About Maximilian Kaul

I’m a web application security penetration tester located in Munich, Germany. I studied in Stockholm, Sweden at the Royal Institute of Technology (KTH) in the Computer Science master’s program. Before that I studied Computer Science at Heidelberg University (Germany) where I received a Bachelor degree in 2015. You can read about my university education here.

My main interests are with security, Linux (which I have been using almost exclusively for about 10 years now), algorithms and C++. I wrote my master thesis on “Ransomware for the Internet of Things” with Shaid Raza at RISE. You can find my CV here.

Please find my GPG key here in case you want to contact me using encrypted email.


I’m an Offensive Security Certified Expert (OSCE). Try harder! The big question now is: what to do next?

Paragliding is fun. I went for the “B-Schein” - the cross country license allowing me to leave the immediate vicinity of the take-off site.

I’m an Offensive Security Certified Professional (OSCP). Try harder!

Passd the “A-Schein”. Now I’m a licensed pilot and can go fly on my own.

I’m learning how to fly. Already passed my paragliding theory exam and I’m working on accumulating at least 40 flights for the practice exam.

Started to work in Munich, Germany :)

I just learned that I passed my Master thesis. Next step: finding a job. Preferably in the computer security area (e.g. pentesting / security engineering) or in software engineering (e.g. Linux/C++/C/...).

I started to solve problems on Open Kattis. We used the platform for some courses at KTH and I like problem solving so the shoe fits :) Currently I’m around rank 250 and aiming for top 100.

All the old photos migrated away from my website and are now part of Jana’s sand-islets.de website. So if you have old bookmarks don’t be surprised if the photos are no longer at their usual place. I put a note at all the old locations with a link to the new gallery on Jana’s website.

I polished most of the website’s style following Butterick’s amazing book on typography. I hope you like it. Suggestions for further improvements are always welcome ;)

2 factor authentication is now enabled for Roundcube and Nextcloud (I’m using FreeOTP on my phone). Next milestone: Single Sign On…

Please stop using my old GPG key FFF578DA. My laptop and backup got stolen so I no longer have access. The keys are not compromised. Laptop and backup are encrypted. I’m sorry for the inconvenience. My new key is available here. Unfortunately the old key can not be revoked since all 3 copies of the revocation certificate were on now stolen hardware.

Starting now all my hosts use Let’s Encrypt certificates. There are no warnings to be expected because the keys have been pinned in time.