Menu

Simon TRAN

Puteaux

En résumé

Mes compétences :
Metasploit
Java
Python
Lua
Google App Engine
C++
Linux
Microsoft Windows
Active Directory

Entreprises

  • Deloitte Tax & Consulting - IT Security Analyst

    Puteaux 2015 - maintenant Performed Intrusion testing on Thin Client PC.

    Designed and implemented web application attack scenarios using combined vulnerabilities based on intrusion testing report.

    Performed source code security review on Mobile Banking Application (iOS and Android)

    Quick deployment of a data leak monitoring framework.

    Studied european regulation guidelines EBA/GL/2014/12 regarding Security of Internet Payments and the local enforcement in Luxembourg under the regulation CSSF 15/603.

    Developpment of a Web Application tool for picture generation with Web2py framework.

    Common tools used during intrusion testing:
    - Environment: Kali Linux, OSX, Windows...
    - Scanners: Nikto, W3AF, Zap, Nessus, Acunetix, Burp, Nmap...
    - Exploitation framework: Nishang, Powersploit, Metasploit, SE Toolkit, BEEF...
    - Password recovery: Cain, John, Hashcat, Burp Intruder, Passware Suite, Hydra...
    - Web applicaton testing: Sikuli, Selenium, Burp, Python Mechanize / Beautifulsoup / urllib...
  • Deloitte Tax & Consulting - IT Security Analyst (trainee)

    Puteaux 2014 - 2014 Studied Luxembourg IT financial regulation CSSF 12/552 (IT outsourcing chapter) and 13/554.

    Participated to an IT Audit based on ISAE3402 type 2 for a financial institution client.

    Assisted security professionals on intrusion testing engagement (IBM AIX, Oracle, Active Directory, Firewall configuration review...)

    Participated to an internal POC (Web Application gap analysis, specifications of the target Architecture) for an automated report generation tool deployment.

    Participated to several external IT audits for clients in financial industry.
    Audit performed on the following scopes: General IT Control, Access Security and Datacenter & Network Operations.

    Preformed privileged access review on CORONA financial application.

    Configuration review and user accesses review on IBM AIX / Solaris / Linux Operating Systems configuration, Oracle, Sybase ASE, MIcrosoft SQL Databases.

    Assisted security professionals on Forensic engagements (Ruby, PHP, Lua and Microsoft SQL scripting)
  • Freelance - App-engine Cloud developer

    2014 - 2014 Worked as Freelancer as App-engine developer (Google Cloud computing framework tool).

    The following tasks were done :
    - Designed a web architecture for Lua programming language remote code execution.
    - Implemented the architecture with Python 2.7 and Google NDB No-SQL database.
    - Designed product licensing model.
    - Implemented client-agent to execute the authorized remote code according to the customer licensing rights.
    - Implemented security measures (prevention and detection) against licensing circumvention.
    - Front view templating with HTML5 / CSS3 / Javascript and Jinja2 framework.
    - Web instances administration and log monitoring.
  • Ekino, Fullsix Group - Consultant Technique Stagiaire

    2012 - 2012 Au sein d’une entreprise située à Levallois, j’ai eu pour rôle d’assister un consultant technique confirmé dans la réalisation d’un projet pour le client de grand compte SFR. Durant ce stage, j’ai contribué à la rédaction des spécifications fonctionnelles, au suivi de développement, à la réalisation des tests, mais aussi à l’investigation sur des bugs et incidents remontés directement par le client.
    Durant ce stage j’ai aussi eu l’occasion de programmer des scripts en Python afin de réaliser des tests automatisés de non-régression sur l’applicatif en question.
    Quand le projet est actuellement en production dans toutes les boutiques SFR en France.
  • Advacare Pharma International - Stagiaire en développement PHP / Javascript

    2011 - 2011 Dans le cadre d'un stage d'une durée de 1 mois effectué à Shanghai, il a fallut améliorer et optimiser un applicatif web back-office existant pour une compagnie internationale d'import-export de produit pharmaceutique.
  • E.P.I.T.A - Etudiant

    2009 - 2014

Formations

Pas de formation renseignée

Réseau

Annuaire des membres :