In-depth Interview: Maximilian Hils

Maximilian Hils (@maximilianhils) is a student of Information Systems at WWU Münster, Germany. He is one of the two core developers of mitmproxy, on which he started to work on during his Honeynet Google Summer of Code project in 2012. In his spare time, he develops web applications and slays SSL dragons whereever he finds them. Recently, he developed an interest in Cloud Storage Security and Security Usability. He will be giving a live demo about "slaying SSL dragons with mitmproxy" at the upcoming annual The Honeynet Project workshop in Warsaw on May 13. Here you have a nice way to discover something more about him and his work.

Tell us, how did you get involved in the security community?
Well, I think Honeynet is to blame here. I've been loosely interested in information security before, but things took really off when I joined the Honeynet Project as a Google Summer of Code (GSoC) student in 2012. This was an intense (three month) summer full of coding and learning, followed by meeting many new people at the Honeynet workshop in Dubai. Since then, I continued working on my project which is now part of mitmproxy.

And what will you talk about?
mitmproxy! I'm involved in the project for two years now and I'm pretty confident that it's a swiss army knife any software developer or security professional can benefit from. In my demo session I'll share a variety of tricks & tips ranging from smartphone debugging to more advanced traffic analysis, so that should be fun. Inspecting a mobile application's behaviour has been traditionally tricky, so we show a simple setup where traffic from an Android device is intercepted and modified. That's not all though - you'll learn how you can rewrite traffic automatically or analyze saved conversations using mitmproxy's scripting interface. Long story short, you'll get a short but comprehensive intro to mitmproxy. I'm sure there are many things you're going to find useful!

What do you love the most being a security expert?
We have, especially at Honeynet, a really open and friendly research community. No bulky hierarchies, open-minded people and a hopefully good beer at the evening rather than S. Pellegrino.

And what is your best tip for (upcoming) security professionals today?
Short and sweet: Get involved in open source security software development. You're usually going to meet very talented people and learn a lot. Not to mention that it's an excellent door opener and a great thing to talk about in job interviews. Just take a look at Cuckoo Sandbox, thug, conpot or even mitmproxy, play around with them and contribute some improvements. I'm sure that Claudio, Angelo and Lukas all have getting-started tasks for newcomers that can be accomplished easily.

Last question, maybe a little subjective, why should people come to or sponsor the upcoming (and awesome) HP workshop in Warshaw?
Honeynet combines (a) excellent mentorship for upcoming security students, (b) support of widely-used open source projects and (c) a great workshop with an excellent community. If you're using thug, Cuckoo, mitmproxy, Glastopf, or Conpot in your company - sponsoring the workshop is an excellent way to show your gratitude and support the developers of these projects. I personally experienced the mentorship from Honeynet over the last two years and must say that Honeynet's contributions to support upcoming security professionals is really, really excellent and a good cause to support.