Freelancer profile translated to English.
Back to original languageAbout Romain
Security vulnerabilities don't necessarily stem from a lack of tools, but from a lack of visibility into what can actually be exploited. Many organizations believe they are protected until the day an intrusion proves otherwise. My role is to simulate these attacks under real-world conditions, before a malicious actor does, to provide you with a clear, prioritized, and actionable view of your risks.
I am a consultant specializing in penetration testing and offensive security. I work on complex environments combining classic IT systems, Active Directory, web applications and APIs, as well as IoT, industrial systems, OT environments, and workstation audits. I cover both internal and external perimeters, with a business impact-oriented approach and attack scenarios adapted to your real context.
Throughout my missions, I have conducted Red Teaming and Purple Teaming operations, internal infrastructure audits, as well as in-depth source code and AppSec audit work. I also intervene upstream on security architecture and consulting to permanently address root causes. My work includes vulnerability research, including on low-level components.
Each mission is approached as a structured project, with clear scope, defined objectives, and regular communication. Deliverables are understandable for non-technical decision-makers while remaining actionable for operational teams.
I offer a turnkey, results-oriented service: clear and actionable reports, concrete exploitation proofs, and recommendations tailored to your maturity level. The goal is not to list vulnerabilities, but to durably reduce your attack surface.
If you want to assess your security level or challenge your defenses, let's connect via video call to define your needs. Quick response and pragmatic approach guaranteed.
French
Native or bilingual
English
Native or bilingual
Can work on-site
Paris (up to 50km), Toulouse (up to 50km), Nantes (up to 50km), Bordeaux (up to 50km)
Experience
- Cabinet d'architectureExternal Penetration TestsApril 2025 - April 2025Montreal, QC, CanadaReconnaissance and Analysis of the external perimeter.Penetration tests and identification of vulnerabilities on the provided and discovered perimeter.Exploitation of unauthenticated flaws.Complete compromise of a production server.Pivoting within the client's cloud environment.
- Réseau de transportsRed Team Assumed BreachDecember 2024 - February 2025 (2 months)Montreal, QC, CanadaMalware development and C2 infrastructure construction.External perimeter reconnaissance and assessment of compromised access privileges.Pivoting into the internal network through the implant and a compromised Citrix server.Internal network reconnaissance and identification of attack paths.Assessment of physical workstation security.Exploitation of identified vulnerabilities and bypass of detection mechanisms.
- Fournisseur d'électricitéInternal Penetration TestsNovember 2024 - November 2024Alberta, CanadaPenetration tests of restricted OT environments from provided initial access.Interactive pivoting within OT environments via RDP access.Identification of vulnerabilities affecting internal hosts and Active Directory domains.Elevation to domain administrator privileges in OT environments.
Recommendations
Be the first to recommend Romain
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Dark Side Ops: Malware Dev - TrainingSilentBreak Security @ NorthSec20202020Dark Side Ops : Malware Dev - Training
- Windows Kernel Exploitation – TrainingAshfaq Ansari @ NorthSec20192019Windows Kernel Exploitation – Training
Certifications
- Offensive Security Certified Professional (OSCP)Offsec2015