Switzerland
Penetration Testing ‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾ › Web Application Security Assessments: Conducted in-depth assessments of complex web applications to identify critical vulnerabilities and define remediation strategies aligned with industry best practices. › External Pentest: Executed realistic external attack scenarios to evaluate internet-facing assets and identify security exposures with potential business impact. › Internal Pentest: Performed internal network and system compromise simulations to assess lateral movement possibilities and privilege escalation risks. › Source Code Reviews: Conducted manual and automated reviews of application source code to uncover logic flaws, insecure patterns, and implementation issues. › Continuous Pentest: Designed and delivered continuous offensive security programs, replicating threat actor behaviors to proactively identify and mitigate emerging risks. › Social Engineering Campaigns: Orchestrated targeted social engineering engagements to assess human factor vulnerabilities and advise on organizational awareness improvements. › Active Directory Assessment: Conducted comprehensive evaluations of Active Directory environments to identify vulnerabilities, misconfigurations, and architectural weaknesses. Project Management ‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾ › Pre-Sales Engagement: Contributed to pre-sales activities by aligning tailored security testing solutions with client needs and technical requirements. › Autonomous Pentest Project Delivery: Managed end-to-end penetration testing engagements-from kickoff meetings and test execution to progress tracking and final report delivery-ensuring alignment with client expectations, scope, and timelines. Insomni'hack ‾‾‾‾‾‾‾‾‾‾‾‾ › CTF Challenge Creation: Designed and developed challenges for the Insomni'hack CTF competition. › Event Organization: Acted as on-site staff during the event, assisting with various tasks to ensure smooth operations.
Penetration Testing ‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾ › Application Pentest: Performed in-depth security assessments of web and mobile applications to identify and exploit vulnerabilities, providing strategic remediation guidance. › External Infrastructure Pentest: Conducted external penetration tests to evaluate the exposure and resilience of internet-facing systems against real-world attack scenarios. › Internal Infrastructure Pentest: Executed internal penetration tests simulating compromised access to assess risks associated with insider threats and lateral movement. › Social Engineering Campaigns: Designed and delivered phishing and other human-targeted attack simulations to assess employee awareness and organizational resistance to social engineering. › Red Team Engagements: Participated in advanced, multi-vector Red Team operations to simulate realistic threat actor behavior across technical, physical, and human domains, identifying gaps in detection and response capabilities. Research & Development ‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾ › Technical Writing & Knowledge Sharing: Authored in-depth articles on cybersecurity topics to share expertise, contribute to the security community, and promote continuous learning. › Ongoing Threat Intelligence & Technology Watch: Maintained continuous monitoring of emerging threats, attack techniques, and defensive strategies to stay ahead of the evolving threat landscape. › Conferences & CTF Participation: Actively participated in security conferences (e.g., Insomni’hack, Ph0wn) and Capture The Flag competitions to deepen technical expertise and stay engaged with the infosec community.
Stage professionnel