shift-js.info

Maintained by Takashi Yoneuchi (@y0n3uchy, @lmt_swallow)

About Me

Name

  • Takashi Yoneuchi
  • lmt_swallow (つばめ)
  • y0n3uchy

Affiliation

  • Undergraduate student at the University of Tokyo
  • SECCON Beginners
  • Security Camp Steering Comittee 企画グループ/講師グループ

Interests

  • Web security, especially the exploitation on browsers' implementation flaws
  • Application of formal methods in the context of Web
  • CTF (currently I'm a member of TSG/dodododo)

Activities

2019

UEC WEBSYS (電気通信大学 ウェブシステムデザインプログラム)

I'm going to talk about Web security. Slides: (private)

Security Mini Camp 2019 in Yamanashi

I'm going to talk about Security Camp (『セキュリティ・キャンプ紹介』).

SECCON Beginners 2019 Hokkaido, Tokyo, Fukuoka (, and Kanazawa)

I'm going to organize the events.

Packet Hacking Village (DEFCON 2019)

I participated as a volunteer. It was a great experience :-)

Security Camp 2019

I gave attendees a 4-hour presentation named "体系的に学ぶモダン Web セキュリティ" (Learn Modern Web Security Systematically). Slides: here.

数学ガールの秘密ノート/ビットとバイナリー by Hiroshi Yuki

I participated in the review. This book is really amazing :-)

SECCON Beginners CTF 2019 (Online)

I organized the event. It was held at 2019/05/25 - 2019/05/26. I provided three challs: Ramen, Secure Meyasubako, and Himitsu.

Shibuya.XSS techtalk #11

I talked on modern Web exploitation including XS-Leaks and advanced CSS Injection. Slides: here.

TSG CTF 2019 (Online)

It was held at 2019/05/04 - 2019/05/05. I provided two challs: RECON and BADNONCE. Result: here.

2018

IBM Research - Tokyo

As a student researcher.

UEC WEBSYS (電気通信大学 ウェブシステムデザインプログラム)

I talked about Web security (introduction level). Slides: (private)

Security Mini Camp 2018 in Tokushima, Hyogo, Yamanashi, Mie, Hokkaido, and Fukuoka / Security Junior Camp 2018 in Kochi / Security Camp 2018

I participated in them as a staff.

SECCON 2018 Finals (Domestic)

We dodododo won the 1st.

SECCON Beginners 2018 Hiroshima, (Tokyo,) and Nagoya

I participated in them as one of organizers. Thank you all :-)

数学ガールの秘密ノート/行列が描くもの by Hiroshi Yuki

I participated in the review.

CODEBLUE CTF 2018 Quals

We TSG got 4th place :-)

SECCON Beginners CTF 2018

I made some Web challenges for beginners.

Security Mini Camp 2018 in Okayama

I provided a introduction course on Web security. Slides: here.

第 14, 15, 19, 22 回 ゼロから始めるセキュリティ入門 勉強会

As a speaker. Slides: 14th, 15th, 19th, and 22th

第21 回 セキュリティさくら (Security Sakura, a Japanese seminar on security)

I talked on the complexity of Web security. Slides: here.

数学ガール/ポアンカレ予想 by Hiroshi Yuki

I participated in the review. I had been looking forward to the day when this book was published because it had been a while since previous book (No. 5) was published X-)

SECCON 2017 Finals (International)

As a member of dodododo. We won the 3rd.

2017

SECCON 2017 Online CTF

We dodododo won the 11th.

SECCON Beginners 2017 Morioka, Nagoya, Hiroshima, Sendai, Tokyo, and Kagoshima

I provided the introduction course on solving Web challs at CTFs.

SANS Netwars Tokyo 2017

I participated in it as a member of Whitepapers. We got the 7th prize of 25 teams.

セキュリティコンテストのためのCTF問題集

I participated in the review a little.

数学ガールの秘密ノート/積分を見つめて

I participated in the review. I highly recommend this series not only to all mathematics lovers but also to all people.

From 2014 to 2016

I was a high school student and made a lot of efforts for improving my handball skill :-) I made some small contribution to 数学ガール(Math Girl) as a reviewer. I love this series X-)

2013

SECCON 2013

As a member of dodododo.

SECCON 2013 Hokkaido

As a member of the team dodododo, and we won the first. (Here)

OSC Hokkaido 2013 #osc13do

As a speaker.(Here)

Security Camp Forum 2013

As a speaker.

2012

Security Camp 2012

As a participant.

Recent Publications

体系的に学ぶモダン Web セキュリティ (#seccamp 全国大会 2019 B5)

体系的に学ぶモダン Web セキュリティ (#seccamp 全国大会 2019 B5) (Japanese, 日本語)

Gimme a bit! - Exploring Attacks in the Post-XSS World

"Gimme a bit!" - Exploring Attacks in the "Post-XSS" World (English)

あなたの履歴を狙う攻撃たち / Eyes on Your Browsing History

あなたの履歴を狙う攻撃たち / Eyes on Your Browsing History (Japanese, 日本語)

Web セキュリティ入門 - 攻撃者の狙いを先読みする

Web セキュリティ入門 - 攻撃者の狙いを先読みする (Japanese, 日本語)

CSS Injection ++ - 既存手法の概観と対策

CSS Injection ++ - 既存手法の概観と対策 (Japanese, 日本語)

Tangled World of Web Technology

Tangled World of Web Technology ― Are we safe? (English)

XSS in the era of *.js

XSS in the era of *.js - JS ライブラリ時代の XSS (ゼロから始めるセキュリティ入門 勉強会 #14) (Japanese, 日本語)

CSP_akiba

Introduction: Content Security Policy (ゼロから始めるセキュリティ入門 勉強会 #14) (Japanese, 日本語)

CSP

CSP: Content Security Policy - The History and the Future of CSP (English)

Recent Articles