- Offensive security focused on penetration testing, adversary emulation & vulnerability research
- Red Team @ Sophos · Secureworks CTU™ Adversary Group
- Day job: APT emulation / adversary simulation, TLPT (Threat-Led Penetration Testing), and full-scope red team operations
- Currently auditing the MCP (Model Context Protocol) ecosystem — SSRF, OAuth/DCR abuse, token confusion, and supply-chain attack surface across 20+ vendors
- Bilingual security blogger (English / 日本語) — write-ups, PoCs, and research notes
- Happy to talk web / AD / cloud pentest, adversary emulation, and coordinated vuln disclosure
| Red Team / Adversary Emulation | Vulnerability Research | Cloud / Infra |
|---|---|---|
| Adversary Emulation (APT) TLPT / Threat-Led PT Active Directory PT Web / Network PT OSINT |
Vulnerability Research Source Code Review Coordinated Disclosure PoC Development |
AWS Security Container / K8s MCP / API Security |
- 📌 Published CVEs across open-source and MCP-ecosystem projects
- 🏆 Hall of Fame / Acknowledgements — recognized by multiple major vendors (incl. Japanese enterprises) and listed in national CERT acknowledgements
- 🧵 Selected write-ups available on the blog
| Area | Topics |
|---|---|
| Research | MCP / LLM-tooling security • Cloud Security • Attack-surface analysis |
| Tooling | Detection & exploitation PoCs • Security automation |
| Sharing | Conference talks (CFP in progress) • Bilingual technical blogging |
| Goals | Deep offensive-security craft • Community contribution |