Yunolay's Profile

> Home

Overview

[*] Name: Atsuki Hakozaki, aka Yunolay.
[*] Gender: Male.
[*] Country: Japan.
[*] Language: Japanese, English(Studying), Hex(Practice), Morse(Training).
[*] Interests: Anime, Manga.
[*] Skill Set: Offensive Security.
[*] Job Title: Security Engineer, Vulnerability Researcher, Bug Bounty Hunter, Penetration Tester, Red Team

Table of Contents

• Socials
• Work Experience
• LAC Co., Ltd.
• GMO Cybersecurity by Ierae, Inc.
• Skills
• Programming Languages
• Attacks
• Web Attacks
• Binary Exploit
• Privilege Escalation
• On-Premises Active Directory
• Content Management System(CMS)
• Operating system(OS)
• Network Device
• Network Security Device
• Sandbox
• Web Application Firewall(WAF)
• Platform
• HackTheBox
• vulnlab
• TryHackMe
• Capture the Flag (CTF)
• Permanent CTF
• CpawCTF
• Ksnctf
• picoCTF
• Team & Community
• 7h3B14ckKn1gh75, aka Knights
• Real World Pentesting Lab (RWPL)
• Certifications
• OffSec
• HackTheBox Academy
• INE Security
• IPA
• Microsoft
• CompTIA
• LPI
• Courses & Training
• Corelan
• HackTheBox Academy
• OffSec
• Pentesterlab
• Udemy
• Progate
• Awards History
• Education
• Cyber University
• Tokyo Electronics College
• Portfolio
• Contact

Index

• > Home

• Certification

  • > Home > Certification.
  • > Home > Certification > Certificate of Completion.

Socials

• Blog: https://blog.yunolay.com/
• Twitter: https://twitter.com/Yunolay
• Twitter in English: https://twitter.com/Yunolay_en
• Youtube: https://www.youtube.com/@Yunolay
• Github: https://github.com/Yunolay
• LinkedIn: https://www.linkedin.com/in/Yunolay
• Anilist: https://anilist.co/user/Yunolay/
• HackerOne: https://hackerone.com/yunolay

Work Experience

• LAC Co., Ltd.

  Company Website
  
  [+] April 2017 - May 2019 (2 years and 2 months)
  [*] SOC member. Network Security Engineer.
  [-] Building and operation of security devices such as IPS, IDS, WAF, and Sandbox, etc.
  [-] FireEye, Macnica, Paloalto, Cisco, Juniper, etc.
  

• GMO Cybersecurity by Ierae, Inc. aka Ierae Security

  Company Website
  
  [+] April 2021 - December 2023 (2 years and 9 months)
  [*] Vulnerability Researcher. Security Engineer.
  [-] Web, API Vulnerability Diagnosis.
  [-] Cheating in smartphone games.
  [-] PHP, REST API, GraphQL, WebSocket, MessagePack, gRPC, GCP Firestore, Android and iOS Application, etc.
  

Skills

• Programming Languages:

  • Web
    • HTML
    • CSS
    • JavaScript
  • Script
    • Shell Script
    • Batch Script
    • Powershell Script
  • Python
  • Whitespace
  • Brainfuck
  • Rockster
  • Piet
  • Rust(Studying)
  • Go lang(Studying)

• Attacks

  Web Attacks

  • SQL Injection (SQLi): CWE-89
  • Blind SQL Injection (Blind SQLi): CWE-89
  • Cross-Site Scripting (XSS): CWE-79
  • Command Injection (Cmdi): CWE-77
  • Blacklist Bypass: CWE-184
  • Path Traversal (PT): CWE-22
  • Local File Inclusion (LFI): CWE-98
  • Remote File Inclusion (RFI): CWE-98
  • XML External Entity Injection (XXE): CWE-611
  • Blind XML External Entity Injection (Blind XXE): CWE-611
  • Server-Side Request Forgery (SSRF): CWE-918
  • Server-Side Template Injection (SSTI): CWE-1336
  • Insecure Direct Object References (IDOR): CWE-639
  • Open Redirection: CWE-601
  • HTTP Verb Tampering: CWE-650
  • Logical Attack
  • Custom Salt Hash Crack
  • Black Box Test
  • White Box Test
  • Grass Box Test

  Binary Exploit

  Windows

  • Buffer Oevrflow (BoF)
  • Structured Exception Handler (SEH) Overflow
  • Return-oriented Programming (ROP)
  • Data Execution Prevention (DEP) Bypass using ROP
  • Format String Bug Attack (FSBA)
  • Heap Exploit
    • Heap Overflow (Windows7 SP1, Windows10/11)
    • Use After Free (Windows7 SP1, Windows10/11)
    • Double Free (Windows7 SP1, Windows10/11)
    • Uninitialized Memory (Windows7 SP1, Windows10/11)

  Linux

  • Buffer Overflow (BoF)
  • Return-oriented Programming (ROP)
  • Ret2libc using ROP
  • Format String Bug Attack (FSBA)

  Privilege Escalation

  • Windows
  • SeImpersonatePrivilege: PrintSpoofer technique
  • UAC Bypass and Windows Defender Bypass via FodHelper technique
  • Linux
  • Path Injection using Relative Paths
  • A Read Eval Print Loop

  On-Premises Active Directory

  • ADCS Attack

  Smartphone Game

  • API Cheat

• Content Management System(CMS):

  • WordPress

• Operating system(OS):

  • Windows
  • Windows XP
  • Windows 7
  • Windows Vista
  • Windows 10
  • Windows 11
  • Linux
  • Debian
  • Ubuntu
  • Kali Linux
  • Parrot OS
  • Red Hat
  • CentOS
  • macOS
  • Android
  • Rooting Android while passing SafetyNet checks.
  • iOS
  • Jailbreak

• Network Device

  • Buffalo
  • Cisco

  • Network Security Device

    Sandbox

    • FireEye
      • FireEye Network Security - NX Series (FireEye NX)
      • FireEye Email Security Server Edition (FireEye EX)
      • FireEye Central Management CM Series (FireEye CM)

    Web Application Firewall(WAF)

    • Paloalto
      • Paloalto Networks Next-Generation Firewall (Paloalto NGFW)

• Other:

  [*] Building and operating security network devices.
  [*] Web, API Diagnosis.
  [*] Cheating in smartphone games.
  [*] Penetration Testing and Red team
  [-] etc.

Platform

• HackTheBox

  Lab link
  

  [*] Rank: Omniscient Rank. (100% pwned)
  [*] Total Systems Owned: 190 systems owned. (January 2024)
  [*] HTB profile page: https://app.hackthebox.com/profile/97384
  [-] Best: Global Ranking top 8.
  [-] Best: Japan Ranking 1.
  
  [*] Solved Insane Machine:
  

  • Skyfall OS:Linux: Machine link
  • Corporate: OS:Linux: Machine link
  • Ouija: OS:Linux: Machine link
  • Rebound: OS:Windows: Machine link
  • RegistryTwo: OS:Linux: Machine link
  • Bookworm: OS:Linux: Machine link
  • Coder: OS:Windows: Machine link
  • Anubis: OS:Windows: Machine link
  • pivotapi: OS:Windows: Machine link
  • CrossFitTwo: OS:OpenBSD: Machine link
  • Sink: OS:Linux: Machine link
  • APT: OS:Windows: Machine link
  • CrossFit: OS:Linux: Machine link
  • Laser: OS:Linux: Machine link
  • RopeTwo: OS:Linux: Machine link
  • Dyplesher: OS:Linux: Machine link
  • Multimaster: OS:Windows: Machine link
  • Fatty: OS:Linux: Machine link
  • PlayerTwo: OS:Linux: Machine link
  • Rope: OS:Linux: Machine link
  
  [*] Solved Addvanced Lab:
  
  • Fortresses
  • Jet: Lab link
  • Akerva: Lab link
  • Context: Lab link
  • Synacktiv: Lab link
  • Faraday: Lab link
  • AWS: Lab link
  
  
  • Endgames
  • P.O.O: Lab link
  • Hades: Lab link
  • RPG: Lab link
  • Ascension: Lab link
  • Odyssey: Lab link
  • Solar: Lab link
  
  [*] For an introduction to Hack The Box and understanding the ranking system, please refer to the following article.

• vulnlab

  Lab link
  [*] Rank: Apprentice (9% pwned)
  [*] Ranking: 187
  [*] Points: 100
  [*] Solved Machine:
  

  • Baby: OS:Windows, Difficulty:Easy: My Writeup link
  • Baby2: OS:Windows, Difficulty:Medium
  • Data: OS:Linux, Difficulty:Easy: My Writeup link
  • Feedback: OS:Linux, Difficulty:Easy: My Writeup link
  • Retro: OS:Windows, Difficulty:Easy: My Writeup link
  • Sync: OS:Linux, Difficulty:Easy: My Writeup link

• TryHackMe

  Lab link
  

  [*] Rank: 0x9 OMNI
  [-] 87 Rooms Complete
  [-] TryHackMe Profile link: https://tryhackme.com/p/Yunolay
  

Capture the Flag (CTF)

Baby Challenge Hunter.

Genre:

• Pwn
• Web

Permanent CTF

• CpawCTF

  [*] 1890pts/1890pts - 100% pwned
  Visit CpawCTF Website

• Ksnctf

  [*] 2701pts. - 52.29% pwned
  Visit ksnctf Website

• picoCTF

  [*] 10620pts/67955pts - 15.63% pwned
  Visit picoCTF Website

  • Binary Exploitation - 1/46 pwned
  • Cryptography - 5/52 pwned
  • Forensics - 6/57 pwned
  • General Skills - 42/42 pwned (100% pwned)
  • Reverse Engineering - 14/76 pwned
  • Web Exploitation - 29/52 pwend

Team & Community

• 7h3B14ckKn1gh75, aka Knights

  [*] Role: Knights.
  

  • HTB Team: https://app.hackthebox.com/teams/overview/3804
  • GitHub: https://github.com/orgs/7h3-B14ck-Kn1gh75
    
  • CTFTime: https://ctftime.org/team/145245
  
  
  [*] We are a devoted CTF team that adores knowledge! Our activities range from encouraging others to succeed to hosting enjoyable tournaments.
  
  [*] We provide our devoted members with support around-the-clock! Some of us have extensive experience in the areas of programming, bug hunting, and cyber security.

• Real World Pentesting Lab (RWPL)

  [*] A community for Japanese enthusiasts of offensive security.

  • Overview Page: https://rwpl.github.io/
  • Github: https://github.com/RWPL
  • Twitter: https://twitter.com/rwplabs

Certifications

• OffSec

  • OffSec Certified Professional (OSCP): Certification web link
  • OffSec Web Expert (OSWE): Certification web link
  • OffSec Experienced Penetration Tester (OSEP): Certification web link
  • OffSec Exploit Developer (OSED): Certification web link
  • OffSec Certified Expert 3 (OSCE3): Certification web link

• HackTheBox Academy

  • HTB Certified Bug Bounty Hunter (HTB CBBH)

• INE Security

  • eLearnSecurity Certified Professional Penetration Tester (eCPPTv2)
  • eLearnSecurity Web Application Penetration Tester eXtreme (eWPTXv2)

• IPA

  • Fundamental Information Technology Engineer Examination (FE)
  • Applied Information Technology Engineer Examination (AP)
  • Information Security Specialist Examination (SC)

• Microsoft

  • Microsoft Technology Associate (MTA 98-367)

• CompTIA

  • CompTIA A+ ce (Expired.)
  • CompTIA Security+ ce (Expired.)

• LPI

  • Linuc level 1 (Expired.)

[*] For more details, see the following link: Certifications.

Courses & Training

• Corelan

  • Windows Stack & Heap Exploitation (Bootcamp & Advanced): Course link

• HackTheBox Academy

  • HTB Certified Bug Bounty Hunter (20 Modules): Course Overview Course intro video

• OffSec

  • Penetration Testing with Kali Linux (PEN-200): Course link
  • Advanced Web Attacks and Exploitation (WEB-300): Course link
  • Advanced Evasion Techniques and Breaching Defenses (PEN-300): Course link
  • Windows User Mode Exploit Development (EXP-301): Course link
  • Advanced Windows Exploitation (EXP-401): Course link

• Pentesterlab

  • Introduction Courses Completed (100% pwned)
  • HTTP Courses Completed (100% pwned)
  • Unix Courses Completed (100% pwned)

• Progate

  • Command Line Completed
  • Python I, II, III, IV, V Completed
  • Python Lesson I-III Study & Dojo Completed
  • SQL I, II Completed
  • Git I Completed
  • HTML & CSS Beginner Level Completed
  • Java I, II, III Completed
  • Ruby I, II Completed

• Udemy

  • Kali Linux Web App Pentesting Labs Course link Certification of Completion link
  • Website Hacking / Penetration Testing Course link Certification of Completion link
  • CTF - In-depth analysis of Web security competition questions Course link Certification of Completion link
  • Learn hacking techniques and make WordPress more robust with the Boot2Root CTF Challenge Course link Certification of Completion link
  • How to start IoT white hacking Course link Certification of Completion link
  • Cyber attack simulation for in-vehicle networks and basic knowledge of CAN communication Course link Certification of Completion link
  • Introduction to GraphQL full-stack web development (Django + React/Apollo Client) Course link Certification of Completion link
  • Practical gRPC introduction to learn with Go language Course link Certification of Completion link
  • Cyberattacks: From intrusion to privilege escalation Course link Certification of Completion link

Awards History

• HackTheBox Open Beta Season III - Holo Rank

  [*] Tier: Holo Rank
  [*] 11/12 system own
  https://labs.hackthebox.com/achievement/season/97384/3

• Top 2 JP (Hall of Fame)

  [*] Issuer: HackTheBox, November 2023
  [-] Achieved Top 2 in the JP on HackTheBox.

• Top 25 Globally (Hall of Fame)

  [*] Issuer: HackTheBox, November 2023
  [-] Has been in the Top 25 of the Hall of Fame.

• MBSD Cybersecurity Challenge - 2nd Place

  [*] Issuer: Mitsui Bussan Secure Directions, Inc., December 2016
  [-] 2nd place.
  Detail article

Education

• Cyber University

  University Website
  [*] Bachelor of Information Technology
  [-] April 2020 - March 2022

• Tokyo Electronics College

  College Website
  [*] Information Processing Department, Three-Year Program
  Information Processing Department, Three-Year Program at Tokyo Electronics College
  [-] April 2014 - March 2017

Game

• Hacknet Cleared Officail Website, My playing video
• Hacknet Labyrinth (DLC)(playing) Officail Website

Portfolio

Content Management System(CMS):

• WordPress
• Yunolay's Blog : https://blog.yunolay.com
  [-] This WordPress site is hosted on Xserver and the domain was registered through Onamae.com.

Contact(Work Requests, Job Inquiries)

Under Preparation