Affiliation

  • Department of Information Science, Faculty of Science, the University of Tokyo (as an undergraduate)
  • SECCON Beginners
  • Security Camp Steering Comittee 企画グループ/講師グループ
  • dodododo and TSG (CTF team)

Interests

  • Exploitation of Web applications
  • Application of side-channel attacks on Web

Links


Activities

2020

UEC WEBSYS (電気通信大学 ウェブシステムデザインプログラム)

I will give an introduction course on web security. I'd appreciate if you applied to the course!

OWASP Kansai - 体系的に学ぶモダン Web セキュリティ @ 京都 (Learning Modern Web Security @ Kyoto)

I will give an 8-hour course on latest security features implemented on Web browsers and advanced exploitation techniques for modern web applications.

OWASP Night 2020/02 (by OWASP Japan)

I will talk about issues related to ReDoS and show an attack vector that is new, to the best of my knowledge.

2019

UEC WEBSYS (電気通信大学 ウェブシステムデザインプログラム)

I talked about classical web vulnerablities (e.g. SQL Injection, XSS, ...) and gave an introduction to authZ and authN.

SECCON CTF 2019 Finals (Domestic)

We dodododo won the 1st.

#websecjp: 体系的に学ぶモダン Web セキュリティ (Learning Modern Web Security)

I did an eight-hour workshop on web security in collaboration with Information-technology Promotion Agency.

#websecjp: 体系的に学ぶモダン Web セキュリティ (Learning Modern Web Security)

I did an eight-hour workshop on web security at National Institute of Information and Communications Technology (NICT) Innovation Center.

数学ガールの秘密ノート/学ぶための対話 by Hiroshi Yuki

I participated in the review. I recommend you buy :-)

CODEBLUE CTF 2019

I created a Web challenge named "Snippet".

Security Mini Camp 2019 in Yamanagata, Yamanashi, Hokkaido

I participated as a staff. In Yamanashi, I talked about Security Camp (at 『セキュリティ・キャンプ紹介』).

SECCON Beginners 2019 Hokkaido, Tokyo, Fukuoka (, and Kanazawa)

I organized those events.

Packet Hacking Village of DEFCON 2019

I participated as a volunteer. It was a great experience :-)

Security Camp 2019

I gave attendees a four-hour presentation named "体系的に学ぶモダン Web セキュリティ" (Learn Modern Web Security Systematically). Slides: here.

数学ガールの秘密ノート/ビットとバイナリー by Hiroshi Yuki

I participated in the review. This book is really amazing :-)

SECCON Beginners CTF 2019 (Online)

I organized the event. It was held at 2019/05/25 - 2019/05/26. I provided three challs: Ramen, Secure Meyasubako, and Himitsu.

Shibuya.XSS techtalk #11

I talked on modern Web exploitation including XS-Leaks and advanced CSS Injection. Slides: here.

TSG CTF 2019 (Online)

It was held at 2019/05/04 - 2019/05/05. I provided two challs: RECON and BADNONCE. Result: here.

2018

IBM Research - Tokyo

As a student researcher.

UEC WEBSYS (電気通信大学 ウェブシステムデザインプログラム)

I talked about web security (introduction level).

Security Mini Camp 2018 in Tokushima, Hyogo, Yamanashi, Mie, Hokkaido, and Fukuoka / Security Junior Camp 2018 in Kochi / Security Camp 2018

I participated in them as a staff.

SECCON CTF 2018 Finals (Domestic)

We dodododo won the 1st.

SECCON Beginners 2018 Hiroshima, (Tokyo,) and Nagoya

I participated in them as one of organizers. Thank you all :-)

数学ガールの秘密ノート/行列が描くもの by Hiroshi Yuki

I participated in the review.

CODEBLUE CTF 2018 Quals

We TSG got 4th place :-)

SECCON Beginners CTF 2018

I made some Web challenges for beginners.

Security Mini Camp 2018 in Okayama

I provided a introduction course on eb security. Slides: here.

第 14, 15, 19, 22 回 ゼロから始めるセキュリティ入門 勉強会

As a speaker. Slides: 14th, 15th, 19th, and 22th

第21 回 セキュリティさくら (Security Sakura, a Japanese seminar on security)

I talked on the complexity of web security. Slides: here.

数学ガール/ポアンカレ予想 by Hiroshi Yuki

I participated in the review. I had been looking forward to the day when this book was published because it had been a while since previous book (No. 5) was published X-)

SECCON 2017 Finals (International)

As a member of dodododo. We won the 3rd.

2017

SECCON 2017 Online CTF

We dodododo won the 11th.

SECCON Beginners 2017 Morioka, Nagoya, Hiroshima, Sendai, Tokyo, and Kagoshima

I provided the introduction course on solving Web challs at CTFs.

SANS Netwars Tokyo 2017

I participated in it as a member of Whitepapers. We got the 7th prize of 25 teams.

セキュリティコンテストのためのCTF問題集

I participated in the review a little.

数学ガールの秘密ノート/積分を見つめて

I participated in the review. I highly recommend this series not only to all mathematics lovers but also to all people.

From 2014 to 2016

I was a high school student and made a lot of efforts for improving my handball skill :-) I made some small contribution to 数学ガール(Math Girl) as a reviewer. I love this series X-)

2013

SECCON 2013

As a member of dodododo.

SECCON 2013 Hokkaido

As a member of the team dodododo, and we won the first. (Here)

OSC Hokkaido 2013 #osc13do

As a speaker of 「北海道で輝く人々 2013秋」

Security Camp Forum 2013

As a speaker.

2012

Security Camp 2012

As a participant.


Presentations

体系的に学ぶモダン Web セキュリティ (#seccamp 全国大会 2019 B5)

体系的に学ぶモダン Web セキュリティ (#seccamp 全国大会 2019 B5) (Japanese, 日本語)

Gimme a bit! - Exploring Attacks in the Post-XSS World

"Gimme a bit!" - Exploring Attacks in the "Post-XSS" World (English)

あなたの履歴を狙う攻撃たち / Eyes on Your Browsing History

あなたの履歴を狙う攻撃たち / Eyes on Your Browsing History (Japanese, 日本語)

Web セキュリティ入門 - 攻撃者の狙いを先読みする

Web セキュリティ入門 - 攻撃者の狙いを先読みする (Japanese, 日本語)

CSS Injection ++ - 既存手法の概観と対策

CSS Injection ++ - 既存手法の概観と対策 (Japanese, 日本語)

Tangled World of Web Technology

Tangled World of Web Technology ― Are we safe? (English)

XSS in the era of *.js

XSS in the era of *.js - JS ライブラリ時代の XSS (ゼロから始めるセキュリティ入門 勉強会 #14) (Japanese, 日本語)

CSP_akiba

Introduction: Content Security Policy (ゼロから始めるセキュリティ入門 勉強会 #14) (Japanese, 日本語)


Recent Articles