Hacker at heart and as a Research Engineer at Tenable, I bring my passion for cybersecurity to my work every day. With a background in bugbounty, I have a unique perspective on how to identify and remediate potential threats to systems. I have contributed to several projects, including the development of new open source tools, scripts or the discovery of vulnerabilities.
I am a self-taught who is constantly seeking out new opportunities to grow and develop my skills. Whether it’s through training or hands-on experience, I have a drive to stay ahead of the curve in my field. With my combination of technical aptitude and passion for the industry.
I will continue to work on exciting projects and pursue new challenges, always with a commitment to the field that will only continue to grow. Whether I am working on open source tools, participating in bugbounties, or simply sharing my knowledge with others.
Tenable, Inc. is a cybersecurity company based in Columbia, Maryland. It is known as the creator of the vulnerability scanning software Nessus.
Consulting firm in digital transformation and information systems security.
Libricks analyses and contributes to the main Free (Open Source) IT projects.
Sept 2015 - Sept 2017, Laval
Training center for young people in various trades such as food service
Subdomain enumeration tool with results organized by vHost rather than by URL
Simple ruby script/library to extract bugbounty scopes
Simple Ruby library to filter out duplicate or uninteresting URls
Simple Ruby library to manage Scaleway servers
Ruby Library to use ProjectDiscovery Interactsh in pure Ruby
API built with Ruby On Rails for recognition management and focus on subdomain discovery. Enables efficient, fast and task-distributed subdomain discovery with distributed tasks in the cloud.
Search (offline) if your password (NTLM or SHA1 format) has been leaked (HIBP passwords list)
Converted the text list to binary to save space
Simple shell script for automated domain recognition with some tools (Archived)
Simple vulnerable site, created by a beginner for beginners. This vulnerable site covers several vulnerabilities some from real bugbounty cases encountered in bugbounty.
Facilitate the management of your reports as well as collaborative work by providing a web-based solution.
Modern applications have more and more tendencies to process data from user-supplied inputs, directly or indirectly. A side effect of this data processing opens the door for attackers to exploit XML External Entity, a complex vulnerability with many vectors.
Modern web applications are designed with different services — like internal and external application programming interfaces (APIs), microservices and databases — that communicate and share data with each other. These web applications provide end users with convenient features, such as loading external content.
Blog Post for bug hunters that explains my methodology to learn new things with a concrete case with the “Mass Assignment” vulnerability
Blog Post that presents the methodology I used during an event to detect almost all bugs without using any particular tool
|
|
Jan 2023
Unauthenticated Cross-Site-Scripting on WP Helper Lite |
|
|
|
Jan 2023
Unauthenticated Cross-Site-Scripting on Login with Phone Number |
|
|
|
Jan 2023
Unauthenticated Cross-Site-Scripting on Quick Event Manager |
|
|
|
Jan 2023
Authenticated SQL Injection on Survey Maker |
|
|
|
Jan 2023
Unauthenticated SQL Injection on Easy Digital Downloads |
|
|
|
Jan 2023
Unauthenticated SQL Injection on Paid Memberships Pro |
|
|
|
Sept 2022
Open Redirect on RStudio Connect |
|
|
|
May 2022
Unauthenticated SQL Injection on Metasonic Doc WebClient |
|
|
|
Multiple vulnerabilities in the Galette project including SQL Injection as well as multiple stored XSS & CSRF |
|
|
|
Aug 2020
Multiple vulnerabilities including several CSRF and an RCE reported on the uSVN project in collaboration with Serizao |
|
|
|
Jul 2020
Information exposure in the upload directory on PrestaShop |
|
|
|
Jan 2020
Top 3 in duo with Reptou during a live event. |
