Skip to main content
RF
Open to opportunities

Rami Ben Fredj

@ramibenfredj

Penetration tester and offensive security specialist securing networks, web APIs, and industrial systems.

Germany
Message

What I'm looking for

I’m looking for an offensive security role where I can own full end-to-end assessments on Windows AD and Linux—especially network, web, and API exploitation—bringing both attacker methodology and real .NET auth/SSO understanding to each engagement.

I’m a Computer Science M.Sc. student specializing in network and industrial security, with hands-on offensive security experience across network, web, API, binary, and cryptographic exploitation. I’m comfortable running the full assessment workflow—from reconnaissance and enumeration through exploitation, privilege escalation, and post-exploitation—on both Windows Active Directory and Linux targets.

Beyond testing, I’ve spent over two years building and securing production web applications and authentication systems in .NET, which gives me an attacker’s insight into how real-world APIs, SSO, and token flows are implemented and where they break. My work includes executing full Windows Active Directory compromise chains, developing deserialization- and injection-driven RCE paths, and conducting cryptanalysis research on MD5 collisions with practical, documented reimplementation.

Experience

Work history, roles, and key accomplishments

GR
Current

Working Student, Software Developer

Sep 2022 - Present (3 years 10 months)

Designed and integrated Okta single sign-on and bearer-token authorization across an ASP.NET API suite to implement access control and secure inter-service communication. Built and productionized multiple ASP.NET web applications and developed Logstash ingestion pipelines with automated testing coverage improvements.

Hack The Box logoHB
Current

Active Directory & Web Exploitation

Performed end-to-end Windows Active Directory compromise chains and web exploitation from initial access through privilege escalation and post-exploitation. Also implemented authenticated exploitation chains including deserialization and injection-based RCEs, token abuse, and credential attacks.

RL

Security Lab Summer 2025

Completed offensive security exercises including network topology mapping, Windows exploitation, and web/session attacks. Practiced privilege escalation via cryptographic weaknesses and gained RCE through memory corruption on 32-bit Linux.

Education

Degrees, certifications, and relevant coursework

RWTH Aachen logoRA

RWTH Aachen

Master of Science in Computer Science, Computer Science

2024 -

Activities and societies: Relevant coursework includes Advanced Network Security, Industrial Network Security, and Advanced Internet Technology.

Master of Science student in Computer Science at RWTH Aachen, focusing on advanced network, industrial network, and internet security topics.

TU Dortmund University logoTU

TU Dortmund University

Bachelor of Science in Computer Science, Computer Science

2019 - 2023

Activities and societies: Bachelor's thesis: Cryptanalysis of MD5—reimplemented collision methods (including Stevens) in Python and documented the approach.

Bachelor of Science in Computer Science at TU Dortmund University, including a thesis on cryptanalysis of MD5 collision methods.

Get matched with your dream remote job

Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan