root@cedricfarinazzo:~#
Infrastructure Hacker | Security Researcher | Systems Engineer
Paris, FR • Breaking & Building Production Systems
[0x01] Infrastructure Exploitation
AWS primitives manipulation • Kubernetes RBAC bypass • Container escapes • Network pivoting via CNI • EKS privilege escalation • S3 bucket enumeration • IAM policy abuse • Lambda cold start exploitation • Cross-account boundary violations
[0x02] Offensive Security
Active Directory domain dominance • Kerberoasting & ASREPRoasting • NTLM relay attacks • PowerShell AMSI bypass • Living off the land techniques • C2 infrastructure (Covenant, Empire) • Custom implant development • Binary exploitation & ROP chains
[0x03] Production Engineering
40+ microservices in production • SLI/SLO engineering • Distributed tracing with Jaeger • Chaos engineering (Litmus, Gremlin) • Zero-downtime deployments • Circuit breakers • Bulkhead patterns • Canary releases with Flagger
[0x04] Automation & DevSecOps
GitOps with ArgoCD • Kubernetes operators in Go • Custom admission webhooks • Policy-as-code with OPA Gatekeeper • SAST/DAST/SCA integration • Container security scanning • Runtime threat detection with Falco
// Technical Arsenal
Cloud Security & Exploitation
AWS: Cross-service privilege escalation, metadata service abuse, S3 ACL manipulation, ECS task hijacking, Lambda layer poisoning, CloudFormation stack takeovers
K8s: RBAC escalation, pod security bypass, service account token abuse, admission controller evasion, network policy violations, hostPath escapes
Tools: Pacu, ScoutSuite, kube-hunter, kubectl-whoami, kubeletctl, peirates
Infrastructure as Code & Automation
Terraform: State file manipulation, provider backdoors, module injection, workspace isolation bypass, remote state corruption
Ansible: Vault decryption, inventory poisoning, callback plugin development, custom module backdoors
CDK: Aspect-based policy injection, construct library manipulation, cross-stack reference abuse, synthesis-time code execution
Binary Exploitation & Reverse Engineering
Exploitation: Buffer overflows, ROP/JOP chains, format string bugs, heap exploitation, kernel module development, UEFI firmware analysis
Tools: GDB with PEDA/GEF, IDA Pro, Ghidra, Radare2, Volatility, YARA rule development, Frida dynamic instrumentation
Techniques: Anti-debugging evasion, packer analysis, shellcode development, return-to-libc, ASLR/DEP bypass
Network Security & Protocol Analysis
Protocols: Custom protocol implementation, SSL/TLS attacks, BGP hijacking, DNS cache poisoning, DHCP spoofing, 802.1X bypass
Tools: Scapy packet crafting, Wireshark Lua scripting, Nmap NSE development, Metasploit module creation, Burp Suite extensions
Techniques: VLAN hopping, ARP poisoning, rogue access points, WPA2/WPA3 attacks, Bluetooth LE exploitation
// Professional Experience
Senior DevOps Engineer @ Manaos
- Multi-tenant Data Platform: Engineered PB-scale datalake using S3 intelligent tiering, Glue Spark ETL jobs, Athena federated queries, QuickSight embedded analytics. Implemented tenant isolation via IAM resource-based policies and VPC endpoints
- Container Security Hardening: Deployed distroless images, rootless containers, seccomp profiles, AppArmor policies, network segmentation with Calico, runtime security with Falco + custom rules, and vulnerability scanning with Trivy/Twistlock
- Zero-Trust Architecture: Implemented service mesh with Istio, mTLS everywhere, SPIFFE/SPIRE identity framework, OPA policy enforcement, and workload identity federation
- Infrastructure Attack Surface Reduction: Automated compliance scanning with Prowler, implemented GuardDuty + custom Lambda responses, deployed Macie for data classification, and Config rule automation
- GitOps & Policy-as-Code: Built ArgoCD ApplicationSets with Helm + Kustomize, OPA Gatekeeper constraint development, admission webhook chain, and git-crypt secrets management
DevOps Engineer @ ALTEN Innovation
- Production Kubernetes Platform: Built hardened AKS cluster with RBAC, Pod Security Standards, network policies, admission controllers, and cluster autoscaling with KEDA
- Observability Engineering: Implemented full-stack monitoring with Prometheus operator, custom metrics, Grafana dashboards, Loki aggregation, Jaeger tracing, and AlertManager routing
- Infrastructure Security: Deployed Azure Policy compliance, Key Vault CSI driver, managed identities, private endpoints, and network security group automation
// Research & Exploitation Projects
Hypervisor Escape Research
Virtualization Security: Analyzing XCP-ng hypervisor attack surface, Xen hypercalls, IOMMU bypass techniques, VM escape vectors via shared memory, PCI passthrough exploitation, and guest-to-host privilege escalation
Infrastructure: 4-server cluster with SR-IOV, ZFS, Kubernetes CNI analysis, network namespace escapes, and container runtime security (containerd/CRI-O)
Advanced Persistent Threat Simulation
Attack Chain: Apache CVE exploitation → SUDO privilege escalation → Kerberoasting → Golden Ticket → GPO manipulation → PowerShell empire deployment → Persistence via scheduled tasks
C2 Development: Custom Python RAT with AES encryption, DNS tunneling, process injection, keylogging, screenshot capture, and anti-forensics (log wiping, event clearing)
Compiler Security Analysis
Tiger Compiler: Complete implementation with security focus - stack protection, ROP mitigation, CFI implementation, ASLR support, and exploit mitigation analysis across x86-64/ARM/MIPS targets
Vulnerability Research: Integer overflow detection, buffer overflow mitigation, format string protection, and automated vulnerability discovery in generated binaries
Cryptographic Backup System
Multi-layer Encryption: Huffman/LZ77 compression → AES-256-GCM → RSA-OAEP → Vigenère obfuscation. PBKDF2 key derivation, secure random generation, and key escrow functionality
Attack Resistance: Side-channel attack mitigation, timing attack prevention, and cryptographic protocol analysis against known-plaintext attacks
Blockchain Protocol Implementation
Consensus Security: Proof-of-Work with SHA-256, double-spending prevention, 51% attack mitigation, selfish mining detection, and network partition tolerance
P2P Security: Eclipse attack prevention, Sybil attack resistance, DHT security, and Byzantine fault tolerance in distributed consensus
Side-Channel Attack Research
Power Analysis: Keystroke extraction from power line fluctuations using ML (CNN, RNN), signal processing with FFT, noise filtering, and feature extraction techniques
Countermeasures: Developed noise injection, power consumption normalization, and temporal randomization techniques to prevent side-channel leakage
// Current Research Areas
Zero-Day Research
Targets: Container runtimes, Kubernetes components, cloud provider services, hypervisor attack surface
Techniques: Fuzzing with AFL++, static analysis with CodeQL, dynamic analysis with Valgrind, and vulnerability chaining
Cloud Security Research
Focus Areas: Serverless security, container escapes, IAM privilege escalation, cross-tenant attacks, supply chain security
Tools: Custom enumeration scripts, automated exploitation frameworks, cloud-native security testing
Infrastructure Threat Modeling
Methodologies: STRIDE analysis, attack tree modeling, threat landscape analysis, risk quantification
Applications: Kubernetes security posture, CI/CD pipeline security, cloud architecture review
Offensive Tool Development
Languages: Go (concurrent tools), Rust (memory-safe exploits), C (kernel modules), Python (rapid prototyping)
Targets: Custom payloads, post-exploitation tools, persistence mechanisms, anti-forensics utilities
// Connect
Available for: Red team engagements • Infrastructure security audits • Zero-day research • Advanced DevSecOps automation