Hi there 👋

I'm currently working as a Pentester at a French company and spend a lot of my free time on Web Security Research (I'm part of the @ctbbpodcast research lab). I play CTFs mainly with two teams: @FlatNetworkOrg and @Rhackgondins 🦦

I was also a member of the @ECSC_TeamFrance in 2023 🇫🇷.

I try to share as much as I can about what I learn on my blog (https://mizu.re/), covering CTF writeups, research projects, and more.

🎤 Conferences

I'm made several conferences for student (ESNA, ESAIP), as well as at other events such as:

• 🇫🇷 [STUD] Ambrosia (2025): ASIS Finals 2025 Timezones Converter Writeup \w @_Worty (slides).
• 🇬🇧 GreHack (2024): Playing with HTML parsing to bypass DOMPurify on default configuration (slides | paper).
• 🇫🇷 SSTIC (2023): Abusing Client-Side Desync on Werkzeug to perform XSS on default configurations (slides | paper).
• 🇫🇷 [STUD] Root-Me (2023): You found an XSS? Alright! But, what's next?
• 🇫🇷 [STUD] ESAIP Cyber & Root-Me (2022): Electron Security | CVE-2022-3133 (slides)
• 🇫🇷 [STUD] ESAIP Cyber (2022): Is it possible to bypass an HTML sanitizer?

💼 Projects

I also love coding, mostly in javascript and python. My favorite and main project is DOMLogger++ which aims to automate the detection of client-side web vulnerabilty (it could has well be used by devs to debbug their app :D).