I am currently working at CNAM (French National Health Insurance).
I do Offensive Security and some Forensic and I 💜 learning about malware.
Certifications
- 2022 - The Advanced Malware Analysis Course (Zero2Automated) by 0ffset Training Solutions Cert here!
- 2018 - OSCP by Offensive Security Badge here!
Teaching
- 2023 - Workshop - Blackhoodie @Hexacon - Seek and Destroy (or how to find and exploit Windows process killer drivers)
- 2022 - Course - Windows Security & Internals @ESIEA (computer science engineering school)
- 2022 - Workshop - BlackHoodie @Virtual - Malware Development 101. Slides and code available here
Work Experience
2021 -> today - Offensive Security at CNAM
- Malware Analysis
- Forensic
- Endpoint Detection & Response (EDR) and Anti-Virus assessment (bypass, detection limits, etc)
- Development of offensive and analysis tools: AD description password finder, FoxTerrier, Import Address Table Unhooking, Killers
- Active Directory assessment
- Internal penetration testing
- Web penetration testing of internal and public applications
2019 -> 2021 - Cybersecurity consultant at XMCO (Paris, France)
- Web penetration testing (black box/grey box)
- Internal penetration testing (Active Directory environment)
- Mobile application penetration testing (Android/iOS)
- PCI DSS certification penetration testing
- Member of the incident response team (forensic)
- Malware reverse for the R&D team
- Configuration audit (GNU/Linux).
2018 -> 2019 - Cybersecurity consultant at Oppida (Montigny-le-Bretonneux, France)
During my mission at Oppida, I carried out several types of missions. The first kind was to conduct penetration testing on various web applications. The second type was to audit products in order to present the results to the French National Agency for the Security of Information Systems (ANSSI), so that they can decide whether or not the product should get an accreditation (CSPN).
2015 -> 2018 - Trainee system and network adminstrator at Easter-Eggs (Paris, France)
I was an apprentice in system and network administration at Easter-Eggs during my bachelor and my master’s degree.
Besides tickets handling and customer relations, I conducted some personal personal missions such as: coding a spamtrap (and packaging it), conducting a security audit of the internal infrastructure, and setting up an audit server as well as its associated subroutines (vulnerability scan via OpenVAS, Nmap scans, antivirus scans and rootkit detection, etc).
I also installed, configured and deployed VoIP; installed, configured and deployed gateways (on Debian) and configured firewalls using ferm.
Moreover, I deployed a centralized password manager (passbolt) for internal use and took care of user training. Finally I coded an Icinga plugin that checks SSL/TLS configurations throughout the whole IT infrastructure to raise warnings if customers do not abide by best security practices.
2014 -> 2015 - Trainee system and network administrator at Alstom (Paris, France)
During the course of my apprenticeship, I carried out several missions of system administration.
The first one was to set up and configure a CentOS server. The second main one was to deploy a Redmine, in order to ease the team’s coordination.
Moreover, I was in charge of the new security policy enforcement. This policy made a complete overhaul of access control on file servers.
2007 -> 2009 - Baker
Professional baker at “Un jour, une flûte” and “Le quartier du Pain” in Paris, France
Training
- 2022 - Windows Internals for Security Engineers (by Yarden Shafir)
- 2022 - Advanced Digital Forensic Analysis (by HS2)
- 2022 - Windows & Active Directory Hardening (by HS2)
- 2021 - RED TEAM Operator: Malware Development Essentials Course (by Sektor7)
- 2021 - RED TEAM Operator: Malware Development Intermediate Course (by Sektor7)
- 2021 - RED TEAM Operator: Windows Evasion Course (by Sektor7)
- 2020 - Autopsy Basics and Hands-On training
- 2019 - Blackhoodie at HITB Conference - Malware Reverse 101
Education
2018 - Master’s degree in InfoSec at Université Paris 6 (Paris, France)
I completed my Master’s degree in apprenticeship at Easter-Eggs.
Some of the subjects I studied: forensic, Linux kernel, pentest, Android/iOS/IOT security, malware analysis, Code security (buffer overflow) along with some python and C programming.
2016 - Bachelor’s degree in InfoSec at ESGI (Paris, France)
I completed this degree in apprenticeship at Alstom.
Here I some of the subjects I studied: network and wi-fi security, cryptography and PKI, hardening Linux, security and physical intrusion, creating a ransomware.
2015 - DUT (University Diploma in Technology) in Computer Science at IUT Paris 5 (Paris, France)
I studied programming (web, software, system) and system administration.
2011 - DAEU B (Equivalence diploma leading to admission to universities) at Université Paris 6 (Paris, France)
2008 - CAP (Certificate of Professional) in Baking at École Grégoire-Ferrandi
I studied baking for 2 years while training at “À la Douce Tradition” under François Richier (Athis-Mons, France) before being a baker for 2 years.