shift-js.info

Maintained by Takashi Yoneuchi (@y0n3uchy, @lmt_swallow)

About Me

Name

  • Takashi Yoneuchi
  • lmt_swallow (つばめ)
  • y0n3uchy

Affiliation

  • Undergraduate student at the University of Tokyo
  • SECCON Beginners
  • Security Camp Steering Comittee 企画グループ

Interests

  • Web security, especially the exploitation on browsers' implementation flaws
  • Application of formal methods in the context of Web
  • CTF (currently I'm a member of TSG/dodododo)

Activities

2019

UEC WEBSYS (電気通信大学 ウェブシステムデザインプログラム)

As a lecturer. Slides: (private)

Security Camp 2019

As a speaker. I will give attendees a 4-hour presentation named "体系的に学ぶモダン Web セキュリティ" (Learn Modern Web Security Systematically). Coming soon!

数学ガールの秘密ノート/ビットとバイナリー by Hiroshi Yuki

I participated in the review. This book is really amazing :-)

SECCON Beginners CTF 2019 (Online)

As a staff. It was held at 2019/05/25 - 2019/05/26. I provided three challs: Ramen, Secure Meyasubako, and Himitsu.

Shibuya.XSS techtalk #11

As a speaker. Slides: here.

TSG CTF 2019 (Online)

As a staff. It was held at 2019/05/04 - 2019/05/05. I provided two challs: RECON and BADNONCE. Result: here.

2018

IBM Research - Tokyo

As a student researcher.

UEC WEBSYS (電気通信大学 ウェブシステムデザインプログラム)

As a lecturer. Slides: (private)

Security Mini Camp 2018 in Tokushima, Hyogo, Yamanashi, Mie, Hokkaido, and Fukuoka / Security Junior Camp 2018 in Kochi / Security Camp 2018

As a staff.

SECCON 2018 Finals (Domestic)

As a member of dodododo. We won the 1st.

SECCON Beginners 2018 Hiroshima, (Tokyo,) and Nagoya

As a staff. Thank you all :-)

数学ガールの秘密ノート/行列が描くもの by Hiroshi Yuki

I participated in the review.

CODEBLUE CTF 2018 Quals

We TSG got 4th place :-)

SECCON Beginners CTF 2018

As a staff. I made some Web challenges for beginners.

Security Mini Camp 2018 in Okayama

As a speaker. Slides: here.

第 14, 15, 19, 22 回 ゼロから始めるセキュリティ入門 勉強会

As a speaker. Slides: 14th, 15th, 19th, and 22th

第21 回 セキュリティさくら (Security Sakura, a Japanese seminar on security)

As a speaker. Slides: here.

数学ガール/ポアンカレ予想 by Hiroshi Yuki

I participated in the review. I had been looking forward to the day when this book was published because it had been a while since previous book (No. 5) was published X-)

SECCON 2017 Finals (International)

As a member of dodododo. We won the 3rd.

2017

SECCON 2017 Online CTF

As a member of dodododo. We won the 11th.

SECCON Beginners 2017 Morioka, Nagoya, Hiroshima, Sendai, Tokyo, and Kagoshima

As a speaker.

SANS Netwars Tokyo 2017

As a participant and a member of Whitepapers. We got the 7th prize of 25 teams.

セキュリティコンテストのためのCTF問題集

I participated in the review a little.

数学ガールの秘密ノート/積分を見つめて

I participated in the review. I highly recommend this series not only to all mathematics lovers but also to all people.

From 2014 to 2016

I was a high school student and made a lot of efforts for improving my handball skill :-) I made some small contribution to 数学ガール(Math Girl) as a reviewer. I love this series X-)

2013

SECCON 2013

As a member of dodododo.

SECCON 2013 Hokkaido

As a member of the team dodododo, and we won the first. (Here)

OSC Hokkaido 2013 #osc13do

As a speaker.(Here)

Security Camp Forum 2013

As a speaker.

2012

Security Camp 2012

As a participant.

Recent Publications

Gimme a bit! - Exploring Attacks in the Post-XSS World

"Gimme a bit!" - Exploring Attacks in the "Post-XSS" World (English)

あなたの履歴を狙う攻撃たち / Eyes on Your Browsing History

あなたの履歴を狙う攻撃たち / Eyes on Your Browsing History (Japanese, 日本語)

Web セキュリティ入門 - 攻撃者の狙いを先読みする

Web セキュリティ入門 - 攻撃者の狙いを先読みする (Japanese, 日本語)

CSS Injection ++ - 既存手法の概観と対策

CSS Injection ++ - 既存手法の概観と対策 (Japanese, 日本語)

Tangled World of Web Technology

Tangled World of Web Technology ― Are we safe? (English)

XSS in the era of *.js

XSS in the era of *.js - JS ライブラリ時代の XSS (ゼロから始めるセキュリティ入門 勉強会 #14) (Japanese, 日本語)

CSP_akiba

Introduction: Content Security Policy (ゼロから始めるセキュリティ入門 勉強会 #14) (Japanese, 日本語)

CSP

CSP: Content Security Policy - The History and the Future of CSP (English)

Recent Articles