You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Quentin C.QC

Quentin C.

Microsoft Active Directory Security Expert

€600/day
Paris, FR
3-7 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Quentin

Former pentester specializing in Red Team, I have focused my offensive expertise on securing Active Directory environments, whether on-premise or hybrid (Cloud).

I intervene in technical AD audits, post-compromise reconstruction, and hardening of sensitive infrastructures. My support extends to implementing recommendations: segmentation via authentication silos, secure bastion, AD/ADCS hardening, etc.

With a resolutely offensive approach, I transform identified vulnerabilities into levers of resilience, for sustainable environments against internal threats.
  • French

    Native or bilingual

  • English

    Fluent

Can work on-site
Paris (up to 50km)

Experience

  • Bouygues Telecom
    Active Directory Security Expert
    September 2025 - Today (11 months)
    Meudon, France
    Tech lead for the group's Active Directory security
    Creation of security strategy and standards
    Security audit and assessment
    Recommendation and implementation of remediation
    Bringing up to date and redesigning domain security projects
    Active Directory Active Directory Security Security Audit Remediation
  • AISI - Pure Player Infrastructure et Cybersécurité
    MICROSOFT ACTIVE DIRECTORY SECURITY CONSULTANT
    CONSULTING AND AUDITS
    January 2023 - September 2025 (2 years and 8 months)
    Saint-Mandé, France

    On-Premise Active Directory Audit & Security

    Active Directory Security Audit:
    • Conducted comprehensive security audits of on-premise Active Directory environments.
    *Evaluation of the tiering model(T0/T1/T2), rights delegations, privileged groups, exploitable attack paths (BloodHound, PingCastle, Oradad).

    *Analysis of privileged accounts(domain members, local administrators, services, accounts with non-expiring passwords, etc.).


    Post-compromise Reconstruction:

    *Active participation in AD reconstruction projects
    • **Implementation of a new Active Directory forest from scratch**, with immediate application of security best practices (strict tiering model, DC hardening, minimal access controls).
    *Redesign of the GPO infrastructure


    Post-Audit Support Missions:

    *Deployment of LAPS(Local Administrator Password Solution) for automatic rotation of local passwords.

    *GPO Security:cleaning, hardening, fine-grained delegation of modification rights, hardening of the environment.

    *Implementation of Authentication Silosto restrict the use of T0 accounts to specific machines only (PAWs and bastions).

    *Use of the "Protected Users" group(Kerberos, TGT LifeTime, Authentication Delegation...).

    *Implementation of Microsoft Credential Guard:isolation of authentication secrets (TGT, NTLM, etc.).

    *ADCS Hardening:removal of vulnerable templates, configuration of permissions on templates, disabling unnecessary HTTP services (EPA), 2-tier PKI: ROOT and Intermediate CA.

    *LDAPS Security:deployment of enterprise certificates on DCs

    *SMB Signing:mandatory activation of signing on servers and workstations to prevent MITM attacks.
  • Intrinsec
    PENTEST / RED TEAM
    CONSULTING AND AUDITS
    January 2022 - January 2023 (1 year)
    Paris, France
    Internal Security Audit (Luxury Sector):
    • Reconnaissance: Mapping the internal network.
    • Exploitation: Exploiting vulnerabilities.
    • Lateral Movement: Progression through the network.
    • Domain Compromise: Taking control of the IS.
    • Report Writing: Attack diagrams and recommendations.
    • Presentation to senior management: Presentation of risks and strategic recommendations

    Research and Development (R&D):
    • Development of Rubeus in C (parsing user sessions (LUID),
    • parsing LSA, retrieving TGT/ST tickets in memory).
    • Development of a Loader in C (mapping an exe in memory,
    • indirect Syscalls, Callstack spoofing, dynamic encryption in
    • memory, IAT hooking ..).
    • Redevelopment of mimikatz module in C (MultiRDP..)
    • Development of a tool to impersonate tokens

Recommendations

Be the first to recommend Quentin

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • MASTER 2 CYBERSECURITY
    ESGI
    2023
    MASTER 2 CYBERSÉCURITÉ
  • BACHELOR
    ESGI
    2021
    BACHELOR

Certifications

Skill set

Categories