Freelancer profile translated to English.
Back to original languageAbout Quentin
Former pentester specialized in Red Team, I have focused my offensive expertise on securing Active Directory environments, whether on-premise or hybrid (Cloud).
I work on technical AD audits, post-compromise reconstruction, and hardening of sensitive infrastructures. My support extends to the implementation of recommendations: segmentation via authentication silos, secure bastion, AD/ADCS hardening, etc.
With a resolutely offensive approach, I transform identified vulnerabilities into resilience levers, for sustainable environments against internal threats.
French
Native or bilingual
English
Fluent
Can work on-site
Paris (up to 50km)
Experience
- Bouygues TelecomActive Directory Security ExpertSeptember 2025 - Today (9 months)Meudon, FranceLead of global security for the Group's Active Directories, contribution to strategy, evaluations, and remediation actions.
- AISI - Pure Player Infrastructure et CybersécuritéMICROSOFT ACTIVE DIRECTORY SECURITY CONSULTANTCONSULTING AND AUDITSJanuary 2023 - September 2025 (2 years and 8 months)Saint-Mandé, France
On-Premise Active Directory Audit & Security
Active Directory Security Audit:- Conducted comprehensive security audits of on-premise Active Directory environments.
*Analysis of privileged accounts(domain members, local administrators, services, accounts with non-expiring passwords, etc.).Post-compromise Reconstruction:*Active participation in AD reconstruction projects- **Implementation of a new Active Directory forest from scratch**, with immediate application of security best practices (strict tiering model, DC hardening, minimal access controls).
Post-audit Support Missions:*Deployment of LAPS(Local Administrator Password Solution) for automatic rotation of local passwords.- **Securing GPOs**: cleanup, hardening, fine-grained delegation of modification rights, hardening of the environment.
*Use of the "Protected Users" group(Kerberos, TGT LifeTime, Authentication Delegation ..).- **Implementation of Microsoft Credential Guard**: isolation of authentication secrets (TGT, NTLM, etc.).
- **Hardening of ADCS services**: removal of vulnerable templates, configuration of permissions on templates, deactivation of unnecessary HTTP services (EPA), 2-tier PKI: ROOT and Intermediate CA.
*SMB Signing:mandatory activation of signing on servers and workstations to prevent MITM attacks. - IntrinsecPENTEST / RED TEAMCONSULTING AND AUDITSJanuary 2022 - January 2023 (1 year)Paris, FranceInternal Security Audit (Luxury Sector):
- Reconnaissance: Mapping the internal network.
- Exploitation: Exploiting vulnerabilities.
- Lateral Movement: Progressing through the network.
- Domain Compromise: Taking control of the IS.
- Report Writing: Attack diagrams and recommendations.
- Presentation to senior management: Presentation of risks and strategic recommendations
Research and Development (R&D):- Development of Rubeus in C (parsing user sessions (LUID),
- parsing LSA, retrieving TGT/ST tickets in memory).
- Development of a Loader in C (mapping an exe in memory,
- indirect Syscalls, Callstack spoofing, dynamic encryption in
- memory, IAT hooking ..).
- Redevelopment of the mimikatz module in C (MultiRDP..)
- Development of a tool to impersonate tokens
Recommendations
Be the first to recommend Quentin
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- MASTER 2 CYBERSECURITYESGI2023MASTER 2 CYBERSÉCURITÉ
- BACHELORESGI2021BACHELOR
Certifications
- Certified Red Team Professional (CRTP)Altered Security2022