About Maximilian Kaul
I’m a web application security penetration tester located in Munich,
Germany. I studied in Stockholm, Sweden at the Royal Institute of
Technology (KTH) in the Computer
Science master’s program. Before that I studied Computer Science at
Heidelberg University (Germany) where I received a Bachelor degree in
2015. You can read about my university
My main interests are with security, Linux (which I have been using
almost exclusively for about 10 years now), algorithms and C++. I wrote
my master thesis on “Ransomware for the Internet of Things” with
Shaid Raza at RISE. You can find my CV
Please find my GPG key here in case
you want to contact me using encrypted email.
I’m an Offensive Security Certified Expert (OSCE).
Try harder! The big question now is: what to do next?
Paragliding is fun. I went for the “B-Schein” - the cross country
license allowing me to leave the immediate vicinity of the take-off
I’m an Offensive Security Certified Professional (OSCP).
Passd the “A-Schein”. Now I’m a licensed pilot and can go fly on my
I’m learning how to fly. Already passed my paragliding theory exam and
I’m working on accumulating at least 40 flights for the practice exam.
Started to work in Munich, Germany :)
I just learned that I passed my Master thesis. Next step: finding a
job. Preferably in the computer security area (e.g. pentesting /
security engineering) or in software engineering (e.g.
I started to solve problems on Open Kattis. We used the platform for
some courses at KTH and I like problem solving so the shoe fits :)
I’m around rank 250 and aiming for top 100.
All the old photos migrated away from my website and are now part of
Jana’s sand-islets.de website. So
if you have old bookmarks don’t be surprised if the photos are no
longer at their usual place. I put a note at all the old locations with
a link to the new gallery on Jana’s website.
I polished most of the website’s style following Butterick’s amazing book on
typography. I hope you like it. Suggestions for further improvements
are always welcome ;)
factor authentication is now enabled for Roundcube and Nextcloud (I’m using FreeOTP on my phone). Next milestone:
Single Sign On…
Please stop using my
old GPG key
FFF578DA. My laptop and backup got stolen so I no longer have
access. The keys are not compromised. Laptop and backup are encrypted.
I’m sorry for the inconvenience. My new
key is available here. Unfortunately the old key can not be revoked
since all 3 copies of the revocation certificate were on now stolen
Starting now all my hosts use Let’s
Encrypt certificates. There are no warnings to be expected because
the keys have been pinned in