Web developer & security researcher
Web Developer with 8 years of experience. Currently exploring cybersecurity through vulnerability research, CTF competitions, and open-source security tools.
Projects
- oss-oopssec-store
Security training for the apps you actually ship. Open your browser and start hacking.
- cyber-bot
Threat intelligence platform: RSS aggregation, NVD CVE tracking, ENISA EUVD, databreaches, ...
- hate-crimes-map
This project aims to visualize hate crime data to bring visibility to crimes that are often invisible or normalized by society.
- crack-hash
A fast, multi-threaded hash cracking tool written in Rust. This tool performs dictionary attacks against hashed passwords.
- awesome-pentest-tools
Open-source offensive security tools, plus a vendor-agnostic AI agent that runs authorized pentest engagements using only tools from this list.
CVEs reported
Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch() server-side, and returns the full response body. An unauthenticated attacker can use this to make HTTP requests from the server to internal services, cloud metadata endpoints, or private network resources. This issue has been fixed in version 0.5.5. To workaround this issue, block or restrict access to /api/download/attatchment at the reverse proxy level (nginx, Cloudflare, etc.).
Public PoCs
- CVE-2026-32255
This repository contains a proof of concept (POC) for CVE-2026-32255, a high-severity Server-Side Request Forgery (SSRF) vulnerability in Kan, an open-source project management tool.
- CVE-2025-55182
This repository contains a POC of CVE-2025-55182, a critical (CVSS score 10.0) pre-authentication remote code execution vulnerability affecting React Server Components, also known as React2Shell.
- CVE-2025-29927
This repository contains a POC and an exploit script for CVE-2025-29927, a critical vulnerability in Next.js that allows attackers to bypass authorization checks implemented in middleware.
Open-source contributions
- qazbnm456/awesome-web-security
🐶 A curated list of Web Security materials and resources.
- kanbn/kan
The open source Trello alternative.
- beelzebub-labs/beelzebub
A secure low code deception runtime framework, leveraging AI for System Virtualization.
- OWASP/www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
- OWASP/www-project-vulnerable-web-applications-directory
The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
Writing
Tools & technologies
- Programming Languages
- JavaScript, TypeScript, Python, PHP, Ruby
- Web Frameworks
- React, Next.js, Node.js, FastAPI, Ruby on Rails, Symfony, Hapi.js
- Security
- Vulnerability Research, CVE Analysis, CTF Challenges, Web Application Security
- DevOps & Tools
- Git, CI/CD, Docker, Linux, Shell Scripting
Experience
- Full-Stack Web DeveloperHardloop
- Built and maintained the e-commerce platform and internal business tools
- Helped drive a year-long ERP migration with zero-downtime deployment strategies
- Set up CI/CD pipelines and deployment automation
- Applied security best practices across the software development lifecycle
- Web Development MentorOpenClassrooms
- Mentor students through web development projects, teaching professional best practices
- Conduct code reviews and provide architectural guidance
Education
- Professional TitleWeb Development
IESA Multimedia
Full-stack web development and software architecture.
- Master 1Social Law
Jean Moulin Lyon 3 University
Graduated with honors. Legal foundation relevant to compliance and incident response.
- Bachelor's DegreeLaw
Jean Moulin Lyon 3 University
Certificate archive
123 indexed
- Build your cybersecurity audit and control strategyJun 2026
- Carry out a web penetration testMay 2026
- Introduction to DevSecOps: Culture and MethodologyMay 2026
- Dive Into the World of Cyber Incident Detection and ResponseApr 2026
- Protect your Connected Digital Systems by Following the 12 Best Practices from ANSSIApr 2026
- Analyze and Manage IT RisksMar 2026
- Everything You Need to Know About Computer Networks in Just a Few HoursFeb 2026
- Secure your Data with CryptographyFeb 2026
- Raise Cybersecurity Awareness EffectivelyFeb 2026
- Secure your Network with VPNs and FirewallsFeb 2026
- Conduct Your Cybersecurity MonitoringFeb 2026
- Discover the Basics of Digital SecurityFeb 2026
- Discover the World of CybersecurityFeb 2026
- Try Hack Me - Advent of Cyber 2025Dec 2025
- Try Hack Me - Security EngineerSep 2025