Rami Ben Fredj
@ramibenfredj
Penetration tester and offensive security specialist securing networks, web APIs, and industrial systems.
What I'm looking for
I’m a Computer Science M.Sc. student specializing in network and industrial security, with hands-on offensive security experience across network, web, API, binary, and cryptographic exploitation. I’m comfortable running the full assessment workflow—from reconnaissance and enumeration through exploitation, privilege escalation, and post-exploitation—on both Windows Active Directory and Linux targets.
Beyond testing, I’ve spent over two years building and securing production web applications and authentication systems in .NET, which gives me an attacker’s insight into how real-world APIs, SSO, and token flows are implemented and where they break. My work includes executing full Windows Active Directory compromise chains, developing deserialization- and injection-driven RCE paths, and conducting cryptanalysis research on MD5 collisions with practical, documented reimplementation.
Experience
Work history, roles, and key accomplishments
Designed and integrated Okta single sign-on and bearer-token authorization across an ASP.NET API suite to implement access control and secure inter-service communication. Built and productionized multiple ASP.NET web applications and developed Logstash ingestion pipelines with automated testing coverage improvements.
Active Directory & Web Exploitation
Performed end-to-end Windows Active Directory compromise chains and web exploitation from initial access through privilege escalation and post-exploitation. Also implemented authenticated exploitation chains including deserialization and injection-based RCEs, token abuse, and credential attacks.
Penetration Tester
Penetration tester with offensive security experience across network, web, API, binary, and cryptographic exploitation. Comfortable across reconnaissance, exploitation, privilege escalation, and post-exploitation on Windows and Linux targets.
Cryptanalysis of MD5
TU Dortmund
Researched MD5 collision methodologies and reimplemented a Stevens C++ attack in Python with documentation. Demonstrated practical MD5 collision construction to support migration away from MD5 toward stronger hashes.
Security Lab Summer 2025
Completed offensive security exercises including network topology mapping, Windows exploitation, and web/session attacks. Practiced privilege escalation via cryptographic weaknesses and gained RCE through memory corruption on 32-bit Linux.
Education
Degrees, certifications, and relevant coursework
RWTH Aachen
Master of Science in Computer Science, Computer Science
2024 -
Activities and societies: Relevant coursework includes Advanced Network Security, Industrial Network Security, and Advanced Internet Technology.
Master of Science student in Computer Science at RWTH Aachen, focusing on advanced network, industrial network, and internet security topics.
TU Dortmund University
Bachelor of Science in Computer Science, Computer Science
2019 - 2023
Activities and societies: Bachelor's thesis: Cryptanalysis of MD5—reimplemented collision methods (including Stevens) in Python and documented the approach.
Bachelor of Science in Computer Science at TU Dortmund University, including a thesis on cryptanalysis of MD5 collision methods.
Availability
Location
Authorized to work in
Job categories
Skills
Interested in hiring Rami?
You can contact Rami and 90k+ other talented remote workers on Himalayas.
Message RamiGet matched with your dream remote job
Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!
