About
About Me
I am a cybersecurity professional. I hold the OSCP, HTB CPTS, and HTB CJCA certifications, building hands-on skills across platforms such as Hack The Box, TryHackMe, and OSCP Proving Grounds. Each machine I worked through deepened my understanding of real-world attack techniques and defensive strategies.
As a non-native English speaker, I am also actively improving my English skills alongside my technical development. I believe that consistent effort and a willingness to step outside one’s comfort zone are the foundations of meaningful progress — in both cybersecurity and language.
This site documents my ongoing journey in offensive security. I hope that my writeups prove useful to others who are on a similar path.
Certifications
| Certification | Issuer |
|---|---|
| OSCP (Offensive Security Certified Professional) | OffSec |
| CPTS (HTB Certified Penetration Testing Specialist) | Hack The Box |
| CJCA (HTB Certified Junior Cybersecurity Associate) | Hack The Box |
| RISS (Registered Information Security Specialist) | Information-technology Promotion Agency (IPA) |
| AWS Certified Security – Specialty | Amazon Web Services (AWS) |
| AWS Certified Solutions Architect – Professional | Amazon Web Services (AWS) |
| AWS Certified Solutions Architect – Associate | Amazon Web Services (AWS) |
| IP (IT Passport) | Information-technology Promotion Agency (IPA) |
| ITIL Foundation | AXELOS Limited |
| AP (Applied Information Technology Engineer) | Information-technology Promotion Agency (IPA) |
| Oracle Java Silver | Oracle Corporation |
| FE (Fundamental Information Technology Engineer) | Information-technology Promotion Agency (IPA) |
| Oracle Java Bronze | Oracle Corporation |
| NTT .Com Master ADVANCED ★★ | NTT Communications Corporation |
Vulnerability Research & CVE Hunting
19 published CVEs with CVE IDs assigned and patched releases shipped. Vulnerability classes span SSRF, Stored XSS, SQLi, SSTI, CQL Injection, Privilege Escalation, ExifTool argument injection, and weak password validation. Two coordinated co-credited disclosures (Open WebUI / MantisBT). Five additional CVE IDs are assigned but not yet published.
CVE entries
| CVE ID | Project | Vulnerability | CVSS |
|---|---|---|---|
| CVE-2026-33628 | Invoice Ninja | Stored XSS — denylist bypass | 5.4 |
| CVE-2026-33644 | Lychee | SSRF — DNS rebinding bypass | 2.3 |
| CVE-2026-33738 | Lychee | Stored XSS — RSS/Atom/JSON feed description | 4.8 |
| CVE-2026-33742 | Invoice Ninja | Stored XSS — Markdown HTML injection | 5.4 |
| CVE-2026-34203 | Nautobot | Password validators not enforced via REST API | 2.7 |
| CVE-2026-35187 | pyLoad | SSRF — multi-protocol (file://, gopher://) in parse_urls | 7.7 |
| CVE-2026-35477 | InvenTree | SSTI — PART_NAME_FORMAT without SandboxedEnvironment | 5.5 |
| CVE-2026-35516 | LinkAce | SSRF — bypass via CheckLinksCommand link URL update | 5.0 |
| CVE-2026-35588 | Glances | CQL Injection — Cassandra export config | 6.3 |
| CVE-2026-39361 | OpenObserve | SSRF — IPv6 bracket bypass in validate_enrichment_url | 7.7 |
| CVE-2026-39400 | Cronicle | Stored XSS — Job HTML/Table output innerHTML sink | — |
| CVE-2026-39401 | Cronicle | Privilege Escalation — update_event missing authentication | — |
| CVE-2026-39960 | MantisBT | Stored XSS — Custom Field Textarea (CVE-2024-34081 bypass) | 5.4 |
| CVE-2026-40280 | Gotenberg | SSRF — URL scheme case-insensitivity deny-list bypass | 9.3 |
| CVE-2026-40281 | Gotenberg | ExifTool stdin argument injection via metadata newlines | 10.0 |
| CVE-2026-40301 | dom-sanitizer | SVG <style> CSS injection — url() / @import | 4.7 |
| CVE-2026-41143 | YesWiki | SQLi — id_fiche in EntryManager::formatDataBeforeSave() | 8.8 |
| CVE-2026-44568 | Open WebUI | Stored XSS — Pending User Overlay DOMPurify order issue | 4.8 |
| CVE-2026-45548 | Budibase | SSRF — AI Extract fetchWithBlacklist not applied | 7.7 |
All vulnerabilities were reported through responsible disclosure. Related advisory query: https://github.com/advisories?query=credit%3Amorimori-dev
Professional Background
Before transitioning into cybersecurity, I worked in IT infrastructure and network engineering. This background gives me a solid foundation in networking protocols, system administration, and troubleshooting — skills that directly support my penetration testing practice.
Skills
Infrastructure & Cloud (Professional Experience)
AWS (Security, Solutions Architect Professional), Container Orchestration (Docker, Kubernetes), High Availability / Redundancy Architecture, Microsoft Endpoint Configuration Manager (MECM), Microsoft Defender for Endpoint (MDE), Splunk, Linux Administration, Windows Server Administration
Security Testing
Reconnaissance and Enumeration (Nmap, Gobuster, feroxbuster, nikto), Web Application Testing (Burp Suite Pro), Active Directory Attacks (BloodHound CE, Impacket, Certipy), Privilege Escalation (LinPEAS / WinPEAS), ADCS Exploitation, Kerberos Abuse, Lateral Movement, Tunneling (Ligolo-ng), Vulnerability Analysis, Report Writing
Scripting
Bash (command chaining, automation of enumeration tasks), Python for security tooling
Writeup Stats
| Platform | Machines Completed |
|---|---|
| OSCP Proving Grounds | 124 |
| Hack The Box | 44 |
| TryHackMe | 80 |
| Total | 248 |
| OS | Count |
|---|---|
| Linux | 158 |
| Windows | 90 |
Contact
- GitHub: github.com/morimori-dev
- LinkedIn: linkedin.com/in/nozomu-sasaki
- Credly: credly.com/users/class_nzm
Interested in discussing a writeup, collaborating, or exploring opportunities? Feel free to reach out via LinkedIn.