Creation of automated configuration audit scripts for penetration testing on Windows and Linux systems of a set of machines on a Vsphere virtualized infrastructure. Automated deployment, data recovery and removal of penetration test files on the entire virtualized system.
Advanced network configuration based on architecture and addressing schemes
Writing of the vulnerability closure report of the previous penetration tests on the Galileo system
Vulnerability analysis, impact evaluation on the system
Travel to ESTEC (European Space Research and Technology Center, Netherlands) twice a month for 3 days for consultation and study of documents from the European Space Agency
Study of the cybersecurity impacts of the divergence of requirements between "As-built" and "As-designed" industrial systems. Decision making on the adoption or not of the deviation according to the criticality of the impact of the vulnerability created, in correlation with the global criticality of the system where the deviation is located.
Head of the pentesting unit
March 2022 - January 2024 Apside Cyber
See more details
Achievement
Team management
Web penetration templates
Capitalization in the form of a database on vulnerabilities and recommendations based on OWASP flaws and methodologies
Web application, Infra and system pentests
OS hardening
Embedded system security
Set up a web attack scenario and developed a methodology for its detection via the Splunk tool
Creation of the platform CyberUS under Flask, internal tool to monitor and improve team skills based on root-me challenges
Creation of a Cyber threat inteligence (CTI) tool : OSINT Leaks, a script to harvest internal client mails and gather the criticity of the data leakage in relation to the mail detected. Also permits to gather emails passwords from leaked databases
Creation of Root-us, tool to auto exploit linux systems vulnerabilities. It is an automated bash script to check and exploit the system configuration of a linux system optimized for the Debian distribution in order to perform privilege escalation
Creation of the internal wiki of the Cyber business unit
Piloting of penetration tests on internal and external missions. Verification of the technical and editorial quality of the penetration test team. Technical support to the teams in case of need of expertise on vulnerability exploitation
Offensive web & mobile pentester at Intrinsec
September 2020 - February 2022 Intrinsec : in the Evaluation department
See more details
Main achievement
Mobile applications audit & pentests
Web application audit & pentests
Realization of more than 100 missions of intrusion tests for companies (non exhaustive list): Crédit Agricole, BNP, ING, Société générale, SGS, Bel, Mediamétrie, Franprix, Carglass
Internal talk to increase the team's skills on XXE (SOAP) vulnerabilities
2019 - 2020 *GarageISEP : ISEP Association relative to New
Technologies
See more details
Main goal
Realization of workshops, conferences and
hackathons on the field of the
cybersecurity
Few Examples of workshops subjects
Web pentests
Metasploit framework
Reverse engineering
Datamining
Modding
Offensive web & mobile pentester (Intership)*
February 2020 - July 2020 *Intrinsec : in the Evaluation department.
See more details
Main achievements
Mobile applications audit & pentests
Web application audit & pentests
Realization of tools for mobile-oriented pentests.
Tool allowing the bruteforce of iOS application pins in order to demonstrate to the customer the impact of the non-implementation of a timeout system or blocking after X attempts. Performance to perform all possibilities: 3min for 4 characters, 5 hours for 6 characters.
Tools to automate the recovery of application permissions
Creation of a script to check the presence of the protections proposed by the compiler (PIE, ARC, SSP, etc.)
Creation of a script allowing the recovery of the classes of an application
Creation of a script allowing the recovery of the classes of an application
Development of a vulnerable iOS application for internal training and recruitment.
PoC using HackRF
Hackathon Vivatech (TechCrunch)
Friday 17 May 2019 - Saturday 18 May 2019
See more details
Problematic : Find smart solutions to make Healthcare professionals’ practice easier and bring better care to people living with cardio-metabolic challenges like diabetes
Our solution: Create a website that permit to link patients to their doctor. The doctor will use the website as a way to track the health evolution of the patient. Using Machine learning algorithm, with an anonymised dataset of health data such as blood sugar, weight, glycemia... we could predict potential complications and help doctors make a diagnosis
Datathon: Special Jury Prize (Main Jury: Cédric Villani)
Friday 15 March 2019 - Sunday 17 March 2019
See more details
Problematic level of electric mobility, energy and transport
Our solution: Finding territories with high potential for energy transition. We had create a website that permit datavisualisation of our score results by territories based on the data we found on the opendata (data.gouv.fr) and the algorithm that we used to calculate the score
Main steps of our solutions
Find an innovative idea
Search for relevant data in open data
Data analysis
Calculation of territorial scores according to the different criterias
Data visualization, Website development and deployement