About Maximilian Kaul

I’m a web application security penetration tester located in Munich, Germany. I studied in Stockholm, Sweden at the Royal Institute of Technology (KTH) in the Computer Science master’s program. Before that I studied Computer Science at Heidelberg University (Germany) where I received a Bachelor degree in 2015. You can read about my university education here.

My main interests are with security, Linux (which I have been using almost exclusively for about 10 years now), algorithms and C++. I wrote my master thesis on “Ransomware for the Internet of Things” with Shaid Raza at RISE. You can find my CV here.

Please find my GPG key here in case you want to contact me using encrypted email.


I’m a Offensive Security Certified Professional (OSCP). Try harder!

I’m learning how to fly. Already passed my paragliding theory exam and I’m working on accumulating at least 40 flights for the practice exam.

Started to work in Munich, Germany :)

I just learned that I passed my Master thesis. Next step: finding a job. Preferably in the computer security area (e.g. pentesting / security engineering) or in software engineering (e.g. Linux/C++/C/...).

I started to solve problems on Open Kattis. We used the platform for some courses at KTH and I like problem solving so the shoe fits :) Currently I’m around rank 250 and aiming for top 100.

All the old photos migrated away from my website and are now part of Jana’s sand-islets.de website. So if you have old bookmarks don’t be surprised if the photos are no longer at their usual place. I put a note at all the old locations with a link to the new gallery on Jana’s website.

I polished most of the website’s style following Butterick’s amazing book on typography. I hope you like it. Suggestions for further improvements are always welcome ;)

2 factor authentication is now enabled for Roundcube and Nextcloud (I’m using FreeOTP on my phone). Next milestone: Single Sign On…

Please stop using my old GPG key FFF578DA. My laptop and backup got stolen so I no longer have access. The keys are not compromised. Laptop and backup are encrypted. I’m sorry for the inconvenience. My new key is available here. Unfortunately the old key can not be revoked since all 3 copies of the revocation certificate were on now stolen hardware.

Starting now all my hosts use Let’s Encrypt certificates. There are no warnings to be expected because the keys have been pinned in time.


This is just a collection of random stuff I think people should know about.

Sand Islets

Check out Jana’s website. She uploads a lot of amazing photos. The whole website is a project of the two of us: She is providing amazing content and I’m getting a chance to play around with django.

Comedy Wildlife

The Comedy Wildlife Photography awards website has a lot of hilarious photos. It’s a collection of high quality funny wildlife photography and definitely worth the time.

Spurious Correlations

Spurious correlations is a nice collection of seemingly unrelated stuff that highly correlates.


Jan makes amazing chili and recently started a new website (in German). My personal favorite so far is “Sonniger Süden”: a very hot (8 out of 10 points) and tasty chili sauce with pineapple.