Yoshinori Hayashi (@8ayac)

XHackerOneGitHubBlogLinkedInBluesky (99% personal)

Work Experience

Part-time Security Engineer at Cybozu, Inc

Apr 11, 2018 - May 23, 2019
  • Did security testing and risk assessment
  • Operated Cybozu Bug Bounty Program

Part-time Security Engineer at Mitsui Bussan Secure Directions, Inc

Jul 2, 2019 - Mar 31, 2020
  • Did vulnerability testing of web applications

Application Security Engineer at LINE Corporation

Apr 1, 2021 - Sep 30, 2023
  • Was member of Application Security Team
  • Committed to ensure security and quality of a wide range services and products developed by LINE and group companies.JFYI: The platforms and technologies include Web, mobile, desktop, IoT, Fintech, and more.
  • Reference:LINE Corporation

Security Engineer at LY Corporation

Oct 1, 2023 - PRESENT
  • Ensure security and quality of a wide range services and products developed by LY Corporation and group companies
  • Do security tests, risk assessments and security consulting
  • Develop DevSecOps tools
  • Support LINE Security Bug Bounty Program
  • Organize LINE CTF and create (web) challenge for it
  • Reference:LY Corporation

Education

Department of Information Security, Information Science College, Kanagawa

Apr 1, 2017 - Mar 31, 2021
  • Received Advanced Diploma(Applied Professional Postsecondary Course(Technology))
  • Reference:School information
  • Reference:Advanced Diploma (Japan)

Awards & Achievement

MBSD Cybersecurity Challenges 2017

Dec 13, 2017

2018 GitLab BugBounty Program

Jan 1, 2019

45th WorldSkills Competition in Kazan

Aug 27, 2019

2019 GitLab BugBounty Program

Jan 1, 2020

Other Activities

Burp Suite Japan User Group

Jan 1, 2019 - PRESENT
  • A user group of a local proxy tool "Burp Suite.
  • Organizing some events and supporting other management tasks.

ISCCTF 2020

Oct 24, 2020

LINE CTF 2022

Mar 26, 2022 - Mar 27, 2022

LINE CTF 2023

Mar 25, 2023 - Mar 26, 2023

LINE CTF 2024

Mar 23, 2024 - Mar 24, 2024

CVEs

CVE-2018-0652

Aug 3, 2018
  • Found an Stored XSS on GROWI.
  • Reference:cve.mitre.org

CVE-2018-0653

Aug 3, 2018

CVE-2018-17454

Oct 1, 2018

CVE-2018-18640

Oct 29, 2018

CVE-2019-6785

Jan 31, 2019

CVE-2019-9220

Mar 4, 2019

CVE-2019-13010

Jul 3, 2019

CVE-2022-22978

May 16, 2022

Publications

DEFCON 27 OpenCTF 2019 参戦レポート

Oct 3, 2019
  • Published in HISYS Journal Vol.34.
  • Reference:HISYS Journal Vol.34

技能五輪国際大会(WorldSkills Kazan 2019)出場レポート

Oct 28, 2019

GraphQL診断ガイドライン

Dec 24, 2021

Webアプリケーション脆弱性診断ガイドライン 第1.2版

Mar 1, 2022

細かすぎるけど伝わってほしい脆弱性診断手法ドキュメント

Apr 12, 2023

Presentations

Dec 13, 2017MBSD Cybersecurity Challenges 2017 最終審査会 発表スライド

MBSD Cybersecurity Challenges 2017 最終審査会 発表スライド

Dec 12, 2018MBSD Cybersecurity Challenges 2018 最終審査会 発表スライド

MBSD Cybersecurity Challenges 2018 最終審査会 発表スライド

Mar 11, 2019Free Bugs Campaign

Free Bugs Campaign