You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
New report
Malt Tech Trends 2026
Derrouiche YassimDY

Derrouiche Yassim

Red Team / PenTest

€800/day
Paris, FR
8-15 years
PenTest
Red Team
Cloud computing
Cybersecurity

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Derrouiche

Always passionate about the world of hacking, it was only natural that I moved into the profession of pentester.
Coming from a background in Systems and Networks engineering (Université de Technologie de Compiègne), I have been able to enrich my IT security knowledge through CTFs as well as during the various missions I participated in during my professional career.

With my experience in consulting firms as well as within major French companies in the banking or hotel sectors, I will be able to carry out technical audits of your information system to identify vulnerabilities and help you implement the right recommendations to secure your IS.

My areas of intervention are:

- Red Team type missions
- Web / API Application Penetration Testing
- Internal Penetration Testing (Network, Active Directory)
- Code Auditing (Java EE, PHP, .Net)
- Audit report with a detailed remediation plan

Looking forward to working with you :),

  • French

    Native or bilingual

  • English

    Fluent

  • Spanish

    Fluent

Can work on-site
Paris (up to 50km)

Experience

  • ACCOR
    Pentester
    HOSPITALITY
    July 2022 - Today (3 years and 11 months)
    - Web / API Application Penetration Testing
    - Red Team type testing targeting the hotel IS
    - Internal Penetration Testing (Networks, Active Directory)
    - Code Auditing (Java EE, PHP, .Net)
    - Conducting training / Security awareness sessions
    - Audit report with detailed remediation plan
    - Remediation follow-up using the DefectDojo tool
    owasp PenTest Security audit code audit Burp Suite defectdojo
  • BNP PARIBAS
    Red Team / Pentester
    BANKING AND INSURANCE
    September 2018 - August 2022 (3 years and 11 months)
    Paris, France
    Conducting Red Team type missions:

    Logical Intrusion:

    - Open Source Intelligence (OSINT) phase, gathering and analyzing information on the targeted organization: Web applications, information system (public addressing plan), employee names, list of partners / service providers
    - External information system surface discovery phase: exposed services (port scanning), technologies used, security equipment
    - Offensive testing phase on external services

    Social Engineering:

    This approach aims to exfiltrate authentication information or gain access to the organization's internal network by exploiting techniques such as phishing.

    - Profiling phase, to identify a list of people to target for the phishing campaign (OSINT)
    - Definition of scenarios for the phishing campaign (Downloading malicious files containing a backdoor, for example)
    - Campaign execution, exploitation of the backdoor after the malicious file is executed. Collection of indicators (statistics on email reception/reading/malicious link opening)

    Physical Intrusion:

    - Active reconnaissance phase: perimeter discovery of the premises / employees, identification of surrounding wireless networks
    - Physical intrusion and deployment of an implant on the internal network to gain remote access (WiFi or 4G antenna)
    - Offensive testing on the internal network.
    OWASP Red Team Cobalt Strike Phishing Pentest Burp Suite Raspberry Pi Kali Linux
  • Devoteam
    Security Consultant: Pentester
    DIGITAL AND IT
    May 2016 - September 2018 (2 years and 4 months)
    92300 Levallois-Perret, France
    Conducting technical audits:

    - Web Application Penetration Testing
    - Network Penetration Testing
    - Mobile Penetration Testing (iOS, Android)
    - Code Auditing (Java EE, PHP, .Net)
    - Audit report with recommendations for code and architecture improvements

    Conducting physical/architecture audits:

    - Assessment of the security of physical sites (access control) and the information system architecture
    OWASP PenTest Security audit code audit Burp Suite
Check out Derrouiche's experience

Recommendations

Be the first to recommend Derrouiche

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • Master's degree in Computer Science, Systems and Networks
    Université de Technologie de Compiègne
    2016
    Diplome d'ingénieur en Informatique, Système et réseaux
  • Computer Engineering, Computer Systems Networking and Telecommunications
    Tampere University of Technology
    2015
    Ingénieur en Informatique, Mise en réseau de systèmes informatiques et télécommunications

Skill set

AWS
Cobalt Strike
Security audit
owasp
code audit
Burp Suite
defectdojo
Phishing
Raspberry Pi
Kali Linux
guardium
Qradar
System administration
Information security
Internet application architectures
Network architectures and technologies

Categories