Hey, I’m Thomas 👋

I’m currently working as a Vulnerability Researcher for Sonar, helping millions of developers to write safer code.

I’ve been in the offensive security field for a few years now, first with Synacktiv and now doing full-time research to improve Sonar products. It led me to uncover bugs across all kind of software—I have a particular affection for some of these recent findings:

I tend to be very open about my work—whenever possible—by publishing articles on my employers’ blogs and giving presentations at DEF CON, Hexacon, TyphoonCon, Insomni’hack, GreHack, etc.

I’m also fond of lower-level security sometimes, with hands-on experience orchestrating fuzzing campaigns and corrupting memory that shouldn’t.

You can find me tootin’ on Mastodon at @swapgs@infosec.exchange, and idling on Libera Chat with ~swapgs.

See you around!