Max Grim
Where it all began
When my dad purchased a new PC at the “HCC! dagen” he decided to give his old Pentium II to me. I was 7 years old at the time. At first, I played games from those “250 games on 1 collection CD’s”, but this quickly changed when we got ADSL Internet.
I got interested in the Internet and its possibilities. This began by browsing all the pages on Startpagina, chatting via ICQ and playing online games. But I wanted to know how it all worked, and how to build my own web pages. The first website I built was made with Microsoft Frontpage and hosted on a free Lycos hosting account linked with a .tk domain. For me, it was astonishing to be able to put something on the Internet for others to see. This sparked my interest so much that I went to the library to get more books on HTML, PHP, and MySQL, but also Macromedia Flash and ActionScript for building small interactive programs.
Where it went to from there
In high school, I started my own company building websites and applications for local businesses. It was during this time that I also wrote my first “trojan” in Visual Basic that connected to a MySQL server, verified whether a bit was set to 1, and would eject the CD-ROM drive. In hindsight, I was already playing with offensive development, but at the time it felt more like just messing around. Considering a career in cyber security came years later.
I planned on taking a 1-year break after graduating high school but ended up working at an IT company that built software for, amongst others, a hotel booking website. During my time there I learned a bunch about developing code professionally.
From there, it was a logical step to start a Computer Science bachelor at the University of Amsterdam (2012-2016). During that time I learned a lot more about computer architecture, algorithms, and networks. This significantly improved my development skills, which I continued to apply while contracting for companies.
During the System and Network engineering master’s degree (2016-2017) I came into contact with the world of cyber security. It was thanks to an Android Hacking CTF event organized by Deloitte that I decided to join their cyber security team.
During my time at Deloitte, I performed countless security tests on networks, web- and mobile applications, on-site factories (across continents) and consumer hardware. Next to security tests I co-facilitated the GICSP and Hardware Hacking training and contributed to an online CTF platform.
After 4 years at Deloitte, I decided it was time to narrow my focus and specialize more in red teaming and offensive development at Outflank.
My specialisms
Besides being experienced with various types of security tests I know a thing or two about software engineering, cloud environments and DevOps practices. I also have a keen interest in designing, building, and hacking (embedded) hardware devices.
My coolest project ever
I did many great projects, but the coolest ones were always on physical objects such as power plants, water treatment facilities, trains, trams, buses et cetera. The coolest would be that we were able to take control over a train and trick the driver by providing false signals and telemetry to the control panel whilst taking over.