Affiliation

  • Department of Information Science, Faculty of Science, the University of Tokyo (as an undergraduate)
  • Flatt Security, Inc.
  • SECCON Beginners
  • Security Camp Steering Comittee 企画グループ・講師育成グループ
  • dodododo, shibad0gs, and TSG (CTF team)

Interests

  • Exploitation of Web applications
  • Application of side-channel attacks on Web

Links


Activities

2020

CVE

I got a CVE: CVE-2020-6400 (Inappropriate implementation in CORS in Google Chrome).

UEC WEBSYS (電気通信大学 ウェブシステムデザインプログラム)

I will give an introduction course on web security. I'd appreciate if you applied to the course!

OWASP Kansai - 体系的に学ぶモダン Web セキュリティ @ 京都 (Learning Modern Web Security @ Kyoto)

I will give an 8-hour course on latest security features implemented on Web browsers and advanced exploitation techniques for modern web applications.

OWASP Night 2020/02 (by OWASP Japan)

I talked about issues related to ReDoS and show a new attack vector. Slides: here.

Coming soon ...

2019

UEC WEBSYS (電気通信大学 ウェブシステムデザインプログラム)

I talked about classical web vulnerablities (e.g. SQL Injection, XSS, ...) and gave an introduction to authZ and authN.

SECCON CTF 2019 Finals (Domestic)

We dodododo won the 1st.

IPA ワークショップ (体系的に学ぶモダン Web セキュリティ / Learning Modern Web Security)

I did an eight-hour workshop on web security in collaboration with Information-technology Promotion Agency.

#websecjp: 体系的に学ぶモダン Web セキュリティ (Learning Modern Web Security)

I did an eight-hour workshop on web security at National Institute of Information and Communications Technology (NICT) Innovation Center.

数学ガールの秘密ノート/学ぶための対話 by Hiroshi Yuki

I participated in the review. I recommend you buy :-)

CODEBLUE CTF 2019

I created a Web challenge named "Snippet".

Security Mini Camp 2019 in Yamanagata, Yamanashi, Hokkaido

I participated as a staff. In Yamanashi, I talked about Security Camp (at 『セキュリティ・キャンプ紹介』).

SECCON Beginners 2019 Hokkaido, Tokyo, Fukuoka (, and Kanazawa)

I organized those events.

JNSA e-zine ("BlackHat USA 2019 参加記")

I contributed an article to JNSA (Japan Network Security Association) e-zine. Here is the link of the article.

Packet Hacking Village of DEFCON 2019

I participated as a volunteer. It was a great experience :-)

Security Camp 2019

I gave attendees a four-hour presentation named "体系的に学ぶモダン Web セキュリティ" (Learn Modern Web Security Systematically). Slides: here.

数学ガールの秘密ノート/ビットとバイナリー by Hiroshi Yuki

I participated in the review. This book is really amazing :-)

SECCON Beginners CTF 2019 (Online)

I organized the event. It was held at 2019/05/25 - 2019/05/26. I provided three challs: Ramen, Secure Meyasubako, and Himitsu.

Shibuya.XSS techtalk #11

I talked on modern Web exploitation including XS-Leaks and advanced CSS Injection. Slides: here.

TSG CTF 2019 (Online)

It was held at 2019/05/04 - 2019/05/05. I provided two challs: RECON and BADNONCE. Result: here.

2018

CVE

I got a CVE: CVE-2018-16205 (XSS in Growi, a open-source wiki software).

IBM Research - Tokyo

As a student researcher.

UEC WEBSYS (電気通信大学 ウェブシステムデザインプログラム)

I talked about web security (introduction level).

Security Mini Camp 2018 in Tokushima, Hyogo, Yamanashi, Mie, Hokkaido, and Fukuoka / Security Junior Camp 2018 in Kochi / Security Camp 2018

I participated in them as a staff.

SECCON CTF 2018 Finals (Domestic)

We dodododo won the 1st.

SECCON Beginners 2018 Hiroshima, (Tokyo,) and Nagoya

I participated in them as one of organizers. Thank you all :-)

数学ガールの秘密ノート/行列が描くもの by Hiroshi Yuki

I participated in the review.

CODEBLUE CTF 2018 Quals

We TSG got 4th place :-)

SECCON Beginners CTF 2018

I made some Web challenges for beginners.

Security Mini Camp 2018 in Okayama

I provided a introduction course on eb security. Slides: here.

第 14, 15, 19, 22 回 ゼロから始めるセキュリティ入門 勉強会

As a speaker. Slides: 14th, 15th, 19th, and 22th

第21 回 セキュリティさくら (Security Sakura, a Japanese seminar on security)

I talked on the complexity of web security. Slides: here.

数学ガール/ポアンカレ予想 by Hiroshi Yuki

I participated in the review. I had been looking forward to the day when this book was published because it had been a while since previous book (No. 5) was published X-)

SECCON 2017 Finals (International)

As a member of dodododo. We won the 3rd.

2017

SECCON 2017 Online CTF

We dodododo won the 11th.

SECCON Beginners 2017 Morioka, Nagoya, Hiroshima, Sendai, Tokyo, and Kagoshima

I provided the introduction course on solving Web challs at CTFs.

SANS Netwars Tokyo 2017

I participated in it as a member of Whitepapers. We got the 7th prize of 25 teams.

セキュリティコンテストのためのCTF問題集

I participated in the review a little.

数学ガールの秘密ノート/積分を見つめて

I participated in the review. I highly recommend this series not only to all mathematics lovers but also to all people.

From 2014 to 2016

I was a high school student and made a lot of efforts for improving my handball skill :-) I made some small contribution to 数学ガール(Math Girl) as a reviewer. I love this series X-)

2013

SECCON 2013

As a member of dodododo.

SECCON 2013 Hokkaido

As a member of the team dodododo, and we won the first. (Here)

OSC Hokkaido 2013 #osc13do

As a speaker of 「北海道で輝く人々 2013秋」

Security Camp Forum 2013

As a speaker.

2012

Security Camp 2012

As a participant.


Presentations

2019 年度 CPU 実験 余興: Linux が動く RISC-V CPU を作る

2019 年度 CPU 実験 余興: Linux が動く RISC-V CPU を作る (Japanese, 日本語)

Revisiting ReDoS: A Rough Idea of Data Exfiltration by ReDoS and Side-channel Techniques

Revisiting ReDoS: A Rough Idea of Data Exfiltration by ReDoS and Side-channel Techniques (English)

体系的に学ぶモダン Web セキュリティ (#seccamp 全国大会 2019 B5)

体系的に学ぶモダン Web セキュリティ (#seccamp 全国大会 2019 B5) (Japanese, 日本語)

Gimme a bit! - Exploring Attacks in the Post-XSS World

"Gimme a bit!" - Exploring Attacks in the "Post-XSS" World (English)

あなたの履歴を狙う攻撃たち / Eyes on Your Browsing History

あなたの履歴を狙う攻撃たち / Eyes on Your Browsing History (Japanese, 日本語)

Web セキュリティ入門 - 攻撃者の狙いを先読みする

Web セキュリティ入門 - 攻撃者の狙いを先読みする (Japanese, 日本語)

CSS Injection ++ - 既存手法の概観と対策

CSS Injection ++ - 既存手法の概観と対策 (Japanese, 日本語)

Tangled World of Web Technology

Tangled World of Web Technology ― Are we safe? (English)

XSS in the era of *.js

XSS in the era of *.js - JS ライブラリ時代の XSS (ゼロから始めるセキュリティ入門 勉強会 #14) (Japanese, 日本語)

CSP_akiba

Introduction: Content Security Policy (ゼロから始めるセキュリティ入門 勉強会 #14) (Japanese, 日本語)


Recent Articles