Passionate about CyberSecurity and practising in this field since the early 2000s with more than 10 years of professional experience, I now work as an independent consultant, trainer and auditor of information systems.
These experiences have allowed me to contribute to the security of several hundred companies through audits or Bug Bounty services, as well as to provide training to students (schools of engineers / company employees).
I would be delighted to support you in your audits of your IS and training / awareness of your staff.
2023 - Present, RENNES, FRANCE & Remote
With my past experiences and with versatility in the fields of CyberSecurity, I now work as a Consultant Auditor and Independent Trainer.
2012 - 2022, RENNES, FRANCE
Since its creation in 2010, SYNETIS has established itself on the market as the leader of French CyberSecurity independent consulting firms and technological expertise. SYNETIS offers a 360° services in the various areas of information system security: Governance, Risk, Authorization Compliance, Identity and Access Management, Operational Security, Audit, SoC, CSIRT/CERT.
As a qualified service provider PASSI (Information Systems Security Audit Service Provider), the Practice Audit performs intrusion test missions, configuration audit, architecture audit and source code review.
This decade of adventure at SYNETIS has allowed me to evolve in a growing company (from 10 employees to 300), to be trained on numerous products and methodologies (CEH, CISA, PingIdentity, Prim’X, SafeNet, OpenTrust, Avencis…), all by carrying out several hundred missions of IAM, GRC, SecOp, Forensic, RedTeam, training and of course Audit for all types of companies (VSEs, SMEs, large accounts / banking-insurance sector , health, airlines, industries, public markets, etc.).
May 2019 - 2022
Feb 2014 - May 2019
2012 - Feb 2014
2016 - Present, NANTES / LA ROCHE SUR YON, FRANCE
Part of Nantes University, Polytech Nantes is the first university polytechnic school. Located on 3 campuses (Nantes, Roche-sur-Yon and Saint-Nazaire), it delivers engineering degrees accredited by the CTI in 10 specialties.
Jan 2012 - Jun 2012, RENNES, FRANCE
Since 1992, IT&L@bs has been a CESTI (Center for Information Technology Security Assessment) which has proved experience in implementing Common Criteria (CC), which are a set of standards (ISO15408) internationally recognized whose objective is to assess in an impartial manner the security of computer systems and software.
Jun 2009 - Aug 2010, NANTES, FRANCE
BuLL is a French company specializing in professional IT. The Software Support entity ensured internal cybersecurity projects for which analyses, benchmarks, Proof-of-Concept (PoC) and developments were necessary.
Engineer’s degree in Computer Systems, Software, Networks and SecurityProjects
Extracurricular Activities
| ||
University Diploma in Computer TechnologyProjects
Extracurricular Activities
| ||
Scientific High school diploma with Engineering Sciences option (BAC S-SI)Extracurricular Activities
|
VisualCaptchaBreaker can be used against any VisualCaptcha 5.* web page and can bypass this security mechanism with 100% success rate.
PHPwnDB permits search credential’s leaks based on domain.tld, username, firstname lastname permutations and the use of wildcard. Results can be filtered to produce instant wordlists ready-to-use.
XSS vulnerabilities remain misunderstood and undervalued. The specificities of modern browsers as well as application countermeasures complicate the design of generic payloads. This article aims to present the dissection of a payload in a (very) constrained and filtered context encountered during an audit. [1][2][3]
Gareth HEYES, researcher at PortSwigger and one of the undisputed world reference experts on Hacking via JavaScript (XSS, bypass-WAF, payloads, browsers SOP evasion), mentions me in the credits of his book as well as on the essential XSS Cheat Sheet online. [1][2]
Interview by Télégramme/Mensuel de Rennes for a CyberSecurity dossier: companies give hackers carte blanche to test their security using the offensive method… Overview of the best “physical intrusions”.
For those who deal with computer security, the bug bounty can appear as an attractive gateway: the prospect of financial reward and the freedom to organize themselves, far from the constraints of the professional environment. But this pace is not necessarily for everyone.
The Min2rien business network organized its 16th thematic day Security. A day of conferences devoted to computer security. The subject discussed during this conference: Passwords are no longer enough, adopt strong authentication!
Interview by the Bug Bounty Yogosha platform team on the Bug Hunter activity of the Meet our hackers series.
Presentation of weaknesses commonly observed during searches for vulnerabilities in the context of public and private Bug Bounty, against web authentication and password reset modules.
Strong authentication, 2FA, 3FA, MFA for “Multi-Factor Authentication” has become more democratic in recent years. The simple “login/password” couple is no longer sufficient, especially for sensitive privileged access. But what “factors” are we talking about?
XSS vulnerabilities generally remain undervalued, unconsidered, while they allow misdeeds of great criticality. This article details how to obtain a reverse-shell root from a simple XSS GET via a concrete case: the pfSense 2.3.2 firewall-router distribution.
How to decrypt a script protected by SHc? How to decrypt a *.sh.x file? Does SHc make good use of crypto? UnSHc answers these questions: let’s dissect how it works.
It is quite easy to hide on the Internet and many techniques allow you to do so. To hide ? Yes, but of what and for what purpose? What are the main tools/techniques to remain discreet and reduce or even completely privatize your information?
ASafety allows me to present my personal work, my research, various contributions to the sphere of security, projects in development, as well as advisory of vulnerabilities detected during audits, Bug Bounty and CTFs.
2014 - Present Member of the association, creation, writing of solutions and resolution of multiple challenges on the Hacking training platform Root-Me.org with a ranking in the first 200 out of +250,000 members. | ||
Jul 2019 Participation in the NuitDuHack / LeHack 2019 Bug Bounty by finishing 3rd overall. | ||
Jan 2019 Participation in the 2019 International Cybersecurity Forum (FIC) Bug Bounty by finishing 7th overall. | ||
Jun 2018 Participation in the NuitDuHack / LeHack 2018 Bug Bounty by finishing 2nd overall. | ||