Security Researcher & Systems Engineer

Paris, Île-de-France

mail  •  linkedin  •  blog

Security Researcher specializing in Apple systems, reverse engineering, and vulnerability analysis, focusing on macOS and iOS internals. Passionate about understanding how Apple’s security mechanisms work through hands-on experiments.

Languages & Tools: C · C++ · Objective-C · Swift · Rust · Node.js · TypeScript · LLDB · CMake · Instruments

Expertise: Reverse Engineering · macOS/iOS Internals · Security Research · Static Analysis · Open Source · Performance Optimization

My blog explores macOS and iOS internals through reverse engineering and security research, revealing how Apple’s core mechanisms operate through practical experiments. I write about:

• macOS and iOS internals
• Reverse engineering and static analysis
• Vulnerability research and tooling

Machore is a C library and CLI tool for analyzing macOS/iOS Mach-O binaries. It started as a small experiment while I was trying to understand how Mach-O works. It handles:

• Single-architecture and fat (universal) Mach-O binaries
• CPU architecture (x86, x86_64, ARM, ARM64)
• Binary types (dylib, executable, core dump, etc.)
• Dynamic libraries and strings with contextual metadata

Focused on improving static analysis and malware detection in JavaScript packages. Contributed:

• Suspicious command probe for detecting risky usage of spawn and exec
• Advancements to js-x-ray for JavaScript malware pattern analysis

Supporting iOS and Android development of Keet app by providing native abstractions and bindings.

• Exposed push notification capabilities to JavaScript
• Maintained bare-ffmpeg
• Built a diagnostic app for Android/iOS to ensure bare-runtime compatibility

Member of the Desktop Foundation team.

• Led macOS platform research and guided cross-platform design
• Wrapped native APIs (Objective-C, Linux, Win32) into a unified C++ layer
• Bridged C++ APIs to JavaScript using JavaScriptCore
• Ensured Node.js API compatibility (timers, process, console)

• Built Node.js bindings in C++ to enable HTTP/2 and HTTP/3
• Contributed to hybrid cross-platform framework development
• Member of Node.js Single Executable Working Group

• Reduced CI pipeline time by 55% (45 → 20 min)
• Improved Hot Module Replacement speed by 57% (35 → 15 sec)
• Enhanced ESLint performance via profiling and optimization

• Refactored legacy codebase to Fastify + TypeScript
• Added CI pipelines and test coverage
• Integrated QuickBooks API

• Maintained Jetlang DSL runtime and IDE
• Built static analysis service for dependency graphs
• Led quality guild strategy across teams

• Migrated React codebase to modern hooks
• Standardized API and WebSocket layer with Redux
• Refactored UI using presentational/container architecture

C++ library for unified API across JavaScript engines (JavaScriptCore, V8).

C++ framework for building cross-platform desktop apps with modular UI components.

• Member of Diagnostic & Single Executable WG
• Contributed to FS performance improvements

• French: Native
• English: Professional
• Arabic: Basic

Paris XII University — Master E-Business (AEI) — 2014 – 2016
Paris XII University — Licence Administration & International Exchange — 2011 – 2014
Lycée Le Corbusier — Baccalauréat Scientifique (Engineering Science) — 2005 – 2008