You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Marc M.MM

Marc M.

Pentester | Web & Infrastructure Pentest

€450/day
1 project
Lyon, FR
3-7 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Marc

Offensive Pentester | Web, API & Infrastructure Penetration Testing | Cybersecurity

I helpcompanies**of all sizes** secure their information systems through technical audits (pentest/penetration testing).

For whom?

Startups & SMEs
Large companies & Mid-caps

Expertise

  • **Web & API Pentest**: XSS, SQLi, IDOR, authentication bypass, business logic flaws
  • **Infrastructure Pentest**: Linux, Windows, Active Directory
*Cybersecurity Consulting & Startup/SME Support
  • Bug bounty & offensive security
  • Remediation & attack surface reduction

Figures / Achievements

  • +50 vulnerabilities identified in various environments
  • Attack surface reduced by an average of 50% after intervention
  • 75% remediation rate during remediation support
  • Reports compliant with OWASP and ISO 27001, immediately actionable by development and management teams
  • French

    Native or bilingual

  • English

    Fluent

Can work on-site
Lyon (up to 20km), Chalon-sur-Saône (up to 50km), Dijon (up to 20km), Mâcon (up to 20km), Paris (up to 40km)

Experience

  • Pentester | Expert Cybersécurité
    Self-employed
    CONSULTING AND AUDITS
    March 2022 - Today (4 years and 5 months)
    Paray-le-Monial, France
    Offensive penetration testing on web applications, APIs, and infrastructures, with a focus on real-world exploitation and business impact.
    • Conducted 12 comprehensive penetration tests (Web, API, Infrastructures) in various sectors (SaaS, e-commerce, services)
    • Identified and exploited critical vulnerabilities: authentication bypass, SQLi, IDOR, privilege escalation, unauthorized administrator access
    • Technical and executive reports aligned with MITRE ATT&CK, NIST, and CVSS — 75% remediation rate
    • Post-audit support: remediation, team awareness, and best practice training
    PenTest Bug Bounty Penetration Testing Cybersecurity Web Pentest
  • Entreprise anonyme (Secteur immobilier)
    Linux Infrastructure Pentest: Real Estate Sector
    CONSULTING AND AUDITS
    August 2025 - August 2025
    Paray-le-Monial, France
    Penetration test on exposed Linux infrastructure. Identification of attack vectors and compromise leading to sensitive data access.
    • Comprehensive pentest on Linux environments: reconnaissance, enumeration of exposed services, exploitation
    • Exploitation of critical vulnerabilities: misconfigured sudoers, unsecured services, neglected file permissions
    • Privilege escalation to root account via exploitation of sudo configurations and faulty permission management
    • Demonstrated impact: full access to client data, application configurations, and critical systems
    • Team awareness of cybersecurity best practices
    Result:
    Significant reduction of the attack surface and securing of privileged access.
    Ethical Hacking Kali Linux Security Audit PenTest Internal Pentest
  • Entreprise anonyme (Secteur SaaS)
    Application Pentest: SaaS Platform
    CONSULTING AND AUDITS
    October 2025 - October 2025
    Paris, France
    Application security audit on a SaaS CRM and its website. Identification of vulnerabilities leading to the compromise of user and administrator accounts.
    • Comprehensive pentest focused on OWASP Top 10: authentication, access control, session management
    • Exploitation of critical vulnerabilities: SQLi, IDOR, CSRF, authentication bypass
    • Delivery of Proof of Concepts for each exploited vulnerability
    • Detailed technical report with security recommendations prioritized by impact
    Web Pentest PenTest OWASP Cybersecurity Pentester

Reviews

5.0

Out of 1 rating

JE

Jean Edouard

CEO - Certeafiles

Reviewed on 12/1/2025

Marc delivered a professional and efficient job, fully meeting our expectations for the mission we entrusted to him.

Recommendations

Etienne GuilletEG
MS
GF
+1
Etienne Guillet and 3 other people have recommended Marc

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • CEH (Certified Ethical Hacker) Training
    Alphorm
    2019
    Formation couvrant l'ensemble des techniques de hacking éthique et de sécurité offensive : - Reconnaissance et footprinting - Scanning réseau - Enumération - Exploitation de vulnérabilités système et applicative - Sniffing - Ingénierie sociale - Attaques web (SQLi, XSS, CSRF) - Cryptographie - Cloud

Certifications

Skill set

Categories