Work Experience

Flatt Security Inc.

Chief Technology Officer (CTO)

June, 2021 - PRESENT

Security Engineer

May, 2019 - May, 2021
  • Developing KENRO, an e-learning system on secure development.
  • Supervising most of training courses on the platform.
  • Operating a Kubernetes cluster on which 50+ small services are running.

Lecturer at Web System Design Program (WEBSYS)

November, 2018 - PRESENT

Student Researcher at IBM Research - Tokyo

March, 2018 - Feburary, 2019
  • Mainly focused on network security and applied a patent as mentioned below.

Part-Time Security Engineer at IERAE Security Inc.

September, 2017 - April, 2019
  • Did vulnerability testing of Web applications.

Volunteer Experience

Member of SECCON CTF WG

April, 2021 - PRESENT
  • Organizing CTFs as a leader of SECCON CTF WG.

Member of Security Camp Committee

April, 2018 - PRESENT
  • Conducting some training courses on Web security.
  • Supporting other trainers technically and mentally.

Member of SECCON Beginners

April, 2017 - March, 2021
  • Organized CTFs and trainings as a leader of SECCON Beginners WG.

Education

Department of Information Science, School of Science, the University of Tokyo

April, 2017 - March, 2021

Publications

詳解セキュリティコンテスト

2021, 株式会社マイナビ出版
  • ISBN: 978-4-839973-49-0
  • Author: 梅内 翼, 清水 祐太郎, 藤原 裕大, 前田 優人, 米内 貴志 (me), 渡部 裕
  • See this page for further information of this book.

Webブラウザセキュリティ

2021, ラムダノート株式会社
  • ISBN: 978-4-908686-10-8
  • Author: 米内 貴志 (me)
  • See this page for further information of this book.

Verification of Microservices Using Sidecar Proxy and Distributed Traces

2021, Bachelor Thesis
  • Here is an abstract of the paper.
  • Please email me to get the full version.

Comprehensive homographic string detection

2018, US Patent
  • Inventor: Takashi Yoneuchi (me), Yuji Watanabe, Fumiko Akiyama
  • Patent ID: US20200134102A1
  • Invented with my colleagues at IBM Research - Tokyo.

Other Public Projects

Research and Development of Next-Gen Quantum-Classical Programming Language

June, 2021 - PRESENT
  • Developping Qitten, a next-gen quantum-classical programming language.
  • This project is supported by MITOU Target Program, a research grant for quantum projects.
  • Reference: a project summary page

Development of a Hypervisor for RISC-V Platform

December, 2020 - PRESENT

Development of RISC-V CPU on FPGA from scratch

December, 2019 - March, 2020

Research on Blind Regular Expression Attack

September, 2019 - February, 2020

Vulnerability Research on Popular Products

  • Finding vulnerabilities of widely-used applications to make the world more secure!
  • See this page to check a full list of CVEs.

Honors and Awards

Bachelor Degree Scholarship, 一般財団法人知可子育英支援財団

2017 - 2020

1st place as team dodododo, SECCON CTF 2019 Finals (Domestic)

2019

1st place as team dodododo, SECCON CTF 2018 Finals (Domestic)

2018

3rd place as team dodododo, SECCON CTF 2017 Finals (International)

2017

1st place as team dodododo, SECCON CTF 2013 Hokkaido

2013

Other Activities

For further information about me (e.g. contributed articles, talks, projects, ...), you can check a full list of them at this page.

Presentations

Go をセキュアに書き進めるための「ガードレール」を整備しよう

Go をセキュアに書き進めるための「ガードレール」を整備しよう (Japanese, 日本語)

すこしだけマクロな視点から捉える Web セキュリティ

すこしだけマクロな視点から捉える Web セキュリティ (Japanese, 日本語)

マクロな視点から捉える Web セキュリティ

マクロな視点から捉える Web セキュリティ (Japanese, 日本語)

Web クライアントサイドの攻防

Web クライアントサイドの攻防 (Japanese, 日本語)

正規表現とセキュリティ / Regular Expressions and Their Security-Related Aspects

正規表現とセキュリティ (Japanese, 日本語)

2019 年度 CPU 実験 余興: Linux が動く RISC-V CPU を作る

2019 年度 CPU 実験 余興: Linux が動く RISC-V CPU を作る (Japanese, 日本語)

Revisiting ReDoS: A Rough Idea of Data Exfiltration by ReDoS and Side-channel Techniques

Revisiting ReDoS: A Rough Idea of Data Exfiltration by ReDoS and Side-channel Techniques (English)

体系的に学ぶモダン Web セキュリティ (#seccamp 全国大会 2019 B5)

体系的に学ぶモダン Web セキュリティ (#seccamp 全国大会 2019 B5) (Japanese, 日本語)

Gimme a bit! - Exploring Attacks in the Post-XSS World

"Gimme a bit!" - Exploring Attacks in the "Post-XSS" World (English)

あなたの履歴を狙う攻撃たち / Eyes on Your Browsing History

あなたの履歴を狙う攻撃たち / Eyes on Your Browsing History (Japanese, 日本語)

Web セキュリティ入門 - 攻撃者の狙いを先読みする

Web セキュリティ入門 - 攻撃者の狙いを先読みする (Japanese, 日本語)

CSS Injection ++ - 既存手法の概観と対策

CSS Injection ++ - 既存手法の概観と対策 (Japanese, 日本語)

Tangled World of Web Technology

Tangled World of Web Technology ― Are we safe? (English)

XSS in the era of *.js

XSS in the era of *.js - JS ライブラリ時代の XSS (ゼロから始めるセキュリティ入門 勉強会 #14) (Japanese, 日本語)

CSP_akiba

Introduction: Content Security Policy (ゼロから始めるセキュリティ入門 勉強会 #14) (Japanese, 日本語)