Hello! Bonjour! Xin chào! I am a research engineer at Montimage to contribute to various European research projects. Previously, I completed my PhD on fuzzing in the BINSEC group at CEA LIST. I’m a red teaming & offensive security enthusiast and a self-taught pentester/bug bounty hunter. I’m an Admin/Mod of unofficial InfoSec discord channels, such as PentesterAcademy (~1K members) and PwnTillDawn (~100 members), please join!

I’m always open for discussion or collaboration, via email or discord strongcourage#2551.

My redteam/pentesting certification path: OSCP (certified, 02/2021) -> CRTP (certified, 12/2021) -> CRTE (certified, 01/2022) -> PACES (certified, 05/2022) -> CRTO (ongoing, 2022) -> OSWE (2022).


May 22, 2022. I got the PACES certificate after passing a 48-hour practical exam on both advanced attack and defense of Active Directory with a detailed report
Feb 02, 2022. I’m thrilled to become a Synack Red Team member, hope I will find some cool bugs in the future
Jan 31, 2022. I joined the platform BugBountyHunter to learn, practice and start my bug bounty journey [my hunter profile]
Jan 07, 2022. I got the CRTE certificate after passing a 48-hour practical exam on advanced Active Directory with a detailed report
Dec 05, 2021. I got the CRTP certificate after passing a 24-hour practical exam on Active Directory with a detailed report
Nov 18 - 19, 2021. Participating in the cyber security conference Hack in Paris’21, France
Oct 17, 2021. I decided to share my writeups of 50+ machines on Offensive Security’s Proving Grounds (please send a request), strongly recommended for OSCP preparation
Sep 01, 2021. Our talk on parallel fuzzing in a dynamic and directed manner has been accepted to FuzzCon Europe’21
Aug 16, 2021. Our paper “Towards Systematic and Dynamic Task Allocation for Collaborative Parallel Fuzzing” has been accepted to ASE’21 NIER, Australia
Mar 30, 2021. I successfully defended my PhD thesis
Feb 06, 2021. Finally I got the OSCP certificate after passing a 24-hour practical exam with a detailed report
Feb 01, 2021. I start working at Montimage as a research engineer, France
Jan 01, 2021. My article has been published in the French magazine for IT security experts – MISC N° 113
Dec 16 - 18, 2020. Participating in RESSI’20 to present my doctoral work, France
Oct 25 - 30, 2020. Participating in REDOCS’20 to work with 4 other PhD students on Automatic Exploit Generation of Facebook, France [slides] [group photo with masks] [group photo without masks]
Aug 06, 2020. I’m happy to release our fuzzer UAFuzz and UAF Fuzzing Benchmark
May 27, 2020. Our paper on directed fuzzing for Use-After-Free bugs has been accepted to RAID’20, Spain
May 01, 2020. Our talk has been accepted to the first virtual Black Hat USA’20, US
Mar 01, 2020. I officially start my OSCP journey with PWK 2.0. Try Harder! [my blog] [my repo]
Nov, 2019 - Feb, 2020. I completed the 3-months course by rooting all 43/43 machines on the pentesting platform Virtual Hacking Labs [my blog]
Oct 02 - 04, 2018. Google Android NextGen patron of security researchers for participating in Virus Bulletin 2019, UK [my badge] [group photo]
Jun 20, 2018. I start writing blogs for fun :)
Sep 05 - 07, 2018. I serve as student volunteer at ASE’18, France [my badge]
Aug 27 - 31, 2018. I got a travel grant to participate in the summer school on security CISPA’18 to present my poster, Germany [my badge]
Jul 09 - 13, 2018. I got a travel grant to participate in the summer school on security ISSISP’18, Australia [my badge]
Jun 26 - 29, 2018. I attend DIMVA’18 and ESSoS’18, which took place at my lab CEA LIST, France [my badge]
Dec 14, 2017. Our paper on program repair using a reference implementation has been accepted to ICSE’18
Aug 03, 2017. Our paper on directed greybox fuzzing has been accepted to CCS’17
Feb 19 - 20, 2017. I participate in the workshop Fuzz Testing for Finding Vulnerabilities by SG-CRC’17, Singapore