🧭 About Me
Red team operator at a global cybersecurity company. I plan and execute adversary simulations and threat-led penetration testing (TLPT) engagements against enterprise environments — the kind where the objective is domain dominance, not a checklist.
My day-to-day lives at the intersection of Active Directory attack chains, cloud (Azure / AWS / OCI) lateral movement, EDR evasion, and phishing tradecraft. I’ve emulated real-world ransomware group TTPs end-to-end — from initial access through credential harvesting, privilege escalation, and data staging — against financial institutions, pharmaceutical companies, and critical infrastructure operators.
I’ve been in offensive security since 2015 — starting with independent vulnerability research and bug bounty hunting, then moving into professional penetration testing, and eventually full-scope red team operations. This blog is where I write about techniques I’m actively researching or lessons from the field — not polished textbook rewrites.
💼 What I Work On
Adversary Simulation & TLPT Full kill-chain emulation mapped to real threat actor TTPs. Assumed-breach, phishing-led initial access, multi-stage lateral movement, and objective-based operations against defended networks.
Active Directory & Identity Attack Paths Kerberos abuse, ADCS exploitation, cross-forest trust attacks, hybrid AD-to-cloud pivots. This is where most of my engagements end in domain compromise.
Cloud Red Teaming Azure / Entra ID, AWS, and OCI attack surface assessment. IAM policy exploitation, cloud-native lateral movement, and multi-cloud pivot scenarios.
Vulnerability Research Independent security research with a current focus on the MCP (Model Context Protocol) server ecosystem — analyzing how AI tool integrations introduce SSRF, secret disclosure, and path traversal vulnerabilities into enterprise environments. Active CVE contributor with multiple vendor coordinated disclosures in progress.
Phishing & Initial Access Social engineering campaign design, payload development, and delivery infrastructure. Building things that get past mail gateways and make users click.
C2 Infrastructure & EDR Evasion Command-and-control architecture design, malleable profile tuning, redirector chains, and domain fronting. Payload engineering focused on bypassing modern EDR/XDR solutions in production environments.
🏆 Track Record
CVE & Vulnerability Research
- 13+ CVEs assigned by MITRE across open-source projects and commercial tooling
- 7 vulnerability acknowledgments from Japan’s IPA (Information-technology Promotion Agency)
- Active research into MCP server security (coordinated disclosure with major vendors)
Bug Bounty & Responsible Disclosure Hall of Fame
- Rakuten Group, Inc.
- BANDAI.co.ltd
- DIP Corporation
- Neo4j(Acknowledgement)
- Enigmo Inc.
- SBI Holdings
- Seven Bank, Ltd.
- Yahoo Japan
- Sky Co., Ltd.(Acknowledgement)
- Mercari, Inc.
- Keysight
- Lumen
- Clarivate
Certifications
| Cert | Issuer | Notes |
|---|---|---|
| OSEP | OffSec | Experienced Penetration Tester — completed the full objective |
| OSCP | OffSec | Certified Professional |
| OSWP | OffSec | Wireless Professional |
| PNPT | TCM Security | Practical Network Penetration Tester |
| AWS Security – Specialty | Amazon Web Services | |
| CARTP | Altered Security | Certified Azure Red Team Professional |
Currently working toward: OSWE → OSED → OSCE3
Current Focus
- MCP server ecosystem security research & coordinated disclosure
- Azure / Entra ID red teaming & cloud attack chain development
- Malware development, payload engineering & EDR evasion research
- OSWE preparation (white-box web application exploitation)
- Writing — building this blog into a resource worth bookmarking
ギカク Pentest Blog 