Customers

Courses

Over the years, I’ve had the privilege of training teams from startups to large enterprises across various sectors - including tech, finance, e-commerce, and public institutions. My courses have helped developers, sysadmins, and security teams level up their skills in web security, scripting, and secure development practices.

Boursorama ONERA Tenacy Thom Group Université Aix Marseille JetPulp Mazarine FCN Saint-Gobain Sénat CSTB Hôpitaux Universitaires de Strasbourg Eurodecision Phenix Aviation actimage sagemcom Show You

Bug Bounty

Since 2016, I’ve been hunting bugs across some of the world’s biggest platforms - uncovering vulnerabilities, writing tools, and helping companies strengthen their security. From misconfigurations to critical exploits, I’ve reported hundreds of issues, learned from the best, and shared my knowledge with the community. Here are some companies I have been working with and some findings.

EDF: massive subdomain takeovers, read the article
Decathlon: several subdomain takeovers, cloud secrets leak
Société du grand Paris: subdomain takeovers
Banque Populaire: subdomain takeover
Caisse d’Epargne: remote command execution
Atea ASA: subdomain takeovers
Payfit: numerous XSS, companies data leak, local file disclosure, full AWS account takeover, read the article
BlaBlaCar: AWS buckets takeovers, production website alteration, customers PII leak
Ikea: subdomain takeover
Adobe: subdomain takeover
BMW group: numerous XSS
PornHub / YouPorn / RedTube: numerous XSS, CSRF
Upwork: several XSS
Monday: AWS bucket takeovers, production website alteration
Deliveroo: customers PII leak
CamSoda: XSS, customers data leak, local file disclosure
Chaturbate: numerous XSS
Zillow group: dozen of XSS, AWS bucket takeovers, SQL injections, file upload, SSRF, RCE…
Swisscom: file upload, remote command execution
Uber: SQL injections
Yahoo: numeros XSS and IDOR + SSRF

and many more…