CyberSecurity Engineer

Pentest   ▪   Red Team   ▪   Malware Development
SOC   ▪   System & Network   ▪   Governance

CyberSecurity professional with a background spanning Offensive Security (Pentest, Red Teaming, Malware Development), System & Network Administration, SOC & Detection, and Security Governance (Risk Management, Compliance, Security Strategy). I build and break things — and I document both.

• HETIC — FullStack Web Development, Design & Communication
• 42 — Low-Level Programming, Algorithms, Systems
• Aston Institute — System, Network & Security Administration
• 2600 — Security Research, Offensive & Defensive Security, OSINT, Governance
• Oteria Cyber School — Cybersecurity & Governance

• 💼 Freelance / Auto-entrepreneur — IT · Web Developer · SysAdmin · Security Consultant Independent missions across IT support, infrastructure, web development and security consulting.

• 🌍 Veolia — IT Global leader in water, waste & energy management — €45B+ revenue, 220+ countries, 213,000+ employees.

• 🇫🇷 French National Assembly — IT Core institution of French democracy — 577 deputies, Palais Bourbon, Paris.

• 🏙 City of Aulnay-sous-Bois — IT → SysAdmin & Network Engineer → CISO Municipal infrastructure — 85,000+ inhabitants, 2,000+ agents, 100+ sites, 1,500+ endpoints.

• 🎭 Théâtre des Champs-Élysées — CyberSecurity Engineer Classified French historical monument (1957), Avenue Montaigne — under Caisse des Dépôts et Consignations. Hybrid SI security, offensive & defensive operations, SOC deployment.

• 🏦 Crédit Agricole — CyberSecurity & Linux Systems Engineer One of the world's largest banking groups — €2,000B+ in assets, 150,000+ employees worldwide.

• ⚔️ KatanHack — Founder Cybersecurity consultancy — penetration testing, Active Directory & web audits, security awareness.

Additional engagements conducted as freelance / auto-entrepreneur — multiple confidential clients across pentest, security consulting, IT infrastructure, and development missions.

• CVE-2025-67906 — Stored XSS · MISP Workflow Engine
  
  Zero-click persistent XSS via doT.js template injection. Session hijacking, threat intel data exfiltration.

• Critical 0-Days — Blind SQLi & Zero-Click Stored XSS · GovTech / Enterprise SaaS
  
  Unauthenticated DB exfiltration + zero-click super-admin session takeover.

• Critical 0-Day — Cryptographic Failure + Business Logic · Fortune 500 Payment Infrastructure
  
  Transaction integrity bypass across the entire global payment network.

• Critical — Chained Authentication Bypass · Xelians
  
  Multiple chained vulnerabilities leading to full account takeover across the platform and all client tenants — including sensitive government archive data.

• High — Authentication Bypass & Sensitive Data Exfiltration · DINUM
  
  Chained enumeration and authentication bypass — exposing highly confidential government entities, internal procedures, and sensitive files at national scale.

• High — CORS Misconfiguration + Regex Bypass · Qwant
  
  Cross-origin exfiltration of authenticated data via origin reflection and suffix bypass.

• High — Sensitive Data Exposure · Caisse Nationale d'Assurance Maladie
  
  Unauthenticated access to sensitive internal healthcare data at scale.

• Pentest & Red Teaming — Infrastructure, AD, web & WiFi assessments, adversary emulation, OPSEC.
• Malware Development — Offensive tooling in C, Rust, Go, Python — loaders, rootkits, C2 implants, exploit writing.
• Security Governance — CISO / Assistant CIO — ISMS, risk management (EBIOS RM), compliance, awareness.
• System & Network Administration — AD, GPO, Cisco, Palo Alto, ESXi, Windows/Linux hardening, automation.
• Blue Team & SOC — Detection engineering, incident response, threat hunting — Wazuh, Splunk, Sysmon, Sigma, YARA, MISP, OpenCTI.

Available for red team engagements, security research, CTFs, and serious collaborations — consulting or building.

Every tool built, every system broken, every vulnerability documented — the full picture lives in the repositories.