Skip to content
View franckferman's full-sized avatar
🎯
Focusing
🎯
Focusing

Block or report franckferman

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
franckferman/README.md

Franck Ferman

Franck Ferman

Cybersecurity Engineer

Offensive Security   Defensive Security   Governance

Pentest · Red Team · Malware Development
SOC · SIEM · DFIR · Cyber Threat Intelligence
Risk & Compliance · ISMS · EBIOS RM · ISO 27001 · PCI-DSS · PDIS

Systems & Networks   Development   AI

Windows · Linux · Hardening · Automation · DevOps
Local LLMs · RAG · Fine-tuning · AI Automation

Blog   LinkedIn   X   Root-Me


About me

Cybersecurity professional with a background spanning Offensive Security, Defensive Security, System & Network Administration, and Security Governance (Risk Management, Compliance, Security Strategy).

I build and break things, and I document both.


Education

  • HETIC — FullStack Web Development, Design & Communication
  • 42 — Low-Level Programming, Algorithms
  • Aston Institute — System, Network & Security Administration
  • 2600 — Offensive & Defensive Security, Governance
  • Oteria Cyber School — Cybersecurity & Governance

Experience

  • 💼 Freelance / Auto-entrepreneur — IT · Web Developer · SysAdmin · Security Consultant Independent missions across IT, infrastructure, web development and security consulting.

  • 🌍 Veolia — IT Global leader in water, waste & energy management — €45B+ revenue, 220+ countries, 213,000+ employees.

  • 🇫🇷 French National Assembly — IT Core institution of French democracy — 577 deputies, Palais Bourbon, Paris.

  • 🏙 City of Aulnay-sous-Bois — IT → SysAdmin & Network Engineer → CISO Municipal infrastructure — 85,000+ inhabitants, 2,000+ agents, 100+ sites, 1,500+ endpoints, 100+ servers. On-prem datacenter (7+ physical hosts, server racks), 100+ L2/L3 switches over a city-wide fiber network linking sites across several kilometers — schools, police, administrative buildings. Everything managed in-house.

  • 🎭 Théâtre des Champs-Élysées · Groupe Caisse des Dépôts — Cybersecurity Engineer Classified French historical monument (1957), Avenue Montaigne — CDC-group property since 1970, via the Société Immobilière du Théâtre des Champs-Élysées (a CDC subsidiary). Hybrid SI security, offensive & defensive operations, SOC deployment.

  • 🏦 Crédit Agricole · CAGIP (Crédit Agricole Group Infrastructure Platform) — Cybersecurity & Senior Linux Engineer — IT infrastructure arm of one of the world's largest banking groups: €2,000B+ in assets, 150,000+ employees worldwide.

  • ⚔️ KatanHack — Founder Cybersecurity consultancy — penetration testing, Active Directory & web audits, security awareness.

Additional engagements conducted as freelance / auto-entrepreneur — from quick one-off jobs and individual clients to small businesses and confidential contracts — across pentest, security consulting, IT infrastructure, and development.


Research & CVEs

  • CVE-2025-67906 — Stored XSS · MISP (Malware Information Sharing Platform) · Workflow Engine
    CVSS 9.0 Critical Patched NVD CIRCL
    Zero-click persistent XSS via doT.js template injection. Session hijacking, threat intel data exfiltration.

  • Critical 0-Days — Blind SQLi & Zero-Click Stored XSS · GovTech / Enterprise SaaS
    CVSS Critical NDA
    Unauthenticated DB exfiltration + zero-click super-admin session takeover.

  • Critical 0-Day — Cryptographic Failure + Business Logic · Fortune 500 Payment Infrastructure
    CVSS Critical NDA
    Transaction integrity bypass across the entire global payment network.

  • Critical — Chained Authentication Bypass · Xelians
    CVSS 9.3 Critical
    Multiple chained vulnerabilities leading to full account takeover across the platform and all client tenants — including sensitive government archive data.

  • High — Mass Government Data Exfiltration via Authentication Bypass · DINUM (Direction Interministérielle du Numérique)
    CVSS 7.5 High
    Chained enumeration and authentication bypass — exposing criminal investigation files, classified government records, employee PII, and sensitive operational data across the entire French public sector.

  • High — CORS Misconfiguration + Regex Bypass · Qwant
    CVSS 7.4 High
    Cross-origin exfiltration of authenticated data via origin reflection and suffix bypass.

  • High — Healthcare Platform Data Exfiltration · Caisse Nationale d'Assurance Maladie
    CVSS 7.5 High
    Unauthenticated access to sensitive internal healthcare data and operational information of France's national health platform.

A curated, non-exhaustive selection — further findings remain private or under NDA.


Cyberpunk City Pixel Art

  • Pentest & Red Teaming — Infra., AD, Web, Wi-Fi Assessments, Adversary Emulation, OPSEC.
  • Malware Development — Offensive tooling in C, Rust, Go, Python — loaders, rootkits, C2 implants, exploit writing.
  • Security Governance — ISMS, risk management (EBIOS RM), compliance, awareness — CISO / Assistant CIO experience.
  • System & Network Administration — AD, Cisco, Palo Alto, ESXi, Proxmox, Windows/Linux hardening, automation, DevOps.
  • Defensive Security — SOC, detection engineering, incident response, threat hunting, SIEM.

Available for engagements and serious collaborations — consulting or building.
Availability varies with current assignments and workload; always up for a coffee.


Skills & Competencies

Languages & Scripting

Python C Rust Go JavaScript PowerShell Bash Assembly Git

Offensive Security

Nmap Nuclei ffuf Burp Suite Metasploit Cobalt Strike Havoc C2 Mythic C2 Sliver Empire BloodHound AzureHound bloodhound-python PowerView ldeep ADMiner PingCastle Rubeus Certipy GhostPack Impacket NetExec Mimikatz Responder PetitPotam Coercer PrinterBug DNSTool SharpSCCM sprayhound o365spray Evilginx Ligolo-ng Hashcat John the Ripper Bettercap smbclient Nessus Specops Atomic Red Team Caldera pypykatz DonPAPI DomainPasswordSpray pyGPOAbuse SharpGPOAbuse GraphStrike C2concealer AADInternals ROADtools RoadTX TeamFiltration MailSniper GraphRunner MFASweep MSOLSpray leonidas

Reverse Engineering

IDA Pro Ghidra radare2 x64dbg Frida dnSpy Binary Ninja

Defensive Security

Wazuh Splunk Microsoft Sentinel Velociraptor Hayabusa Chainsaw Microsoft Defender XDR GravityZone Cortex XDR Cortex XSOAR Zabbix YARA Sigma Sysmon Sysmon for Linux MISP OpenCTI MITRE ATT&CK

DevOps & Automation

Ansible Rundeck Docker Podman Vagrant Terraform GitHub Actions

Systems & Infrastructure

Linux Debian Ubuntu Arch Linux Gentoo Rocky Linux Windows Windows Server Active Directory Microsoft 365 Entra ID Cisco Palo Alto Fortinet pfSense OPNsense vSphere ESXi vCenter Proxmox Wireshark tcpdump Lynis HardeningKitty

AI & LLM

Ollama Local LLMs RAG Fine-tuning n8n Claude Code Hermes AI Automation

Governance & Compliance

ISO 27001 NIST GDPR PCI-DSS HDS EBIOS RM LPM PDIS CIS ANSSI


Contact

Email   Telegram   Signal


Projects

Cybersecurity

  • MetaDetective — Metadata intelligence for OSINT & pentesting — the Metagoofil successor.
  • SYSTEMatic — Token impersonation: Administrator → SYSTEM, no tools required.
  • ADMappingToolkit — Active Directory inventory & network recon — reachability, ports, unconstrained delegation, EOS OS, CSV export.
  • AD-AdminSDHolder-Toolkit — Audit, detect backdoors & clean orphaned AdminSDHolder (AdminCount=1) accounts via well-known SIDs.
  • PunyPwn — Typosquatting, IDN homograph & bitsquatting generator for red team & brand protection.
  • red-merle — Reduce your cellular footprint.
  • Memento-RTLO — Right-to-Left Override (RTLO) extension-spoofing file renamer.
  • Floodles — Modular DoS/DDoS testing toolkit — 19 vectors across L3/L4/L7 (Python/C/Rust/Go).
  • DOSArena — DoS/DDoS training platform with live proof-of-impact scoring — 8 scenarios, 15 containers.
  • GhostInTheKernel — Stealthy modular LKM rootkit — kernel-level control, concealment & privilege escalation.
  • 0adC2 — C2 framework tunneling encrypted traffic inside the 0 A.D. game protocol (ENet UDP).
  • ping-007 — Covert ICMP C2 in Go — AES-256-GCM exfil, OS ping mimicry, anti-SOC evasion.
  • do-manager — Red Team infrastructure orchestration on DigitalOcean — one-command campaign deploy, C2/redirector/phishing firewall presets, IP rotation, node rebuild, and Havoc/Sliver/GoPhish/evilginx2 cloud-init templates. Go CLI + library.
  • CrabMeleon — Rust toolkit generating fully polymorphic binaries with sandbox detection & auto-signing.
  • p0wnyShellX — Polymorphic-generation fork of p0wny-shell (single-file PHP webshell).
  • KeyMaker — Code-signing certificate forgery — fake company, real signature.
  • SATAN2 — Anti-forensics: multi-pass wiping, nested encryption, filesystem implosion & artifact forgery.
  • hidemylogs — Surgical Linux log cleaner — erase lastlog/wtmp/btmp/utmp records while preserving file metadata.
  • LastLog-Audit — Linux last-logon forensics from the binary lastlog database.
  • DataDetective — The Sleuth Kit (TSK) Python wrapper for digital forensic investigations.
  • CassandraCTI — Collect, process & auto-distribute Cyber Threat Intelligence from RSS across platforms.
  • fr-cni-detector — Multithreaded OCR + parser to detect French national ID documents across file types.
  • SecSheets — Cybersecurity cheat-sheet hub — pentest, red/blue/purple team, GRC, tools & frameworks.
  • CVE-2025-67906 — MISP ≤ 2.5.27 stored XSS via the Workflow Engine (doT.js template injection).
  • CVE-2026-24061 — GNU InetUtils telnetd — unauthenticated remote root via NEW-ENVIRON injection.

Systems & Tooling

  • ubuntu-post-install — One script: hardening, GNOME tweaks, privacy & developer tooling on fresh Ubuntu.
  • debian-server-post-install — Debian server post-install — profile-based config, VPS-safe hardening, firewall & Docker.
  • Win-PostInstall — Windows post-install — automate, harden, customize.
  • Hyper-V-Toolbox — Vagrant/Docker-style CLI to streamline Hyper-V virtual machine management.
  • SysAdminToolbox — Network administration toolkit — subnetting and a range of useful calculations.
  • fix_wsl2_networking — Fix WSL2 networking and connectivity problems.
  • PowerShell-Script-GUI-Template — Build interactive Windows GUI apps in pure PowerShell — no C#/WPF.
  • Interactive-Batch-Script-Template — Ready-to-use template for interactive batch scripts.
  • bmctl — Firefox bookmark toolkit — audit duplicates, compare exports, merge, dashboard.
  • whispr — Whisper transcription pipeline — 3 backends, parallel chunks, multi-format output.

Beyond this profile — a large part of my work never ships publicly: private tooling, projects built exclusively for clients, and internal research. What's here is only a fraction.

Every tool built, every system broken, every vulnerability documented — the full picture lives in the repositories.


Visitor counter

Pinned Loading

  1. MetaDetective MetaDetective Public

    Unleash Metadata Intelligence with MetaDetective. Your Assistant Beyond Metagoofil.

    Python 494 57

  2. p0wnyShellX p0wnyShellX Public

    Fork of p0wny-shell with polymorphic generation.

    Python 4