Skip to content
View franckferman's full-sized avatar
🎯
Focusing
🎯
Focusing

Block or report franckferman

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
franckferman/README.md

Franck Ferman

Franck Ferman

Cybersecurity Engineer

Offensive Security   Defensive Security   Governance

Pentest · Red Team · Malware Development
SOC · SIEM · DFIR · Cyber Threat Intelligence
Risk & Compliance · ISMS · EBIOS RM · ISO 27001 · PCI-DSS · PDIS

Systems & Networks   Development   AI

Windows · Linux · Hardening · Automation · DevOps
Local LLMs · RAG · Fine-tuning · AI Automation

Blog   LinkedIn   X   Root-Me


About me

Cybersecurity professional with a background spanning Offensive Security, Defensive Security, System & Network Administration, and Security Governance (Risk Management, Compliance, Security Strategy).

I build and break things, and I document both.


Education

  • HETIC — FullStack Web Development, Design & Communication
  • 42 — Low-Level Programming, Algorithms
  • Aston Institute — System, Network & Security Administration
  • 2600 — Offensive & Defensive Security, Governance
  • Oteria Cyber School — Cybersecurity & Governance

Experience

  • 💼 Freelance / Auto-entrepreneur — IT · Web Developer · SysAdmin · Security Consultant Independent missions across IT, infrastructure, web development and security consulting.

  • 🌍 Veolia — IT Global leader in water, waste & energy management — €45B+ revenue, 220+ countries, 213,000+ employees.

  • 🇫🇷 French National Assembly — IT Core institution of French democracy — 577 deputies, Palais Bourbon, Paris.

  • 🏙 City of Aulnay-sous-Bois — IT → SysAdmin & Network Engineer → CISO Municipal infrastructure — 85,000+ inhabitants, 2,000+ agents, 100+ sites, 1,500+ endpoints, 100+ servers. On-prem datacenter (7+ physical hosts, server racks), 100+ L2/L3 switches over a city-wide fiber network linking sites across several kilometers — schools, police, administrative buildings. Everything managed in-house.

  • 🎭 Théâtre des Champs-Élysées · Groupe Caisse des Dépôts — Cybersecurity Engineer Classified French historical monument (1957), Avenue Montaigne — CDC-group property since 1970, via the Société Immobilière du Théâtre des Champs-Élysées (a CDC subsidiary). Hybrid SI security, offensive & defensive operations, SOC deployment.

  • 🏦 Crédit Agricole — Cybersecurity & Linux Systems Engineer At one of the world's largest banking groups — €2,000B+ in assets, 150,000+ employees worldwide.

  • ⚔️ KatanHack — Founder Cybersecurity consultancy — penetration testing, Active Directory & web audits, security awareness.

Additional engagements conducted as freelance / auto-entrepreneur — multiple confidential clients across pentest, security consulting, IT infrastructure, and development missions.


Research & CVEs

  • CVE-2025-67906 — Stored XSS · MISP (Malware Information Sharing Platform) · Workflow Engine
    CVSS 9.0 Critical Patched NVD CIRCL
    Zero-click persistent XSS via doT.js template injection. Session hijacking, threat intel data exfiltration.

  • Critical 0-Days — Blind SQLi & Zero-Click Stored XSS · GovTech / Enterprise SaaS
    CVSS Critical NDA
    Unauthenticated DB exfiltration + zero-click super-admin session takeover.

  • Critical 0-Day — Cryptographic Failure + Business Logic · Fortune 500 Payment Infrastructure
    CVSS Critical NDA
    Transaction integrity bypass across the entire global payment network.

  • Critical — Chained Authentication Bypass · Xelians
    CVSS 9.3 Critical
    Multiple chained vulnerabilities leading to full account takeover across the platform and all client tenants — including sensitive government archive data.

  • High — Mass Government Data Exfiltration via Authentication Bypass · DINUM (Direction Interministérielle du Numérique)
    CVSS 7.5 High
    Chained enumeration and authentication bypass — exposing criminal investigation files, classified government records, employee PII, and sensitive operational data across the entire French public sector.

  • High — CORS Misconfiguration + Regex Bypass · Qwant
    CVSS 7.4 High
    Cross-origin exfiltration of authenticated data via origin reflection and suffix bypass.

  • High — Healthcare Platform Data Exfiltration · Caisse Nationale d'Assurance Maladie
    CVSS 7.5 High
    Unauthenticated access to sensitive internal healthcare data and operational information of France's national health platform.

A curated, non-exhaustive selection — further findings remain private or under NDA.


Cyberpunk City Pixel Art

  • Pentest & Red Teaming — Infra., AD, Web, Wi-Fi Assessments, Adversary Emulation, OPSEC.
  • Malware Development — Offensive tooling in C, Rust, Go, Python — loaders, rootkits, C2 implants, exploit writing.
  • Security Governance — ISMS, risk management (EBIOS RM), compliance, awareness — CISO / Assistant CIO experience.
  • System & Network Administration — AD, Cisco, Palo Alto, ESXi, Proxmox, Windows/Linux hardening, automation, DevOps.
  • Defensive Security — SOC, detection engineering, incident response, threat hunting, SIEM.

Available for engagements and serious collaborations — consulting or building.
Availability varies with current assignments and workload; always up for a coffee.


Skills & Competencies

Languages & Scripting

Python C Rust Go JavaScript PowerShell Bash Assembly Git

Offensive Security

Nmap Nuclei ffuf Burp Suite Metasploit Cobalt Strike Havoc C2 Mythic C2 Sliver Empire BloodHound AzureHound bloodhound-python PowerView ldeep ADMiner PingCastle Rubeus Certipy GhostPack Impacket NetExec Mimikatz Responder PetitPotam Coercer PrinterBug DNSTool SharpSCCM sprayhound o365spray Evilginx Ligolo-ng Hashcat John the Ripper Bettercap smbclient Nessus Specops Atomic Red Team

Reverse Engineering

IDA Pro Ghidra radare2 x64dbg Frida dnSpy Binary Ninja

Defensive Security

Wazuh Splunk Microsoft Sentinel Velociraptor Hayabusa Microsoft Defender XDR GravityZone Cortex XDR Cortex XSOAR Zabbix YARA Sigma Sysmon Sysmon for Linux MISP OpenCTI MITRE ATT&CK

DevOps & Automation

Ansible Rundeck Docker Podman Vagrant Terraform GitHub Actions

Systems & Infrastructure

Linux Debian Ubuntu Arch Linux Gentoo Rocky Linux Windows Windows Server Active Directory Microsoft 365 Entra ID Cisco Palo Alto Fortinet pfSense OPNsense vSphere ESXi vCenter Proxmox Wireshark tcpdump Lynis HardeningKitty

AI & LLM

Ollama Local LLMs RAG Fine-tuning n8n Claude Code Hermes AI Automation

Governance & Compliance

ISO 27001 NIST GDPR PCI-DSS HDS EBIOS RM LPM PDIS CIS ANSSI


Contact

Email   Telegram   Signal


Projects

  • MetaDetective — Metadata intelligence for OSINT & pentesting — the Metagoofil successor.
  • SYSTEMatic — Token impersonation: Administrator → SYSTEM, no tools required.
  • ADMappingToolkit — Active Directory inventory & network recon — reachability, ports, unconstrained delegation, EOS OS, CSV export.
  • AD-AdminSDHolder-Toolkit — Audit, detect backdoors & clean orphaned AdminSDHolder (AdminCount=1) accounts via well-known SIDs.
  • CassandraCTI — Collect, process & auto-distribute Cyber Threat Intelligence from RSS across platforms.
  • PunyPwn — Typosquatting, IDN homograph & bitsquatting generator for red team & brand protection.
  • LastLog-Audit — Linux last-logon forensics from the binary lastlog database.
  • hidemylogs — Surgical Linux log cleaner — erase lastlog/wtmp/btmp/utmp records while preserving file metadata.
  • CVE-2025-67906 — MISP ≤ 2.5.27 stored XSS via the Workflow Engine (doT.js template injection).
  • CVE_2026_24061 — GNU InetUtils telnetd — unauthenticated remote root via NEW-ENVIRON injection.
  • do-manager — Modular Go CLI & library to provision, inspect & destroy DigitalOcean infrastructure.
  • ubuntu-post-install — One script: hardening, GNOME tweaks, privacy & developer tooling on fresh Ubuntu.
  • bmctl — Firefox bookmark toolkit — audit duplicates, compare exports, merge, dashboard.
  • whispr — Whisper transcription pipeline — 3 backends, parallel chunks, multi-format output.
  • Floodles — Modular DoS/DDoS testing toolkit — 19 vectors across L3/L4/L7 (Python/C/Rust/Go).
  • DOSArena — DoS/DDoS training platform with live proof-of-impact scoring — 8 scenarios, 15 containers.

Beyond GitHub — selected work that stays private: Bikochu, a self-hosted internet asset & vulnerability-intelligence platform (host / service / port indexing, CVE correlation, passive DNS and network-flow queries, all exposed through a native MCP interface) · Bluetchi, Bluetooth exploitation research & tooling.

Every tool built, every system broken, every vulnerability documented — the full picture lives in the repositories.


Visitor counter

Pinned Loading

  1. MetaDetective MetaDetective Public

    Unleash Metadata Intelligence with MetaDetective. Your Assistant Beyond Metagoofil.

    Python 475 54

  2. CassandraCTI CassandraCTI Public

    Collect, process, and automatically distribute Cyber Threat Intelligence from RSS feeds across multiple platforms.

    Python 6