Work Experience
Security Engineer at Flatt Security Inc.
- Designing and developing training courses for developers and security professionals.
Lecturer at Web System Design Program (WEBSYS)
- WEBSYS is a certificate program provided by the University of Electro-Communications.
- Conducting a class on cybersecurity.
Part-time Security Engineer at IERAE Security Inc.
- Did vulnerability testing of Web applications.
Student Researcher at IBM Research - Tokyo
- Mainly forcused on network security and applied a patent (mentioned below).
Education
Undergraduate Student, Department of Information Science, Faculty of Science, the University of Tokyo, Japan.
Currently studying as an undergraduate student on Computer Science.
Other Activities
SECCON Beginners
- SECCON Beginners is an non-profit organization that holds events for beginners of CTF.
- Organizing some events in Japan as a leader.
Security Camp Committee
- Conducting some training courses on Web security.
- Supporting other trainers technically and mentally.
Publications
Webブラウザセキュリティ ― Webアプリケーションの安全性を支える仕組みを整理する
- ISBN: 978-4-908686-10-8
- See this page for further information of this book.
Comprehensive homographic string detection
- By three inventors including me.
- Patent ID: US20200134102A1
Personal Projects & CVEs
Research on Blind Regular Expression Attack
- Proposed a brand-new theoritical attack that abuses Regular Expression (regexp) engines.
- Got featured by some famous news sites including The Daily Swig.
- Reference: detailed information ("A Rough Idea of Blind Regular Expression Injection Attack").
Development of RISC-V CPU on FPGA from scratch
- Developed a RISC-V CPU on which Linux kernel runs successfully with some friends of mine.
- Reference: related article.
- Reference: GitHub repositories.
CVE-2020-6400
- Found inappropriate implementation in CORS in Google Chrome.
- Reference: cve.mitre.org
CVE-2018-16205
- Found an Stored XSS.
- Reference: cve.mitre.org
Awards / Achievements
SECCON CTF 2019 Finals (Domestic)
- Won the 1st as team dodododo.
SECCON CTF 2018 Finals (Domestic)
- Won the 1st as team dodododo.
SECCON CTF 2017 Finals (International)
- Won the 3st as team dodododo.
SECCON CTF 2013 Hokkaido
- Won the 1st as team dodododo.
- Reference: event page.
Presentations
Here's a list of public presentation slides.
For further information, please see this page.