Freelancer profile translated to English.

Description

With my experience as a Cybersecurity Engineer and my studies in Master 2 Computer Science CRYPTIS, I have developed solid expertise in penetration testing, cryptography, and network security. During my academic and personal projects, I have conducted audits, detected and mitigated attacks such as XSS, SQL, and Command Injection, and configured intrusion detection systems. In parallel, I participate in online CTFs on platforms like MetaCTF, where I refine my problem-solving and technical analysis skills. I also completed SOC training with TCM Security, covering topics such as phishing analysis, SIEM management, and incident response, thereby strengthening my abilities to effectively detect and handle threats. These experiences have allowed me to master essential cybersecurity tools and develop advanced skills in pentesting and SOC analysis.

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Limoges (up to 50km)

Laboratoire XLIM
Cybersecurity Engineer - Internship
May 2024 - August 2024 (3 months)
Limoges, France
- Analyze blockchain models for privacy and anonymization of medical data and evaluate the strengths and weaknesses of different models proposed by researchers.
- Design an optimized model combining several techniques such as CloudHSM to encrypt keys and ensure Perfect Forward Secrecy, and back up encrypted data in Cloud Storage.
- Ensure the integrity of medical data through blockchain and allow the hospital to verify the legitimacy of this data by examining metadata before recording it in the blockchain.
- Implement the proposed model using advanced cryptographic methods to secure data communication and storage while maintaining patient anonymity.

Tools/Languages:Flask, Charm-Crypto / Python
Blockchain Cryptography Python
Projet personnel -Formation
Ethical Hacking
August 2024 - November 2024 (3 months)
- Apply the Ethical Hacking methodology by following the five phases to identify and exploit vulnerabilities in a structured and methodical way.
- Execute penetration tests on various machines to exploit vulnerabilities and perform privilege escalations.
- Set up a secure environment with a Windows Server AD server (domain controller) and two Windows machines as domain members.
- Perform penetration tests from a Kali Linux machine on the set up environment.
Initial Attack Vectors:LMNR Poisoning, SMB Relay, and IPv6 Attacks to obtain a domain account
Domain Enumeration:ldapdomaindump, BloodHound, PlumHound, PingCastle
Post-Compromise Attacks:Pass the Password/Hash Attacks, Kerberoasting, Token Impersonation, Golden Ticket Attack
Projet personnel -Formation
SOC
September 2024 - December 2024 (3 months)
- Identify phishing attempts through email analysis.
Examine captured network packets and configure IDS/IPS.
- Develop practical skills in extracting security information from endpoints, as well as deploying and configuring an EDR solution.
- Deploy Splunk and install a log collection agent to perform incident investigation and correlation activities.
- Identify TTPs using the MITRE ATT&CK framework.
- Detect malware threats using the YARA tool.
- Set up a MISP threat intelligence platform to collect and analyze indicators of compromise.
- Detect and contain security incidents and restore affected systems.

Tools:PhishTank, VirusTotal, Wireshark, tcpdump, Snort, LimaCharlie, Splunk, YARA, MISP, FTK Imager, Volatility