I'm currently working as a Pentester at a French company and spend a lot of my free time on Web Security Research (I'm part of the @ctbbpodcast research lab). I play CTFs mainly with two teams: @FlatNetworkOrg and @Rhackgondins π¦¦
I was also a member of the @ECSC_TeamFrance in 2023 π«π·.
I try to share as much as I can about what I learn on my blog (https://mizu.re/), covering CTF writeups, research projects, and more.
I'm made several conferences for student (ESNA, ESAIP), as well as at other events such as:
- π«π· [STUD] Ambrosia (2025): ASIS Finals 2025 Timezones Converter Writeup \w @_Worty (slides).
- π¬π§ GreHack (2024): Playing with HTML parsing to bypass DOMPurify on default configuration (slides | paper).
- π«π· SSTIC (2023): Abusing Client-Side Desync on Werkzeug to perform XSS on default configurations (slides | paper).
- π«π· [STUD] Root-Me (2023): You found an XSS? Alright! But, what's next?
- π«π· [STUD] ESAIP Cyber & Root-Me (2022): Electron Security | CVE-2022-3133 (slides)
- π«π· [STUD] ESAIP Cyber (2022): Is it possible to bypass an HTML sanitizer?
I also love coding, mostly in javascript and python. My favorite and main project is DOMLogger++ which aims to automate the detection of client-side web vulnerabilty (it could has well be used by devs to debbug their app :D).