Kai Ullrich Security Consulting

About

I want to bring my knowledge of offensive security to help my clients organically improve their security posture. I assist with penetration testing, threat modeling, attack surface management, red teaming and awareness measures. In doing so, I benefit from my experience of many years in a wide variety of activities in companies of all sizes and industries.

Resume

Education

Diplom-Mathematiker

1998

University of Dortmund, Germany

Professional Experience

Software Developer

1998-2005

SAP AG, Walldorf

Senior Consultant

2005 - 2010

SAP Deutschland AG & Co KG, Walldorf

Freelance IT Consultant

2010 - 2017

Dozens of Identity and Access Management projects in all industries all over Europe

Red Team Penetration Tester and Security Researcher

2017 - 2022

Code White GmbH, Ulm

Freelance Cyber Security Consultant

2022 - today

Publications / O-days

2017: Java Deserialization Gadget
2018: Blogpost about 0-day in Camunda BPA Suite
2019: 0-day in Typo3-Plugin sr_freecap
2020: 0-day in Ivanti Avalanche
2021: 0-day in SAP NetWeaver Java
2022: 0-day in PTC Windchill
2022: Java Deserialization Gadget

Lectures

October 2022: The log4shell disaster at the it-sa Nuremberg, the largest trade fair for IT security in the DACH region
Jan - April 2023: What every Java developer should know about Offensive Security at Java User Group meetings in Nuremberg, Zurich, Mannheim, Darmstadt

Contact

Email:

kai (at) kysecc.com