Ilan Abitbol

I carried out a mission to build a Cloud audit offering for the company.

- Performed two cybersecurity audits on AWS environments.

- Built a complete Azure audit offering with the following components:

- Architecture review;

- IaaS/PaaS resource configuration review;

- Azure Active Directory configuration review;

- Microsoft and third-party SaaS services configuration review;

- Attack methodology.

For three years, I have been conducting penetration tests for major French companies (CAC40) as well as startups and government organizations:

- Performed a variety of basic penetration testing assessments, including web applications, APIs, wireless, and thick clients.

- Utilized platforms and tools such as Kali Linux, Metasploit Framework, Burp Suite Pro, Bloodhound, PingCastle, and Cobalt Strike.

- Conducted more complex penetration tests such as Active Directory, Red Team, physical, social engineering, and more.

- Performed numerous audits on the Azure stack, where I conducted architecture reviews, configuration reviews, and pentests.

- Developed a strong understanding of common security standards and regulatory compliance requirements (ISO27001, NIST, etc.).

- Involved in the development of tools and scripts within the internal team, using Bash and Python, and recently developed a tool to deploy a phishing platform on the fly in AWS.

- Project manager on several missions, where my role was to manage client relations, project steering, and consultant work.

- Mentored an intern on the subject of attack paths in Azure.

- Performed forensics and incident response for several clients who had suffered a hacking of their corporate network.

As part of my summer school, I conducted a technical security audit of Outdare's information system.

- Performed penetration tests on the internal network to identify vulnerabilities present in the IS/network and apply appropriate patches.

- Conducted security best practice awareness workshops for company employees.