Laurent Zoller is a Swiss aviation engineer and entrepreneur with 11 years leading SWISSKY, a firm delivering aircraft maintenance, ground handling and tailored relocation services across Switzerland and internationally. As a B1/B2 licensed aero engineer with an additional A319 family type rating, he combines hands-on aircraft inspection and maintenance project leadership with executive-level operations and relocation program management. Parallel to his aviation career, Laurent is an active security-minded developer and red-team operator, contributing substantial tooling for web and SSRF exploitation and hardening (notably enhancements to GraphQLmap, SSRFmap and payload libraries). His work blends practical avionics experience, an international professional network, and deep applied cybersecurity skills—an unusual cross-domain profile that aids risk-aware systems and operations. Currently seeking return-to-practice B1/B2 engineering roles, he brings both managerial acumen and proven technical craftsmanship to complex, safety-critical environments.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Role in this project:
Security Engineer
Contributions:3 releases, 930 commits, 600 PRs in 5 years 6 months
Contributions summary:Laurent's contributions primarily involve identifying and exploiting vulnerabilities in web applications. The commits demonstrate expertise in various attack vectors, including PHP code execution, SSRF, XSS, SQL injection, and deserialization flaws. They have developed and integrated exploit scripts targeting common vulnerabilities like CVE-2017-12617 (Tomcat), Drupalgeddon2 (CVE-2018-7600), and Weblogic (CVE-2018-2894). The user also contributed to a file inclusion attack and created various payloads demonstrating their proficiency in web application security.
Contributions:68 commits, 26 PRs, 75 pushes in 3 years 5 months
Contributions summary:Laurent primarily contributed to the development of modules within the `ssrfmap` tool, a tool designed for SSRF exploitation. They implemented new modules to exploit various services, including MySQL, Zabbix, SMTP, and Docker. Their work involved creating payloads to interact with these services, demonstrating a strong understanding of SSRF vulnerabilities and exploitation techniques across different protocols like Gopher and HTTP. Furthermore, the user also worked on improving the core functionality of the tool, including handling different data formats in requests.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.