- 🐤 Welcome to my GitHub Pages, atsushi, sada here!
- 🔭 I’m currently working as a Security Engineer at fintech startups!
- ⭐️ Focus
- Cloud Security (aws, GitHub Ecosystem)
- Enterprise Security (Jamf, Intune, EDR)
- Security Dev Tool (Static Analysis全般, Malware, CloudSec)
- 🎤 Presentation
-
sisakulint ('23-present)
- 🎤 DEFCON 34 Demo labs ('26)
- 🎤 Black Hat Asia Arsenal Web Page ('25)
- document pages
- sisakulint — SAST for GitHub Actions: 52 Rules, 38 Auto-Fix & Taint Tracking Engine - YouTube
- CI-Friendly static linter with autofix, SAST and semantic analysis for GitHub Actions!
- sisakulint outperforms GitHub official tool:CodeQL in both speed and coverage for Actions-specific vulnerabilities.
Benchmark Result GitHub Security Lab (GHSL) advisories 100% (18/18) GitHub Security Advisories (GHSA) 81.6% (31/38) Auto-fix coverage 38+ rules Detection categories
Category Rules Code Injection & Expression Safety 9 Supply Chain & Dependency Security 7 Credential & Secret Protection 7 Pipeline Poisoning & Artifact Integrity 8 Triggers & Access Control 7 Workflow Quality & Best Practices 8 Differentiators
- Taint propagation across steps, jobs, and reusable workflows (unique capability)
- Multi-step semantic analysis, not single-step pattern matching
- Validated against real-world vulns in PX4-Autopilot, weaviate, nrwl/nx, ag-grid, etc.
-
MachStealer (‘25-present)
- 🎤 Black Hat USA Arsenal Web Page ('26)
- Open-source PoC reproducing the credential harvesting pipeline shared by macOS infostealer families (AMOS, Poseidon, Banshee, Cthulhu, Cuckoo). Apple Silicon only. No exfiltration by design.
- MachStealer: The Shared Pipeline Behind Every macOS Infostealer — Security Research PoC - YouTube
- 【ずんだもん解説】MachStealer:全macOSインフォスティーラーに共通する攻撃パイプラインを解剖する - YouTube
-
Closed Career Event at RiST: ('24)
-
Security-JAWS #35: (‘24)
-
JSAC 2025: LT Speaker ('25)
-
Black Hat Asia Arsenal: Presenter ('25)
-
セキュリティ若手の会(ワークショップ&交流会): Workshop Instructor ('25)
-
Findy TECH BATON シリーズ第6弾!「あなたの知らない ”サプライチェーン攻撃”を語る セキュリティ Night」 ('25)
-
Black Hat USA Arsenal: Presenter ('26)
-
DEFCON 34 Demo labs: Presenter ('26)
-
Secueity Camp: AI Security Class Instructor ('26)
- RiST: member ('20-22)
- Security Camp: Attendee (‘21), Tutor at Web Security Class (‘23), Instructor at AI Security Class ('26)
- SecHack365: Philosophy Driven Course Trainee ('23)
- セキュリティ若手の会: Co-Founder & Host ('24-26)
- VSCodeで生産性を上げる 15,000+ Views!
- grub rescue モードから抜ける 10,000+ Views!
- macOS向けInfoStealerを技術的に解説してみた Finatext Tech Blog!
- 問題解決のためAWSドキュメントをどう追従するか
- GoreleaserとGitHub ActionsでプライベートリポジトリのCLIツールをbrewに公開する
- Kali LinuxでNvidia-driverを用いてデュアルモニターをセットアップする
- Ritsumeikan University ('20-'24)
- Bachelor of Computer Science and Engineering (March, '24)
