computer, I also love spending time climbing with my friends or cooking a delicious meal to relax. As a doctoral researcher, I am fortunate to travel frequently which gives me the chance to explore new cuisines and discover new meals and recipes to add to my collection 😊
Work Experience
Doctoral Researcher (PhD)
CISPA Helmholtz Center for Information Security | Since Apr. 2022
I am currently pursuing a Doctorate (PhD) in the research group of Ben Stock at CISPA. My research focuses on web security and vulnerability disclosure.
IT Security Freelancer
Self | Since Apr. 2022
As an IT security consultant, I assist companies in developing their security strategy to protect against cyber threats. I specialize in web application penetration testing.
Associate Security Consultant
SEC Consult Group | Oct. 2020–Mar. 2022
In my previous role as a security consultant at SEC Consult, I conducted a variety of penetration tests and security assessments for clients. My work helped to identify vulnerabilities and risks in their IT systems, allowing them to take appropriate measures to mitigate potential threats.
Research Assistant
Friedrich-Alexander-University of Erlangen-Nürnberg | May 2019–Sep. 2020
I was a research assistance at the FAU IT Security Infrastructures Lab and developed a programming interface to acquire and analyze forensic data in critical infrastructure using Volatility and the Sleuth Kit. I also did research on forensics options in UEFI with EDK II.
Working Student
Siemens | Feb. 2017–Feb. 2019
I was a working student at Siemens. Mostly I developed SQL reports and automated our main task - license clearing - with Python scripts and Java tools.
Education and Courses
Master
Friedrich-Alexander-Universität Erlangen-Nürnberg | Oct. 2018-Mar. 2022
Master (Exchange)
Universidade Federal do Paraná, Brazil | Aug. 2019-Dec. 2019
Bachelor
Friedrich-Alexander-Universität Erlangen-Nürnberg | Oct. 2014-Mar. 2018
Academic Publications
You can also find all publications on Google Scholar.
Web Execution Bundles: Reproducible, Accurate, and Archivable Web Measurements
Florian Hantke, Peter Snyder, Hamed Haddadi, Ben Stock
USENIX Security Symposium (Usenix'25)
Read more...Where Are the Red Lines? Towards Ethical Server-Side Scans in Security and Privacy Research
Florian Hantke, Sebastian Roth, Rafael Mrowczynski, Christine Utz, Ben Stock
Symposium on Security and Privacy 2024 (S&P'24)
Read more...You Call This Archaeology? Evaluating Web Archives for Reproducible Web Security Measurements
Florian Hantke, Stefano Calzavara, Moritz Wilhelm, Alvise Rabitti, Ben Stock
Conference on Computer and Communications Security (CCS'23)
Read more...HTML violations and where to find them: a longitudinal analysis of specification violations in HTML
Florian Hantke, Ben Stock
Internet Measurement Conference (IMC'22)
Read more...How can data from fitness trackers be obtained and analyzed with a forensic approach?
Florian Hantke, Andreas Dewald
Wacco, European Symposium on Security and Privacy (EuroS&PW'20)
Read more...Public Appearances
A selection of talks and media appearances.
📰 Sicherheitsleck bei KigaRoo - Über zwei Millionen Kita-Daten im Netz
Netzpolitik.org
Check it out.🎥 „Well, What Would You Say if I Said That You Could?” - Scanning for Vulnerabilities Without Getting Into Trouble
German OWASP Day 2024
Check it out.🎙️ Pen tester, vulnerability researcher, cybersecurity doctoral candidate
Cybersecurity Advisors Network
Check it out.Blog Posts
This is only a selection. You can also find all my posts on Medium.
Till Breach Do Us Part
The Uninvited Guest at Your Wedding
Picture this, you’ve just had the perfect wedding. The vows were spoken, the dance floor was packed, but something was wrong...
Cliche Writeup — ångstromCTF 2022
Mutation XSS in DOMPurify and marked
Last weekend, I played the ångstromCTF 2022 with my team FAUST. During the CTF, I came across a relatively simple constructed but clever web challenge that I want to...
Hacking the University in a Few Steps
Escalating a Wrong Date to Get Code Execution
A couple of weeks ago, I was about to continue my application to my University. This is the story of how a wrong date has led to RCE on a university server.
Intigriti — XSS Challenge 0621
XSS via WebAssembly
The Challenge While scrolling through my Twitter feed, I saw a new post from Intigriti — a fresh XSS Challenge. Since I had some free time, I decided to give it a try. In the following...
Intigriti — XSS Challenge 0321
XSS with CSRF Bypass
It was March and Intigriti published a new XSS challenge. Since good XSS challenges are always a way to learn new interesting methods, I gave it a try. XSS The challenge website...
Reversing and analyzing the cooking app KptnCook
My Recipe Collection
I like cooking, it is somewhat relaxing to take some time off and create a delicious meal. So a friend recommended to me an app called KptnCook...
How photovoltaic system data ends up online
Another IoT Story
My parents bought a photovoltaic system developed to produce and use their own energy. Of course, as with every IoT-device nowadays, one may use an App to monitor the produced data. However, ...
© All Rights Reserved. Designed by HTML Codex