Loïc Castel

57, rue Corot - 92410 Ville d'Avray - France
06 79 56 23 40
31 years old

Security Consultant, Telindus Security Research Center

Objectives

Security consultant / Security R&D / Malware analyst

Professional Experiences

Security consultant / Pentester

Telindus France

Since February 2012
Les Ulis - France

- Onsite and remote penetration testing in several situation, including environments like Citrix, Active directories, transactionals sites, ...

- iOS (iPhone or iPad operating system) application audit , reverse-engineering on ARM-based devices, vulnerability discoveries, remote exploitation and multiple development on iOS platforms

- Multiple development including trojan horses for several platforms, or a tool to discover and crawl an entire company group points of presence on the web.

- MISC 67 - French IT security magazine - Publication of an article intitled "Mach-O format manipulation and concrete applications on Apple executables"

Security consultant / Pentester

Thales Communications & Security

From October 2010 Till February 2012
Velizy-Villacoublay - France

- Penetration tests (Applicative, System, Network, Internal, Nomad access)
- Multiple "proof of concept" implementation in order to demonstrate advanced exploitation of several known vulnerabilities, including threats on Full disk encryption solutions
- Advanced vulnerability assesment on specific products
- Software reverse-engineering
- Code assessment
- Configuration assessment
- Client sectors included banks, finances, insurances and public.

Penetration Testing Engineer

Telindus

From June 2009 Till October 2010
Les Ulis - France

- Consulting in several areas of security including penetration testing, application vulnerability assessments, network vulnerability assessments, and network and wireless security.
- Performing onsite and remote penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment, and VoIP infrastructure
- Performing ethical hacking to assess the vulnerabilities of test, Internet, and/or Intranet including Windows, Linux, AIX, Solaris and HP-UX connected systems, networks, and applications
- Writing and presenting reports on security vulnerabilities to both internal and external customers.
- Developping of a remote browser security test platform, in order to assess client-side vulnerabilities

Security auditor internship

Devoteam S.A.

From January Till June 2009
Levallois-Perret - France

- Security Audit and Vulnerability assessment.
- Development of an application maintaining a vulnerability database, allowing to insert datas in a security report Security tools upgraded.
- Penetration testing in insurance and telecommunication domain.

IT Software Engineer

Vanksen Group

From October 2007 Till January 2008
Bertrange - Luxembourg

- Development of a WCF service doing important data synchronisation in C#.
- Managing of an entire project concerning the service, and creating and linking these data with SQL Reporting.
- Security audit on all websites (around 10) of the group, finding and fixing several web security holes and network vulnerabilities.

Security Internship

Lumension Corp.

From August Till October 2007
Bertrange - Luxembourg

- Internship in a QA department of Lumension Corp, Microsoft Gold Partner society
- Writing of several test cases and user integration tests
- Security audit of some features of Lumension Endpoint Security softwares, including Client Hardening, File Type Filtering, and specific vulnerability assessments

Marketing and Communication placement

French Embassy in Thailand

From February Till May 2007
Bangkok - Thailand

- Creation of some communication tools for the Embassy, in the press department.
- Audit of the governemental website and upgraded it and adding of a newsletter system and integration of an administration software.
- Writing of some press revues, in English and French, and organizing Presse Conferences in Bangkok.

Network and Telecommunication placement

Orange France

From May Till August 2006
Lille - France

- Working on the GSM/UMTS architecture, in mobile networking and creation of a mobile detection tool.

Educational Background

Network and Telecommunication Engineering

Telecom Lille

June 2009
Villeneuve D'ascq - France
Chosen Option : Network Security 

Engineering, Security and Networking degree

Ecole Polytechnique de Montreal

January 2009
Montréal - Canada

Skills

OPST Certification

OSSTMM Professional Security Tester - Obtained in April 2010

OSCE Certification

Offensive Security Certified Expert - Obtained in May 2013
- Identifying hard-to-find vulnerabilities.
- Conducting intelligent fuzz-testing.
- Analyzing, correcting, modifying, and porting exploit code.
- Hand-crafting binaries to evade anti-virus software.

 

Languages

English

Bilingual

German

Average

Personal Interests

Extra activities

Taek-Won-Do, Karaté, Jogging and Swimming practice
Music playing (Piano, Bass et Jazz Guitar).

Vulnerability assessment on various products, taking part in "Capture the flag" events about solving security challenges in team or by myself.

Created with NetCV