About Marc
Offensive Pentester | Web, API & Infrastructure Penetration Testing | Cybersecurity
For whom?
Expertise
- **Web & API Pentest**: XSS, SQLi, IDOR, authentication bypass, business logic flaws
- **Infrastructure Pentest**: Linux, Windows, Active Directory
- Bug bounty & offensive security
- Remediation & attack surface reduction
Figures / Achievements
- +50 vulnerabilities identified in various environments
- Attack surface reduced by an average of 50% after intervention
- 75% remediation rate during remediation support
- Reports compliant with OWASP and ISO 27001, immediately actionable by development and management teams
French
Native or bilingual
English
Fluent
Experience
- Pentester | Expert CybersécuritéSelf-employedCONSULTING AND AUDITSMarch 2022 - Today (4 years and 5 months)Paray-le-Monial, FranceOffensive penetration testing on web applications, APIs, and infrastructures, with a focus on real-world exploitation and business impact.
- Conducted 12 comprehensive penetration tests (Web, API, Infrastructures) in various sectors (SaaS, e-commerce, services)
- Identified and exploited critical vulnerabilities: authentication bypass, SQLi, IDOR, privilege escalation, unauthorized administrator access
- Technical and executive reports aligned with MITRE ATT&CK, NIST, and CVSS — 75% remediation rate
- Post-audit support: remediation, team awareness, and best practice training
- Entreprise anonyme (Secteur immobilier)Linux Infrastructure Pentest: Real Estate SectorCONSULTING AND AUDITSAugust 2025 - August 2025Paray-le-Monial, FrancePenetration test on exposed Linux infrastructure. Identification of attack vectors and compromise leading to sensitive data access.
- Comprehensive pentest on Linux environments: reconnaissance, enumeration of exposed services, exploitation
- Exploitation of critical vulnerabilities: misconfigured sudoers, unsecured services, neglected file permissions
- Privilege escalation to root account via exploitation of sudo configurations and faulty permission management
- Demonstrated impact: full access to client data, application configurations, and critical systems
- Team awareness of cybersecurity best practices
Result:Significant reduction of the attack surface and securing of privileged access. - Entreprise anonyme (Secteur SaaS)Application Pentest: SaaS PlatformCONSULTING AND AUDITSOctober 2025 - October 2025Paris, FranceApplication security audit on a SaaS CRM and its website. Identification of vulnerabilities leading to the compromise of user and administrator accounts.
- Comprehensive pentest focused on OWASP Top 10: authentication, access control, session management
- Exploitation of critical vulnerabilities: SQLi, IDOR, CSRF, authentication bypass
- Delivery of Proof of Concepts for each exploited vulnerability
- Detailed technical report with security recommendations prioritized by impact
Reviews
Recommendations
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- CEH (Certified Ethical Hacker) TrainingAlphorm2019Formation couvrant l'ensemble des techniques de hacking éthique et de sécurité offensive : - Reconnaissance et footprinting - Scanning réseau - Enumération - Exploitation de vulnérabilités système et applicative - Sniffing - Ingénierie sociale - Attaques web (SQLi, XSS, CSRF) - Cryptographie - Cloud
Certifications
- EJPT (E-Learn Security Junior Penetration Tester)INE SECURITY2021