Nicolas Vincent

Nicolas Vincent Penetration Tester and Software Engineer, Calypt

nicolas.vincent100ATpmDOTme
vincentn1colas

2+ years in professional software development
Freelancer

Professional Experience

2022 - present	Calypt Penetration Tester and Software Engineer
2021 - 2022	Adrenalyse Software Engineer Intern, Freelancer

Education

2021 - 2022	Master of Science in Cybersecurity, Grenoble-INP UGA
2019 - 2022	Diplôme d'Ingénieur (MSc. in Engineering), Grenoble-INP ENSIMAG

Technologies I used professionally, hover for details

Go 1+ years Go Experience

Created and deployed a simple pseudonymization service based on the draft Oblivious Pseudorandom Functions (OPRFs) using Prime-Order Groups.
Design and development of a trading application which allows the creation, testing and deployment of trading strategies using Technical Analysis (TA) indicators.
Architected a module leveraging channels to send live asynchronous HTTP requests and send a list of HTTP requests asynchronously.

Cybersecurity 1+ years Cybersecurity Experience

Extensively studied software security, code analysis and secure programming.
Conducted OS configuration audits and hardening.
Implemented various attacks on embedded devices : SPA, DPA, CPA, fault attack on AES, ...
Took part in several web application audits, red team, internal audits and phishing campaigns.

ML, probability and statistics 1+ years ML, probability and statistics Experience

Applied Hugging Face TensorFlow transformer models to a Natural Language Inference challenge.
Studied different neural networks to solve the MNIST problem (VGG2, LeNet-5, ...).
Studied the German tank problem using MLE, method of moments, eCDF and EVMU.
Applied random processes modeling as Markov Processes for performance evaluation : quality of service, loss analysis, robustness and contention of queueing systems.

Web 3+ years Web Experience

Created a few web apps and APIs over the past 3 years : Go, Java, Node.js or Python for backend development / Javascript, Alpine.js and WASM for frontend development.

C 3+ years C Experience

Implemented various cryptographic attacks : square attack on 3 1/2 rounds of AES, generic second preimage attacks on long messages for narrow-pipe Merkle-Damgard hash functions and memoryless generic discrete logarithm computation in an interval using kangaroos.
Experimental analysis and profiling of locality defects of an Optimal Binary Search Tree (OBST). Did the same for matrix multiplication.
Designed and developed a JPEG encoder.
Wrote a few component of a minimalist operating system for x86 (PC 32 bits) : IO driver, time-sharing using the PC hardware clock, virtual memory allocator, a minimal POSIX shell, a simple preemptive scheduler.
Implemented some common concurrent programming algorithms.

Rust 1+ years Rust Experience

Implementation of some common algorithms for zero-sum games : Alpha Beta, Minimax, Negamax, MTD, Greedy.

Cloud 2+ years Cloud Experience

App deployment and orchestration with Docker and Docker Compose.
GCP experience : TPUs and GPUs, IAM, Compute Engine, Cloud Run.

Python 5+ years Python Experience

Implemented numerical analysis methods for solving the Debye-Huckel and Poisson-Boltzmann equations.
Extensive usage of matplotlib, seaborn, numpy, scipy and pandas. See for instance how I solved a linear optimization problem using the Hungarian algorithm.
Wrote a lot of scripts for data processing.
Developed several web applications with Django, Flask and FastAPI : applying TDD, implementing TOTP-base authentication, ...

Java 2+ years Java Experience

Wrote a web app with Tomcat, servlets and JavaSE-14 extensively using common design patterns : Front Controller, DAO, Strategy, Factory Method, Chain of Responsability, ...
Implementation of a Discrete Event Simulation (DES) graphical desktop application : design patterns, A* pathfinding algorithm, e2e tests.
Designed a compiler for a subset of an advanced language. The main points were compliance with requirements, software design, validation and verification techniques, quality process.

DBMS 3+ years DBMS Experience

Studied normalization theory and relational algebra.
Design of entity-relationship and relational schemas.
Developed a multi-user Java database application using Oracle 10g DBMS.
Designed a simple CRUD application using Node.js, Express, Sequelize and SQLite.
Designed a trading application database in PostgreSQL for storing orders, trades and strategies.

2022

Calypt

I joined Calypt under Valentin Baumont for my end-of-studies internship.

I have been part of web application audits, internal audits (200+ hosts), red team (1600+ domains) which led to the discovery of several critical vulnerabilities : RCE, SQLi, etc. I also conducted phishing campaigns.

I leaded various engineering tasks : a fork of BloodHound to visualize the results of nmap network scans, a fork of AADInternals to improve its data extraction capacities and I architectured an internal pentest collaborative platform.

You can find the presentation of end-of-studies internship here (in French).

Pentesting Go Neo4j PowerShell

2021

Adrenalyse

I designed and developed a trading application which allows the creation, testing and deployment of trading strategies using Technical Analysis (TA) indicators. The project architecture based on Event Sourcing makes very easy the addition of new components to implement risk management strategies. Thanks to Golang built-in concurrency constructs, you can run live strategies and simulations in parallel and control the execution and data flow of multiple live strategies.

I leveraged the pyfolio library to provide insights on the strategy performance.

I have created several API clients (REST and Websockets) to retrieve market data and enabled gRPC interaction with the core application (Go server and Python client).

This project was dockerized and deployed on GCP.

Go Python PostgreSQL gRPC Trading

Various

More information some might find useful: