Cybersecurity student at École 2600, learning across systems & low-level security, application/web security, and smart-contract auditing — mostly by building things end to end: model it, build it, test it, and stay honest about where it breaks. Also a railway nerd, which is where a few of these projects come from.
- metroflow — discrete-event metro & rail simulator (Python/SimPy): CBTC signalling, stochastic incidents, and reserve-train dispatch by heuristic and MILP, benchmarked on 14 real GTFS lines (Paris RER → Hong Kong) with Monte-Carlo validation. Documents where predictive dispatch stops helping.
- aizen — offline-first local-AI toolkit in Go: a RAG knowledge-index over your own docs on local models (Ollama), fully air-gapped — no cloud, no API keys.
- my-secmalloc — security-hardened drop-in
mallocin C: per-block canaries + isolated out-of-band metadata to catch heap overflows and use-after-free. - bug-bounty-toolkit — reproducible recon + blue-team lab: curated tool install, recon scripts and a defensive/hardening workflow.
- web3-audit-findings — smart-contract findings with runnable Foundry PoCs from competitive audit practice (Slither · Mythril · Foundry).
- pareido-guard — deterministic pareidolia scanner: flags face-like patterns in images with pure OpenCV, no ML/API, fully explainable.
- Systems / low-level (C, Linux) — memory-safety hardening and heap internals (see
my-secmalloc). - Application & web security — web pentesting (IDOR, auth, business logic), bug bounty, CI/CD (GitHub Actions) hardening.
- Smart contracts (Solidity / EVM) — competitive-contest auditing: reentrancy, access control, signature/replay, business-logic bugs.
Cybersecurity governance — identity & access management (IAM / SailPoint IdentityIQ), identity governance and compliance.
Bug bounty (web) on YesWeHack.
Railways & transit — signalling, operations and simulation. metroflow came
straight out of that: modelling real metro/rail lines and testing how they cope
with rush-hour demand and incidents.
Railways & transit systems · post-quantum cryptography · decentralized & mesh networking, off-grid comms · drones / UAV & satellite imagery · local / privacy-preserving LLMs & AI agents · reverse engineering · hardware / IoT.