photo
Immortal-PC
- Professional page

Last update: 18 March 2019

Toogle open/close all

PROFESSIONAL EXPERIENCE

Work
During my 5 years as a Security Consultant I have carried out more than 200 missions in 7 different countries on various subjects such as: 
malware analysis, IT security training, web/mobile pentest, compiled software pentest, physical pentest (RedTeam), infrastructure pentest, payment terminal pentest,...
In parallel of these missions, I successfully passed three certifications: PASSI code review, PASSI pentest and OSCP.
Concerning hacking events, I participated twice to the "Nuit-du-Hack" and once to the "GreHack" CTF.
I would like to develop my expertise in vulnerability research, physical intrusion testing, SCADA audits and software reverse. engineering.




23 Nov. 15 - NowWorking at NES Security / SERMA NES as Pentester.
I performed many pentest in many areas (Aerospace, Internet service provider (ISP), Banking, Research Center, Audio-visual, Cosmetic industry, Department stores, Insurance, Rail transport, Energy, ...) on different targets:
	- Web (WebSphere, Python, PHP, Apache, Tomcat, SharePoint, ...)
	- Citrix
	- Mobile (Android, iOS)
	- Payment terminal (Ingenico, VeriFone, ...)
	- Wifi
	- Reverse engineering of compiled software in: Flash, Java, C#, C, C++
	- Reverse engineering of binary network protocol
	- RedTeam with phishing campaign and physical intrusion
	- Network intrusion
	- RFID attack

I have also done work internationally:
	- Belgium: Reverse engineering on a software in C
	- USA: RedTeam on two different enterprise sites
	- Switzerland: Reverse engineering on 3 softwares in C, Objective C and Java
	- Morocco: Reverse engineering on a software in C
	- Monaco: Reverse engineering on a software in C
	- United-Kingdom: Pentest on various web applications and softwares in C
	
I developed various internal software in different languages:
	- VBA and Powershell (Excel and Word scripting),
	- C# (development for fiddler),
	- JavaScript (development for fiddler and PoC with NodeJS),
	- Python (proxy and IP packet modification with Scapy)
	
I also led many security training sessions on different topics such as phishing, physical attacks, malicious mouse, password security, RFID attacks, ...

05 Jan. 15 - 18 Nov. 15Pentester at ON-X Security.
I was for almost a year in the position of pentester and malware analyst.
I perform many pentest in many areas (Aerospace, Banking, Research Center) in  three domains :
	- Web
	- Mobile
	- Reverse engineering of complied software.
I developed various internal software: report generator, plugin for Fiddler and a binary proxy.
I have also done a lot of malware analysis for an aerospace company.

10 Mar. 14 - 01 Aug. 14Placement in Linagora
I did a 5-month internship as a security consultant.
I was in charge of performing internal pentest and applying patches.
I was also in charge of the linux servers hardening.
01 Jun. 13 - 01 Sept. 13Placement in a Startup. ( Lead Developer and Security engineer )
01 Avr. 13 - 20 May. 13Working on my [GSOC] Boost proposal
01 Jan. 12 - 01 Sept. 12Placement in a Startup. ( Lead Developer and Security engineer )
09 May 11 - 29 July 11Placement in INSA ( Lyon ) ( Lead Developer and Security engineer )
June 2010Host a summer camp for blind children.
2005 - 2009Creation of websites Beauvoir de Marc ; ALTFER and ASTER ( CLOSED )
2000 - 2010Computer Troubleshooter

Achievements
Linux driver, IO Card: 2014, Linux Kernel, Driver, PCI, C, Doxygen, Hardware
GitHub Hacking: 2013, Git, Python, Doxygen, Markdown, Hacking
Crypto Calculator: 2014, Git, Doxygen, ReStructuredText, Qt, C++, Cryptographic algorithm (MD5, AES, Salsa20, ...)
Private Startup: 2011-2013, HTML5, CSS3, Javascript, jQuery, jQuery UI, Java Applet, C++, Qt, MongoDB, SQL
Bomberman: 2011, Game, C++, SDL, SDL gfx, SDL ttf, template, network/socket (17 000 lines)
Rootkit: 2012, Rootkit, C, Win32 API, Kernel, SSDT, IRP, DKOM
QConsole: 2011, Begin of terminal for Windows/UNIX - Qt, C++, OOP
Website timestamp: 2013, School work, openSSL, SSL server, Making an CA, openSSL horostamp, OTP, Python, PKI
IA algorithm: 2013, Ant colony optimization algorithms, Genetic algorithm, Python, PyGame
IA Ants: 2013, Ant colony optimization algorithms, Java 7, Swing, IA, A*, BestFirst, Doxygen
Android RSS App: 2013, Java, Android SDK (16)
L2TPv3 tunnel: 2013, (L2TPv3 tunnel secured by IPsec) VMWare, L2TPv3, IPSec, GRE, lxc
IPv6 ⇔ IPv4 for TCP: 2013, IPv6, TCP, Python, lxc, VMWare
SMTP Class: 2008, PHP, OOP, SMTP
PHP Mailing List: 2006, PHP, MySQL, TinyMCE, SMTP
Eguida: 2001, some PHP

More informations at bitbucket.org/ImmortalPC, bitbucket.org/DevsOfLegend and at https://github.com/1mm0rt41PC/

STUDY

Moving
Driving licence (Fr - France)
Certifications
- OSCP (Offensive Security Certified Professional) (in december 2018)
- PASSI (pentest, code review) (in 2018)
Study
- Homeschooling until University. (I went in england twice for HESFES)
- Bachelor's degree of computer science (UFR Mathématique informatique de Lyon) - 2012
- Algorithms ( B-Tree, red black, ... )
- C, C++
- Maths: algebra, analysis
- Boolean algebra
- Scheme
- DataBase: MySQL, Oracle (PL/SQL)
- Web: PHP, HTML, CSS
- Hardware and Software Architecture
- Unix introduction
- OpenGL
- Design and development of applications. ( I have made a game (Bomberman) in SDL/nCurse in 17000 lines (C++, template, socket, svn, doxygen) )
- Network (Cisco router)
- Socket
- Thread/Fork
- Theory of Formal Languages
- Java
- UML
- Optimization

More information on UCBL
- Master (Two years of university study in Computer Security) at CRYPTIS
- IPTables
- Python (Scapy)
- OpenMP and Cuda
- JEE, Maven, jUnit
- Network: DHCP, ARP, DNS, ICMP, ICMPv6, IPv6, IPv4, TCP, UDP, SMTP, HTTP, NAT, VLAN, L2TPv3, OSPF, RIP, BGP, AS, DNAT, SNAT, QoS (qDisc)
- Artificial Intelligence
- Cryptology: SHA1, DES, 3DES, RSA, AES, OpenSSL
- DataBase security
- Android
- Unit tests
- J2EE: JDBC, JPA (Hibernate), JTA
- Hacking: Reverse-Engineering (C x86), Exploit (integer overflow, buffer overflow), Rootkits, HoneyPot, Pentest (SQLi, XSS, CSRF, RFI)
- Mobile AD HOC networks with Raspberry Pi
More information on CRYPTIS
Languages
French: native language
English: good comprehension and expression
Italian: beginer
German: not worked since 2008...

PROGRAMMING LANGUAGES

Web
JavaScript, Ajax, CSS3, HTML5, XHTML, DHTML, PHP
DataBase
MySQL/MariaDB, Access (base), Oracle (PL/SQL), SQL3 (Oracle: SQL Object POO), CouchBase, MongoDB
Scripting
Python, Bash (sh), Ms Dos, QBasic, AutoIt v3, Scheme (/LISP), VBA (Excel & Word)
JVM
Java (EE, SE, ME, Android), Java Applet, JSP, Hibernate, Spring MVC, JUnit
SmartPhone
Android
Complier
C, C++ (gcc, g++, clang), C++11, ASMx86 (base / reverse), C# (CSC)
Library
Win32 API (base), Qt, Qxt, Ncurses, SDL/PyGame, SDL gfx, SDL ttf, OpenGL, Boost, Boost MPI, pThread, Ogre3D, OpenMP, Cuda, GMP
AmazonS3, DropBox, jQuery, jQuery UI, TinyMCE,
Junit, Spring MVC, Hibernate
Scapy
Documentation
UML, Doxygen, ReStructuredText, Markdown
Other
My code is oriented towards speed, stability and security. My code is increasingly well documented with Doxygen.

COMPUTING SKILLS

Operating Systems
MsDos, Windows 3.11 / 95 / 98 / XP / Vista / 7, Ubuntu 7.10/..., Mint, SliTaz, Debian, BackTrack4, Kali, Manjaro, Android
Softwares
Reverse engineering: W32dasm, OllyDbg1.10, IDA, justDecompiler(C#), JAD (Java Decompiler),
Pentest: NMap, Nessus, Burp, Fiddler, W3af, Scapy, WPScan, WhatWeb, Cheat Engine, WPE Pro (Winsock Packet Editor), Tamper Data, HackBar, ...
Malware analysis: Regshot, SysInternals Suite, TrID, Reverse engineering, Online Tools (malware.com, hybrid-analysis.com)
SysAdmin: Apache (mod-rewrite, mod-evasive, mod-spamhaus, mod-security), PHP, MySQL/MariaDB, MongoDB,
Fail2ban, PortSentry, DenyHosts,
Logstash, ElasticSearch, Kibana,
ipTables/NetFilter, OpenSSL, NFQueue, Socat
Developer: QtCreator, Subversion, Git, Mercurial, SSH, LDAP, MySQL WorkBench, SQL Developer (Oracle), Eclipse, Maven
Protocols
SMTP, POP, IMAP, SSH, FTP, SFTP, HDLC, HTTP, IPv4, IPv6, TCP, UDP, DNS, OSPF, RIP, BGP, L2TPv3, GRE
Hardware
CISCO router
Hacking
- Pentested envionnement: web (WebSphere, Python, PHP, Apache, Tomcat, SharePoint), java client (rim, t3), mobile (android, iOS, microsoft surface), client and server in C with their own network protocol
- Malware analysis (in C#, VBA and C)
- Web Vulnerabilities used: SQL Injections (Blind injection, Timing Attack), NoSQL Injection, XSS, DOM XSS, XXE, Session hijacking, CSRF, RFI (Remote File Include), LFI (Local File Include), Null byte vulnerability
- Reverse Engineering (C x86, Java/Android, C# and network),
- Exploit (integer overflow, arithmetic underflow, buffer overflow (with ASLR - jmp esp)),
- Rootkits (SSDT)
- Memory scanner/edition (with Cheat Engine and AutoIt),
- Packet injection,
- HoneyPot,
- Cryptography (md5 breaker in CUDA),
- WarGame: securite-info.org, Nebula, DVWA, BadStore, DVWA, OverTheWire, RedTiger, Natas
- GitHub contributions calendar Messager

QUALITIES

Self-taught person, meticulous, sense of autonomy and initiative, (qualities I developed as homeschooler)
independent but I know teamwork,
orderly and tidy

INTEREST

Paragliding, Swimming, Ping pong, Bicycle, IT development, Chess, DIY Manual, Gardening, Gaming (Minecraft, Age Of Empire, ...)

CONTACT

Show informations
Icons from Icones.pro