CyberSecurity Engineer

Pentest   ▪   Red Team   ▪   Malware Development
SOC   ▪   System & Network   ▪   Governance

CyberSecurity professional with a background spanning Offensive Security (Pentest, Red Teaming, Malware Development), System & Network Administration, SOC & Detection, and Security Governance (Risk Management, Compliance, Security Strategy). I build and break things — and I document both.

• HETIC — FullStack Web Development, Design & Communication
• 42 — Low-Level Programming, Algorithms, Systems
• Aston Institute — System, Network & Security Administration
• 2600 — Security Research, Offensive & Defensive Security, OSINT, Governance
• Oteria Cyber School — Cybersecurity & Governance

• 💼 Freelance / Auto-entrepreneur — IT · Web Developer · SysAdmin · Security Consultant Independent missions across IT support, infrastructure, web development and security consulting.

• 🌍 Veolia — IT Global leader in water, waste & energy management — €45B+ revenue, 220+ countries, 213,000+ employees.

• 🇫🇷 French National Assembly — IT Core institution of French democracy — 577 deputies, Palais Bourbon, Paris.

• 🏙 City of Aulnay-sous-Bois — IT → SysAdmin & Network Engineer → CISO Municipal infrastructure — 85,000+ inhabitants, 2,000+ agents, 100+ sites, 1,500+ endpoints.

• 🎭 Théâtre des Champs-Élysées — CyberSecurity Engineer Classified French historical monument (1957), Avenue Montaigne — under Caisse des Dépôts et Consignations. Hybrid SI security, offensive & defensive operations, SOC deployment.

• 🏦 Crédit Agricole — CyberSecurity & Linux Systems Engineer One of the world's largest banking groups — €2,000B+ in assets, 150,000+ employees worldwide.

• ⚔️ KatanHack — Founder Cybersecurity consultancy — penetration testing, Active Directory & web audits, security awareness.

Additional engagements conducted as freelance / auto-entrepreneur — multiple confidential clients across pentest, security consulting, IT infrastructure, and development missions.

• CVE-2025-67906 — Stored XSS · MISP Workflow Engine Unsanitized name field in workflow node JSON, rendered via doT.js without escaping — payload executes in the browser of any user viewing the workflow, including admins. Enables privilege escalation and threat intelligence data exfiltration.

• Critical 0-Days — Blind SQLi & Zero-Click Stored XSS · GovTech / Enterprise SaaS Unauthenticated DB exfiltration (PII, admin creds, live MFA tokens) + zero-click super-admin session takeover.

• Critical 0-Day — Cryptographic Failure + Business Logic · Fortune 500 Payment Infrastructure Complete financial transaction integrity bypass across the entire global network.

• Pentest & Red Teaming — Infrastructure, AD, web & WiFi assessments, adversary emulation, OPSEC.
• Malware Development — Offensive tooling in C, Rust, Go, Python — loaders, rootkits, C2 implants, exploit writing.
• Security Governance — CISO / Assistant CIO — ISMS, risk management (EBIOS RM), compliance, awareness.
• System & Network Administration — AD, GPO, Cisco, Palo Alto, ESXi, Windows/Linux hardening, automation.
• Blue Team & SOC — Detection engineering, incident response, threat hunting — Wazuh, Splunk, Sysmon, Sigma, YARA, MISP, OpenCTI.

Available for red team engagements, security research, CTFs, and serious collaborations — consulting or building.

Every tool built, every system broken, every vulnerability documented — the full picture lives in the repositories.