You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Lucas TorresLT

Lucas Torres

Web & Infrastructure Pentester

€400/day
Paris, FR
3-7 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Lucas

🎯 Independent Pentester identifying exploitable vulnerabilities in web applications, internal infrastructures, and Active Directory environments, delivering actionable reports your teams can implement immediately.

📌 Objective Proof
10 CVEs published, 5 classified as HIGH (CVSS ≥ 7.5) on web applications and frameworks, all verifiable on NVD and linked to an official GitHub Security Advisory.
Full Portfolio: rootingstudio.fr

🎯 For Whom
SMEs, web agencies, SaaS editors, and e-commerce businesses needing concrete audits to reassure enterprise clients, prepare for funding rounds, or comply with DPA / NIS2 / DORA requirements.

🔧 Scope of Intervention

▸ Web Pentesting (Core Business)
OWASP Top 10, business logic, REST/GraphQL APIs, PHP/Node/Python code audits, WordPress and CMS security.

▸ Infrastructure & Active Directory Pentesting
Internal network, privilege escalation, lateral movement, equipment audits (Aruba, Yealink, Sharp).

▸ Wi-Fi & Physical Pentesting
Custom wordlists, dedicated antennas, realistic multi-vector attack scenarios.

📋 Methodologies
OWASP WSTG · PTES · OSSTMM · NIST SP 800-115

📦 What You Receive
Executive + Technical Report · CVSS 4.0 Matrix · Debriefing Workshop · Re-tests included for 30 days.

🛡️ Engagement Framework
Mutual NDA signed before any technical exchange. Tests never performed on production without written consent. Professional liability insurance held.

📜 Certifications
eWPT · eCPPT · eJPTv2 · PJPT · CBBH · CPTS

🎓 Education
Cybersecurity Expert (Master's degree) Oteria Cyber School (in progress)

🌍 Languages
Bilingual French & Spanish · Professional English

⚡ Response within 1h during business hours. Written scope within 48 business hours.
  • French

    Native or bilingual

  • Spanish

    Native or bilingual

  • English

    Fluent

Can work on-site
Paris (up to 50km), Chartres (up to 50km), Châteaudun (up to 50km)

Experience

  • Rooting Studio
    Web Pentester & Vulnerability Researcher
    June 2025 - Today (1 year and 2 months)
    📌 Context
    Independent activity focusing on web pentesting and responsible vulnerability disclosure for SMEs, web agencies, and SaaS editors.

    ⚙️ Missions
    ▸ Security audits of web applications (PHP, Node.js, WordPress) — black-box and gray-box testing
    ▸ Active search for 0-days in open-source frameworks and CMS
    ▸ Source code auditing and multi-role authorization testing
    ▸ Writing technical + executive reports with reproducible PoCs
    ▸ Validation re-tests of patches

    🏆 Results
    ▸ 10 CVEs published, including 5 HIGH (CVSS ≥ 7.5)
    ▸ Vulnerabilities reported in the PHP framework FlightPHP (4 CVEs including 8.8 HIGH SQL Injection), the WordPress plugin AnyComment (8.5 HIGH), and other widely used open-source components
    ▸ All CVEs are publicly viewable on NVD and GitHub Security Advisories

    🛠️ Technical Stack
    Burp Suite Pro · ffuf · sqlmap · Semgrep · CodeQL · Nuclei · Python · PHP
    PenTest Web Pentesting WordPress Security Vulnerability Exploitation Bug Bounty
  • Cyber Experts
    Cybersecurity Consultant
    June 2025 - Today (1 year and 2 months)
    Paris, France
    📌 Context:
    Tasked with conducting penetration tests and security audits in various client environments.

    ⚙️ Actions:
    Conducting internal and external pentests (networks, systems, applications).
    Physical penetration testing and network equipment audits (Yealink, Aruba, Sharp).
    Advanced Wi-Fi pentesting (custom wordlists, dedicated antennas).
    Designing realistic multi-vector attack scenarios.

    🏆 Results:
    Highlighting critical vulnerabilities exploited during client demonstrations.
    Recommendations implemented, significantly reducing attack surfaces.
    Cybersecurity Security Audit
  • Blockchains Experts
    Web3 Analyst
    June 2025 - Today (1 year and 2 months)
    Paris, France
    📌 Context:
    Part of an expert blockchain team auditing the security of Web3 applications and smart contracts.

    ⚙️ Actions:
    Black-box pentesting and source code analysis (Rust, Next.js APIs).
    Comprehensive security audits of smart contracts and AWS infrastructures.
    Security validation of emerging blockchain protocols.
    Writing detailed audit reports with recommendations.

    🏆 Results:
    Identification of critical vulnerabilities in dApps before their production launch.
    Improved resilience of several blockchain protocols through adopted recommendations.

Recommendations

Be the first to recommend Lucas

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Cybersecurity Expert (Master's degree)
    Oteria Cyber School
    2029
    Expert en Cybersécurité (Bac+5)
  • General Baccalaureate
    Lycée Emile Zola Chateaudun
    2024
    Baccalauréat général

Certifications

  • CBBH
    HACKTHEBOX
    2025
    Cybersecurity Web Pentesting PenTest Security Audit Bug Bounty
  • eWPT
    INE
    2024
    Cybersecurity Web Pentesting PenTest

Skill set

Categories