Rating: 5.0

To start, we need to find out who voldemortensen is.
I started with a twitter search, from there I found @voldemortensen's profile.
On his profile you will find a link to his own website garthmortensen.com
at this point we have found his website, now we just need to figure out how to send him a vulnerability report.

After a bit of online search I came across http://securitytxt.org/ a new standard that gives websites a form of contact for vulnerability reports. Exactly what we are looking for.
If you look at the standards for the security.txt file (further down the home page of securitytxt.org) you will find a few places where a security.txt file can be kept.
when you try the garthmortensen.com/.well-known/security.txt you find a page that show a contact for voldemortensen and the flag

>NeverlanCTF Flag
>
>flag{you_should_have_a_security_txt_too}