Kai Greshake, Developer in Saabrücken, Germany
Kai is available for hire
Hire Kai

Kai Greshake

Verified Expert  in Engineering

Security Testing Developer

Location
Saabrücken, Germany
Toptal Member Since
June 15, 2017

Kai works in the field of IT security. He's a seasoned developer and security consultant. Having worked on projects of all sizes with remote and local teams, Kai can deliver standalone high-performance applications for use in a back-end environment, penetration testing, and general security consultation. Kai's high-quality education in computer science allows him to understand and apply complex subjects efficiently.

Portfolio

sequire
Security Testing, IoT Security, Web App Security
KORAMIS
Incident Response, Penetration Testing, Security

Experience

Availability

Part-time

Preferred Environment

Rust, .NET Core, Linux, Git

The most amazing...

...thing I've created is a neural network trained on quotes from famous people, generating new "wisdom" which self-improves through user feedback.

Work Experience

Pentester | Consultant

2022 - PRESENT
sequire
  • Developed highly secure software drivers for industrial computing.
  • Tested products, applications, and infrastructure offensively to help companies improve their security posture.
  • Developed partially automated reporting tools to cut time spent writing penetration testing reports by two-thirds while producing higher-quality output.
Technologies: Security Testing, IoT Security, Web App Security

Cyber Security Engineer | Penetration Tester

2019 - 2021
KORAMIS
  • Coached many customers to identify security issues and efficiently fix them.
  • Assisted companies in incident response, responding to attacks and mitigate them.
  • Surveyed industry-standard tooling for vulnerabilities to help customers maintain a secure stance. Identified many issues, including a critical vulnerability in Symantec Critical Systems Protection software which protects industrial plants worldwide.
Technologies: Incident Response, Penetration Testing, Security

Security Researcher

2015 - 2019
Center for IT-Security, Privacy, and Accountability
  • Developed high-performance software for the parallel calculation of advanced anonymity metrics.
  • Analyzed the security of Android apps generated using app generators such as Appy Pie and SeattleCloud.
  • Implemented a fuzzing environment and tools to fuzz the Android middleware.
Technologies: Python, Rust, C++, C, .NET Core

Software Developer

2014 - 2015
KS Software (now xbAV)
  • Developed a financial consultation back-end (calculation of taxes, interest rates, and more).
  • Worked on a UI using WPF for the consultation process.
  • Implemented quality-control measures (unit tests).
Technologies: Visual Studio, Git, Windows Presentation Foundation (WPF), .NET

Freelance Developer

2012 - 2014
RS Wägetechnik
  • Developed a back-end calculating the advanced metrics over the calibration data collected from various high-precision measurement devices.
  • Built a login system and infrastructure with access control and user management.
  • Designed and implemented a front-end desktop application interface to input and manage calibration data.
Technologies: Git, Visual Studio, Windows Presentation Foundation (WPF), .NET

Contact Tracing Gateway System for Germany

https://www.iris-connect.de/
I helped develop the security model and implementation of IRIS connect, a nationwide service in Germany that helps local health departments collect contact tracing information from the various app providers. It will be used in the majority of Germany's health departments.

Bsc Thesis on Fuzzing (Automated Software Testing)

https://www.dropbox.com/s/43ovybqfiugen1w/thesis_greshake.pdf?dl=0
In this study, I benchmark various different optimization algorithms on their fuzzing capabilities to find that constraint solving with optimization might not have been the key to Angoras performance. Nonetheless, results show promising directions for future research and will expand the performance and use cases for fuzzing in the future.

There's a blog post about it: https://andreas-zeller.blogspot.com/2019/10/when-results-are-all-that-matters-case.html

i3status-Rust

https://github.com/greshake/i3status-rust
This is a very resource-friendly and feature-rich replacement for i3status; written in pure Rust. An open-source project that I've started and continue to maintain.

QuoteBot (German)

https://www.facebook.com/quotebotde
A neural network bot trained on quotes from famous people, generating new "wisdom" which self-improves through user feedback. It posts content on its own Facebook page. Currently it's only in German and is not active right now. The feedback home page also is currently not online due to the cost of operation.

Dieter Meurer Award

This is an award for achievement in the field of legal computer science, pertaining in this case to my responsible disclosure of open-access database breaches (early '15). The link refers to the paper that we published in response to the incident.

Specialized Lectures

These are some of the specialized courses that I attended in university:
- Web Security
- Cryptography
- Secure Software Engineering
- Security Testing
- Cybersecurity
- Cybersecurity Project
- Security (Advanced Lecture)
- Hacking
- Mobile Security

I'm happy to answer any further questions about the topics covered.

Industrial Software Vulnerabilities

Broadcom's Critical Systems Protection software is used around the world in industrial facilities.

During my work as a penetration tester, I've uncovered many critical software vulnerabilities like this one:
https://support.broadcom.com/security-advisory/content/0/0/SYMSA1498

Dell Software Security Acknowledgment Program

This program was made for the vulnerabilities in the Dell update system which I discovered and helped to fix.
2014 - 2018

Bachelor's Degree in Cybersecurity

Saarland University - Saarbrücken, Germany

Tools

Microsoft Visual Studio, PyCharm, Git, Visual Studio, IntelliJ IDEA, CLion

Platforms

Linux, Android

Languages

C#, Python, C++, Go, SQL, Rust, C, Java

Paradigms

Concurrent Programming, Penetration Testing, Agile, Software Testing

Storage

MongoDB, PostgreSQL

Frameworks

.NET, Windows Presentation Foundation (WPF), Django, Flask, ASP.NET, .NET Core

Industry Expertise

Cybersecurity

Other

Cryptography, Security Testing, Security, Incident Response, IoT Security, Web App Security

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring