diff --git a/_includes/head.html b/_includes/head.html
index c9187a3..5e1de77 100644
--- a/_includes/head.html
+++ b/_includes/head.html
@@ -101,6 +101,9 @@
{% endif %}
+
+
+
{% unless site.theme_mode %}
diff --git a/_tabs/about.md b/_tabs/about.md
index d68791b..7a49b3d 100644
--- a/_tabs/about.md
+++ b/_tabs/about.md
@@ -4,5 +4,36 @@ icon: fas fa-info-circle
order: 100
---
-> Add Markdown syntax content to file `_tabs/about.md`{: .filepath } and it will show up on this page.
-{: .prompt-tip }
+This is the personal website and blog if *Christoph J. Scherr*.
+
+## Professionally
+
+I am currently a student of Cybersecurity at [DHBW Mannheim](https://www.mannheim.dhbw.de/) and work at
+[NewTec](https://www.newtec.de). Computer Technology, especially with a focus on
+security is my passion.
+
+## Technology
+
+I like managing and administering servers and services. This website is hosted
+on a [VPS](https://en.wikipedia.org/wiki/Virtual_private_server) hosted in
+Germany, which I pay [Netcup](https://www.netcup.de) for. Hosting your own services
+and managing your own servers is fun and I regularly learn new computer related
+things from it.
+
+I like Open Source Software, working on my own projects and using mostly OSS on
+my devices where possible. All my servers run [Debian](https://www.debian.org),
+and I use GNU/Linux on my PCs too.
+
+I mainly program in [Rust](https://rustlang.org) at the time of writing this,
+but I know many programming languages.
+
+## Other Interests
+
+I've been learning Japanese for over a year by now. I find myself often
+stumbling over Japanese media, and I've built a liking to the language by now.
+My Japanese is still pretty bad, and I still struggle to understand basic sentences,
+but I'm constantly learning.
+
+
「今年には春が好きですけど、それまで好きじゃなかったです。」
+
+When I feel creative, I sometimes make music. Some of that can be found [here](https://www.youtube.com/@plexsheep1296).
diff --git a/_tabs/imprint.md b/_tabs/imprint.md
index ed3cd9a..5ee0d46 100644
--- a/_tabs/imprint.md
+++ b/_tabs/imprint.md
@@ -1,4 +1,5 @@
---
icon: fas fa-legal
order: 200
+title: Imprint & Legal
---
diff --git a/_tabs/security.md b/_tabs/security.md
index aabaa27..324b8e6 100644
--- a/_tabs/security.md
+++ b/_tabs/security.md
@@ -2,3 +2,79 @@
icon: fas fa-lock
order: 6
---
+
+# Security Guidelines, Scope for cscherr.de and associated hosts
+
+- **[A] Scope**
+ - You may search for security issues ONLY on public facing services,
+ such as , , the
+ Minecraft server and others. You may not do so on sites
+ not visible without authentication. For example, is okay
+ (except private repositories), but is not
+ (I seed only Linux images). The ONLY machine you may target is my public
+ facing VPS (IP: `194.13.82.193` (`cscherr.de`)) and those machines
+ virtualised on it.
+ - You may NOT infiltrate any non-public machines (virtual or not).
+ - You may NOT exfiltrate data without explicit permission.
+ - You may NOT endanger the confidentiality, Availability and Integrity of
+ any data, service, or machine, unless with explicit permission.
+ - Any findings must be reported to the server owner (Christoph J. Scherr),
+ you can typically contact me on admin@cscherr.de.
+ - You may NOT cause any effect that would be considered "harmful" to the
+ server owner, the users, any service or machine, or any third party. If
+ you would like clarification on if your case would be considered harmful,
+ seek contact with me (admin@cscherr.de).
+
+- **[B] Bounty**
+ - If you actually manage to find something good, I would like to reward you with a
+ minor sum of money (~10EUR). I'm only an individual, and still a student,
+ so I cannot offer much, but you would have earned it. Preferably, you have
+ an account in Europe, so I can just use SEPA to transfer money. I don't have
+ PayPal or cryptocurrencies.
+ - You also have my honest thanks! If you want, you can get an entry in the
+ hall of fame below.
+ - I've been getting a lot of mail recently reporting very minor things, that
+ are often not security issues, like "exposed information on
+ https://static.cscherr.de". I encourage you all to report things you might
+ find suspicious, but you will not gain a bounty or entry in the HOF for
+ something that I deem not a thread or unknown risk. Furthermore, I reserve the right to
+ disagree with your reports and not put you in the HOF or pay a bounty as I
+ see fit. Bounties and the HOF are based on goodwill.
+ - If you want your entry removed from the HOF, please mail me (admin@cscherr.de),
+ we can work something out.
+
+- **[C] Known Risks**
+ - The following is a list of possible risks that are currently accepted:
+ - I don't have CAA Records (just using caddy+letsencrypt)
+ - no MTA-STS for cscherr.de
+ - Including of my sites as I-frames to trick users into clicking on something
+ - No rate limiting on my web server
+ - Possible brute forcing of login forms (I use strong random passwords and MFA)
+ - No BIMI Record for cscherr.de
+
+- Christoph J. Scherr, 2024
+
+--------------------------------------------------------------------------------
+
+
Hall of Fame
+
+--------------------------------------------------------------------------------
+
+Parth Narula, who found a DOS vulnerability in my WordPress site, resulting in
+near 100% server load by repeatedly sending requests to an endpoint which
+allowed users to load multiple JS and CSS files at once, and also tested the
+other subdomains.
+
+Mitigation: Removal of the WordPress site, as it wasn't actively used anyway.
+
+--------------------------------------------------------------------------------
+
+Mesum Raza, who found an open redirect in authentik (used on )
+prior to version 2024.2.2, and reported it to the authentik maintainers after
+correspondence. The open redirect has been removed in subsequent versions
+of authentik.
+
+See:
+
+--------------------------------------------------------------------------------
+
diff --git a/assets/css/extra.css b/assets/css/extra.css
new file mode 100644
index 0000000..3136f24
--- /dev/null
+++ b/assets/css/extra.css
@@ -0,0 +1,10 @@
+.ascii-art {
+ font-family: monospace;
+ white-space: pre;
+ line-height: 1rem;
+}
+
+.text-huge {
+ font-size: 9rem;
+ white-space: nowrap;
+}