Ricardo Matias

Security Enthusiast - Pentester

Hauts de France - France

I'm a guy interested by cybersecurity, homemade IT stuff and good Belgian beers. I like learning new things and helping Internet community to be more safe doing BugBounties or finding new CVEs

Svg Vector Icons : http://www.onlinewebfonts.com/icon Ric0s Logo Twitter Ric0sMat Logo Github Ric0sM Ric0s Hack The Box Ric0s ric0s ric0s Ric0s

EXPERIENCE

NBS System

March 2019 - present | Pentester

  • Pentesting : Web, Mobile, Infrastructure (Internal, external, Docker), Workstation, PCI-DSS
  • Manual code reviews : PHP, Python, Java
  • Phishing : finding and playing scenarios, deploying infrastructure and exploiting findings
  • R&D : attacking Docker environment, offensive and RedTeam tooling, reporting automation (Dradis and VBA)
  • Forensics : compromised Web applications; Active Directory investigations
  • Sharing knowledge with collegue and supporting trainees

Claranet CyberSecurity

February 2017 - February 2019 | Security Consultant - Pentester

  • Pentesting : Web, Infrastructure (Internal, external, Docker), PCI-DSS
  • Manual code reviews and tooled (CheckMarx): PHP, Python, Java
  • R&D : develop Code Review as a Service offer (technical specifications, POCs, tooling, procedures, etc)

Incloudio

January 2015 - February 2017 | Applicative Security Consultant

  • Pentesting : mainly WebApps
  • Manual code reviews : PHP, Python
  • API Best practices : studying standards, applying best practices

EDUCATION

École Supérieure de Génie Informatique (ESGI) - Paris

2013 - 2015 | Master's Degree in IT Security

Université de Valenciennes - Antenne de Maubeuge

2012 - 2013 | Bachelor's Degree in Ethical Hacking

Lycée Gustave Eiffel - Dijon

2010 - 2012 | HND's Degree in Industrial IT

CERTIFICATIONS

Certified Ethical Hacker (CEH)

EC-Council - June 2014

EC Council Security Analyst (ESCA)

EC-Council - June 2015

Offensive Security Certified Professional (OSCP)

Offensive Security - October 2017

CxAdvanced Certified Engineer

CheckMarx - December 2018

Certified Red Team Professional (CRTP)

Pentester Academy - March 2021

Certified Azure Red Team Professional (CaRTP)

Pentester Academy - May 2022

SKILLS

Pentesting

  • Web
  • API
  • Infrastructure
  • Active Directory
  • Docker
  • iOS
  • Android
  • AWS
  • Azure

Code Review

  • CheckMark
  • PHP
  • Python
  • Java
  • JavaScript

Audit methods

  • OWASP
  • PTES
  • PCI-DSS

Tooling

  • BurpSuite Pro
  • Metasploit
  • Dradis Pro
  • Impacket Suite
  • Mimikatz
  • BloodHound
  • CrackMapExec
  • SQLMap
  • MobSF
  • Frida
  • Objection
  • And other !

Development

  • Python
  • Bash
  • PowerShell
  • PHP
  • C/C++