About | Khalil Yahyaoui

Who I Am

I’m Khalil Yahyaoui — a penetration tester and offensive security consultant based in France. I specialize in breaking into web applications, Active Directory environments, and cloud infrastructure to help organizations find and fix their security weaknesses before the bad guys do.

With nearly 3 years of professional experience and a degree in Cybersecurity and Computer Networks from the National Institute of Applied Sciences and Technology (INSAT), I combine a solid academic foundation with hands-on offensive security expertise.

What I Do

My day-to-day involves finding vulnerabilities in web applications, APIs, internal networks, and cloud environments. I’m particularly passionate about red team operations, Active Directory attacks, and building custom offensive tools for adversary simulation and EDR/AV evasion.

I also automate everything I can — from reconnaissance to vulnerability scanning — because efficiency matters when you’re breaking into systems for a living.

Experience

Web Application Penetration Tester

Septeo Apr 2024 — Present

Conducting penetration tests on internal solutions across various business sectors. Automated web application testing tasks, improving coverage and reducing execution time by 50%. Developed internal security tools to strengthen the company's overall security posture.

CyberSecurity Consultant

Trustable Aug 2023 — Mar 2024

Performed penetration tests on web applications, networks, and Active Directory environments. Contributed to three open-source cybersecurity tools. Automated Windows and Linux configuration audits, cutting engagement time by 50%.

End of Study Internship

Ernst & Young (EY) Feb 2023 — Jun 2023

Developed an internal network reconnaissance and analysis tool that expanded attack surface identification and reduced manual testing time by 50%. Built and deployed a web application integrating the tool.

Skills

Web & API

Burp Suite Pro, OWASP ZAP, Nuclei, ffuf, sqlmap

Offensive Development

Python, Go, PowerShell, Bash, C/C#, EDR/AV evasion

Active Directory & Red Team

BloodHound, NetExec, Impacket, Responder, Rubeus, Mimikatz, Cobalt Strike, Sliver

Reconnaissance & Infrastructure

Nmap, Masscan, Amass, Subfinder, httpx, Shodan, Metasploit

Systems

Windows, Linux, Active Directory

Methodologies

OWASP Top 10, OWASP WSTG, PTES, MITRE ATT&CK, CIS Benchmarks