Florian Bidabé
Cyber Security Leader & Researcher
15+ years in IT and cybersecurity. Strategy & Innovation Lead at Commonwealth Bank. Bug bounty researcher with findings at GitHub, Microsoft, Atlassian, and Wiz. Founder of PhotonSec.
Expertise
What I Do
A decade of experience across the full security spectrum — from hands-on offensive work to strategic consulting.
Offensive Security
Penetration testing, red team operations, web application assessments, API security, and bug bounty research targeting major tech platforms.
Cloud Security
Azure and Microsoft 365 security architecture, Entra ID hardening, Conditional Access design, and cloud-native threat detection.
Infrastructure Hardening
Enterprise security baselines, network segmentation, endpoint hardening, and security automation for large-scale environments.
AI/LLM Security
Security assessment of AI/LLM systems, prompt injection research, OWASP LLM Top 10, and threat modelling for AI-integrated applications.
Security Tooling
Building open-source security tools, automation frameworks, and custom tooling for security workflows in Python, TypeScript, and PowerShell.
Consulting & Leadership
Security strategy, architecture advisory, technical leadership, and executive-level security guidance for organisations and security teams.
Responsible Disclosure
Bug Bounty Findings
Vulnerabilities responsibly disclosed to major technology companies.
Data Exposure
Identified a security flaw allowing unauthorised access to sensitive repository data, reported to GitHub Security.
Full write-up in Member ZoneAccess Control Bypass
Discovered a bypass mechanism in GitHub Copilot's access controls, enabling unauthorised feature access.
Full write-up in Member ZoneBusiness Logic Flaw
Found a business logic vulnerability allowing bypassing of Copilot subscription pricing controls.
Full write-up in Member ZoneOpen Source
Featured Projects
Security tools, AI/LLM tooling, and automation built in the open.
Scripts and methods to circumvent DNS, Proxy, Route, and PAC file restrictions on MacOS devices managed by MDM profiles. Includes DNS override using dnscrypt-proxy, proxy setting bypass, routing table modifications, and PAC file customizations. Intended for educational and personal use only
LiteLLM API key updater for macOS - automated validation, renewal, and Keychain management
Script to convert any video file (MP4, AVI, MOV, etc.) to an optimized GIF using FFmpeg. Simple, fast, and cross-platform
This repository contains scripts designed to manage and patch certificate stores on macOS systems. The primary function is to ensure that clients trust internal Certificate Authorities, making it easier to manage proxy and SSL trust issues.
GGUF model downloaded from docker
Knowledge Base
Latest Articles
Technical deep-dives on security, networking, AI/LLM, and tooling.
Deep Dive into Deep Packet Inspection
A comprehensive technical exploration of Deep Packet Inspection (DPI) — how it works, where it's deployed, how it intercepts TLS traffic, and what security professionals need to know about operating in DPI-inspected environments.
Web Debugging — A Practical Security Perspective
Effective web debugging techniques for security professionals — using browser DevTools, mitmproxy, Burp Suite, and custom scripts to intercept, inspect, and modify HTTP/HTTPS traffic.
Autonomous Coding Agents (IDE) — Home Use (Free)
Setting up free AI coding agents for home use — Claude Code, Roo Code, Copilot, and Codex — without enterprise proxy complexity. Configuration, model selection, and practical setup guide.
Work With Me
Need a Security Expert?
Whether you need a penetration test, cloud security review, security architecture guidance, or AI/LLM threat assessment — let's talk.