Gwendal Patat

Univ Rennes, CNRS, IRISA, SPICY.


Office F414


Rennes, France

I have been a PhD student since October 2020 under the supervision of Pierre-Alain FOUQUE and Mohamed SABT in the SPICY team (former EMSEC) at IRISA in Rennes, France.

The topic of my research is the security of cryptographic implementations within Trusted Execution Environment (TEE) especially ARM TrustZone-based ones in mobile devices. By using multiple reverse engineering techniques, my aim is to find cryptographic vulnerabilities to provide Proof-of-Concept exploits in order to make sure that they will be fixed in future implementations. Currently, I’m working on Digital Right Management (DRM) systems.

Before starting my PhD, I graduated from the University of Rennes 1’s Cybersecurity Master in 2019-2020.

I’m a member of IRISA’s Moral and Sexual Harassment Awareness commission since October 2020, as a representative of the doctoral students.

Putting aside computers, I am training my lockpicking skills by creating my own tools and trying to open all the locks/padlocks that I can find (don’t worry I purchase them first).


Mar 1, 2023 Rewarded by Mozilla Bug Bounty program.
Apr 2, 2021 Rewarded by Google BugHunter program.
Apr 2, 2021 Rewarded by Netflix Bug Bounty program. Related CVE and Android Security Bulletin have been published.


Apr 7, 2023 Enter the Mozilla Security Bug Bounty Program Hall of Fame.
Jul 21, 2021 Enter the Google Hall of Fame.
Apr 2, 2021 Netflix, Inc., BugHunter Hall of Fame.