Work Experience

Security Engineer at Flatt Security Inc.

  • Designing and developing training courses for developers and security professionals.
March, 2019 - PRESENT

Lecturer at Web System Design Program (WEBSYS)

  • WEBSYS is a certificate program provided by the University of Electro-Communications.
  • Conducting a class on cybersecurity.
November, 2018 - PRESENT

Part-time Security Engineer at IERAE Security Inc.

  • Did vulnerability testing of Web applications.
September, 2017 - April, 2019

Student Researcher at IBM Research - Tokyo

  • Mainly forcused on network security and applied a patent (mentioned below).
March, 2018 - Feburary, 2019

Education

Undergraduate Student, Department of Information Science, Faculty of Science, the University of Tokyo, Japan.

Currently studying as an undergraduate student on Computer Science.

April, 2017 - PRESENT

Other Activities

SECCON Beginners

  • SECCON Beginners is an non-profit organization that holds events for beginners of CTF.
  • Organizing some events in Japan as a leader.
April, 2017 - PRESENT

Security Camp Committee

  • Conducting some training courses on Web security.
  • Supporting other trainers technically and mentally.
April, 2018 - PRESENT

Publications

Webブラウザセキュリティ ― Webアプリケーションの安全性を支える仕組みを整理する

  • ISBN: 978-4-908686-10-8
  • See this page for further information of this book.
2021, Lambda Note Ltd.

Comprehensive homographic string detection

2018, US Patent (under application)

Personal Projects & CVEs

Research on Blind Regular Expression Attack

2020

Development of RISC-V CPU on FPGA from scratch

2020

CVE-2020-6400

  • Found inappropriate implementation in CORS in Google Chrome.
  • Reference: cve.mitre.org
2020

CVE-2018-16205

2018

Awards / Achievements

SECCON CTF 2019 Finals (Domestic)

  • Won the 1st as team dodododo.
2019

SECCON CTF 2018 Finals (Domestic)

  • Won the 1st as team dodododo.
2018

SECCON CTF 2017 Finals (International)

  • Won the 3st as team dodododo.
2017

SECCON CTF 2013 Hokkaido

  • Won the 1st as team dodododo.
  • Reference: event page.
2013

Presentations

Here's a list of public presentation slides.

For further information, please see this page.

マクロな視点から捉える Web セキュリティ

マクロな視点から捉える Web セキュリティ (Japanese, 日本語)

Web クライアントサイドの攻防

Web クライアントサイドの攻防 (Japanese, 日本語)

正規表現とセキュリティ / Regular Expressions and Their Security-Related Aspects

正規表現とセキュリティ (Japanese, 日本語)

2019 年度 CPU 実験 余興: Linux が動く RISC-V CPU を作る

2019 年度 CPU 実験 余興: Linux が動く RISC-V CPU を作る (Japanese, 日本語)

Revisiting ReDoS: A Rough Idea of Data Exfiltration by ReDoS and Side-channel Techniques

Revisiting ReDoS: A Rough Idea of Data Exfiltration by ReDoS and Side-channel Techniques (English)

体系的に学ぶモダン Web セキュリティ (#seccamp 全国大会 2019 B5)

体系的に学ぶモダン Web セキュリティ (#seccamp 全国大会 2019 B5) (Japanese, 日本語)

Gimme a bit! - Exploring Attacks in the Post-XSS World

"Gimme a bit!" - Exploring Attacks in the "Post-XSS" World (English)

あなたの履歴を狙う攻撃たち / Eyes on Your Browsing History

あなたの履歴を狙う攻撃たち / Eyes on Your Browsing History (Japanese, 日本語)

Web セキュリティ入門 - 攻撃者の狙いを先読みする

Web セキュリティ入門 - 攻撃者の狙いを先読みする (Japanese, 日本語)

CSS Injection ++ - 既存手法の概観と対策

CSS Injection ++ - 既存手法の概観と対策 (Japanese, 日本語)

Tangled World of Web Technology

Tangled World of Web Technology ― Are we safe? (English)

XSS in the era of *.js

XSS in the era of *.js - JS ライブラリ時代の XSS (ゼロから始めるセキュリティ入門 勉強会 #14) (Japanese, 日本語)

CSP_akiba

Introduction: Content Security Policy (ゼロから始めるセキュリティ入門 勉強会 #14) (Japanese, 日本語)