My name is Enguerran Gillier and I’m an information security engineer.

I reported vulnerabilities to Google (in the 0x0A List), Facebook, WordPress, Uber, Paypal and many more. You can find me on Twitter, LinkedIn, HackerOne, BugCrowd and… in Paris.

My primary target is client-side web vulnerabilities. I try to hunt bugs my own way, looking deep in the client source code where current scanners are not efficient. I develop a Javascript taint-tracking tool for dynamic analysis of web applications in the browser.

In this blog I publish technical write-ups for some of my findings, hoping to help the developer and infosec community make the web a safer place!