About
About Me
I am a cybersecurity professional who began this journey in August 2025. I obtained the OSCP certification in March 2026, building hands-on skills across platforms such as Hack The Box, TryHackMe, and OSCP Proving Grounds. Each machine I worked through deepened my understanding of real-world attack techniques and defensive strategies.
As a non-native English speaker, I am also actively improving my English skills alongside my technical development. I believe that consistent effort and a willingness to step outside one’s comfort zone are the foundations of meaningful progress — in both cybersecurity and language.
This site documents my ongoing journey in offensive security. I hope that my writeups prove useful to others who are on a similar path.
Certifications
| Certification | Issuer | Year |
|---|---|---|
| OSCP (Offensive Security Certified Professional) | OffSec | 2026 |
| Registered Information Security Specialist (RISS) | Information-technology Promotion Agency (IPA) | 2024 |
| AWS Certified Security – Specialty | Amazon Web Services (AWS) | 2023 |
| AWS Certified Solutions Architect – Professional | Amazon Web Services (AWS) | 2022 |
| AWS Certified Solutions Architect – Associate | Amazon Web Services (AWS) | 2021 |
| IT Passport (IP) | Information-technology Promotion Agency (IPA) | 2017 |
| ITIL Foundation | AXELOS Limited | 2016 |
| Applied Information Technology Engineer (AP) | Information-technology Promotion Agency (IPA) | 2016 |
| Oracle Java Silver | Oracle Corporation | 2015 |
| Fundamental Information Technology Engineer (FE) | Information-technology Promotion Agency (IPA) | 2014 |
| Oracle Java Bronze | Oracle Corporation | 2014 |
| NTT .Com Master ADVANCED ★★ | NTT Communications Corporation | 2013 |
Vulnerability Research & CVE Hunting
The GitHub Advisory query credit:morimori-dev currently shows 4 advisories (checked on 2026-04-10 UTC), and 3 of them have CVE IDs assigned.
CVE entries
| CVE ID | Project | Vulnerability | CVSS |
|---|---|---|---|
| CVE-2026-33628 | Invoice Ninja | Stored XSS Denylist Bypass | 5.4 |
| CVE-2026-34203 | Nautobot | Password validators not enforced via REST API user management | 2.7 |
| CVE-2026-35187 | pyLoad | SSRF in parse_urls API endpoint via unvalidated URL parameter | 7.7 |
All vulnerabilities were reported through responsible disclosure.
Related advisory query: https://github.com/advisories?query=credit%3Amorimori-dev
Professional Background
Before transitioning into cybersecurity, I worked in IT infrastructure and network engineering. This background gives me a solid foundation in networking protocols, system administration, and troubleshooting — skills that directly support my penetration testing practice.
Skills
Infrastructure & Cloud (Professional Experience)
AWS (Security, Solutions Architect Professional), Container Orchestration (Docker, Kubernetes), High Availability / Redundancy Architecture, Microsoft Endpoint Configuration Manager (MECM), Microsoft Defender for Endpoint (MDE), Splunk, Linux Administration, Windows Server Administration
Security Testing
Reconnaissance and Enumeration (Nmap, Gobuster, feroxbuster, nikto), Web Application Testing (Burp Suite Pro), Active Directory Attacks (BloodHound CE, Impacket, Certipy), Privilege Escalation (LinPEAS / WinPEAS), ADCS Exploitation, Kerberos Abuse, Lateral Movement, Tunneling (Ligolo-ng), Vulnerability Analysis, Report Writing
Scripting
Bash (command chaining, automation of enumeration tasks), Python for security tooling
Writeup Stats
| Platform | Machines Completed |
|---|---|
| OSCP Proving Grounds | 126 |
| Hack The Box | 44 |
| TryHackMe | 80 |
| Total | 250 |
| OS | Count |
|---|---|
| Linux | 160 |
| Windows | 90 |
Contact
- GitHub: github.com/morimori-dev
- LinkedIn: linkedin.com/in/nozomu-sasaki
- Credly: credly.com/users/class_nzm
Interested in discussing a writeup, collaborating, or exploring opportunities? Feel free to reach out via LinkedIn.