LUCAS HANSON

Cyber Security Consultant and CTF player.

Experience

Cyber Security Consultant @ Cabinet Thierry MEYER Consultants

September 2025 - Present | Bordeaux, France

  • Conduct white-box, grey-box, and black-box penetration tests across client environments to identify and validate security weaknesses from initial assessment through exploitation.
  • Perform security reviews of web applications, APIs, exposed attack surfaces, and internally developed tools, then provide clear remediation guidance.
  • Lead R&D on offensive security techniques, test methods, and vulnerability discovery approaches that strengthen client assessments.
  • Design and develop internal tools, sometimes through carefully controlled vibe coding, to streamline reconnaissance, test workflows, and vulnerability reproduction.
  • Review code, assess threat models, and validate the security assumptions of internal tooling before it is used in client assessments.

InfoSec Lab Co-Lead (Volunteer) @ Bordeaux Ynov Campus

September 2024 - Present | Bordeaux, France

  • Lead a 40-student cybersecurity lab, manage day-to-day operations, and organize regular technical activities for the community.
  • Supervise student projects and mentor participants from web security fundamentals to hands-on offensive security practice.
  • Hosted a CSP workshop covering browser enforcement of Content Security Policy, key directive categories, source expressions, testing approaches, and common bypass patterns caused by weak allowlists or misconfiguration.
  • Hosted an SSRF workshop covering classic and blind SSRF scenarios, internal service abuse, cloud metadata exposure, and common bypass techniques such as redirects, alternate URL formats, DNS rebinding, and protocol pivots.
  • Hosted a bug bounty methodology workshop on reconnaissance and application analysis, with modules on subdomain discovery, technology identification, content discovery, feature-based assessment, and review of common web issues such as XSS, CSRF, SSRF, IDOR, and SQL injection.
  • Hosted an introductory web security workshop covering HTTP fundamentals, cookies, XSS, Burp Suite, browser developer tools, SQL injection basics, and hands-on exercises where students built then fixed vulnerable payloads.
  • Design, create, and organize the lab's yearly CTF.

Application Security Engineer @ DGFiP

September 2024 - September 2025 | Bordeaux, France

  • Performed secure code reviews and triaged findings as part of the Code Review team.
  • Conducted penetration tests on large-scale web and mobile applications.
  • Delivered application security training to development teams.
  • Built tailored tools to detect and exploit vulnerabilities within proprietary frameworks.

Cybersecurity Intern @ Knock Knock

June 2024 - July 2024 | Begles, France

  • Developed Python tools to automate penetration testing workflows.
  • Researched tools and techniques in penetration testing.
  • Conducted web application penetration tests.

Side Projects & Tooling

Sherleak

Browser-based XS-Leak comparison tool.

Project Harvester

Covert remote control tool for Linux systems, leveraging YouTube as a communication channel.

Education

Integrated Master's degree in Information Security

Bordeaux Ynov Campus | 2022 - 2027

CVEs