Baptiste Crépin is a security expert with a decade of hands-on experience in offensive security, Active Directory, and Azure cloud technologies, currently leading security work at CravateRouge Ltd. He has a strong red team and pentesting background from AXA and freelance engagements, paired with formal training experience in secure development. Baptiste is an active open-source contributor and the author/contributor to bloodyAD, an Active Directory privilege escalation framework he presented at Black Hat Las Vegas 2022, and has contributed CORS scanning improvements to the widely used ZAP extensions. His profile blends offensive tooling development, cloud/AD exploitation techniques (including Shadow Credentials and RBCD), and practical defensive insights gained from large-scale engagements. Based in China and academically grounded with a master's from Université Paris-Saclay, he also teaches and builds community tools that bridge research and real-world security practice.
10 years of coding experience
1 year of employment as a software developer
Master's degree Computer and Information Systems Security/Information Assurance, Master's degree Computer and Information Systems Security/Information Assurance at Université Paris-Saclay
BloodyAD is an Active Directory Privilege Escalation Framework
Role in this project:
Back-end Developer & Security Engineer
Contributions:10 releases, 2 reviews, 107 commits in 1 year 3 months
Contributions summary:Baptiste primarily contributed to the core functionality of the Active Directory Privilege Escalation Framework. Their work involved implementing new techniques such as Shadow Credentials and adding functionalities like password changing and resource-based constraint delegation (RBCD). The user also focused on code reorganization, adding documentation, and improving the framework's overall capabilities.
Contributions:6 reviews, 16 commits, 1 PR in 2 months
Contributions summary:Baptiste contributed to the `zap-extensions` repository by implementing and improving security scan rules related to Cross-Origin Resource Sharing (CORS). They added a new CORS active scan rule to identify misconfigurations and vulnerabilities. Furthermore, they incorporated code improvements based on peer review and added a unit test for the CORS scan rule, demonstrating a focus on both functionality and code quality. The user also updated and corrected documentation related to the CORS rule.
owasp-zapsecurity-toolsadd-onssecuritydast
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Baptiste Crépin - Security Expert at CravateRouge Ltd