Skip to content
View hewei-gikaku's full-sized avatar
1 follower · 3 following
  • Sophos Secureworks CTU™ Adversary Group
  • LinkedIn in/gikaku

Highlights

Block or report hewei-gikaku

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
hewei-gikaku/README.md

🛡️ Gikaku / ギカク

Offensive Security Researcher | Red Team | CVE Contributor

Typing SVG

🧭 About Me

  • Offensive security focused on penetration testing, adversary emulation & vulnerability research
  • Red Team @ Sophos · Secureworks CTU™ Adversary Group
  • Day job: APT emulation / adversary simulation, TLPT (Threat-Led Penetration Testing), and full-scope red team operations
  • Currently auditing the MCP (Model Context Protocol) ecosystem — SSRF, OAuth/DCR abuse, token confusion, and supply-chain attack surface across 20+ vendors
  • Bilingual security blogger (English / 日本語) — write-ups, PoCs, and research notes
  • Happy to talk web / AD / cloud pentest, adversary emulation, and coordinated vuln disclosure

🏅 Certifications

OSCP OSEP CARTP PNPT AWS Certified Security – Specialty OSWP KLCP CompTIA Security+

🛠️ Skill Matrix

Red Team / Adversary Emulation Vulnerability Research Cloud / Infra
Adversary Emulation (APT)
TLPT / Threat-Led PT
Active Directory PT
Web / Network PT
OSINT		 Vulnerability Research
Source Code Review
Coordinated Disclosure
PoC Development		 AWS Security
Container / K8s
MCP / API Security

Core Tooling

🐞 Vulnerability Research & Recognition

CVE

Published CVEs

CVE Vendor CVSS Severity
CVE-2026-53709 IBM 9.8 Critical
CVE-2026-11719 Google 8.6 High
CVE-2026-53957 Contentful 7.7 High
CVE-2026-54358 MISP Project 7.5 High
CVE-2026-52869 Anthropic 7.1 High
CVE-2026-44968 / 44969 / 44970 dbt Labs 6.7 Medium
CVE-2026-53708 IBM 6.6 Medium
CVE-2026-48529 ★ GitHub 6.0 Medium
CVE-2026-54357 MISP Project 5.1 Medium
CVE-2026-6948 Rapid7 4.9 Medium

★ The world's first publicly disclosed vulnerability in GitHub's MCP Server.

🏆 Acknowledgements

Program
Responsible Disclosure Acknowledgment Rakuten · Mercari · BANDAI NAMCO · Sky · Neo4j · MISP Project · and more
📜 National CERT IPA (情報処理推進機構) — 7 acknowledgements

🧵 Selected write-ups and PoCs available on the blog

🚀 Current Focus

Area Topics
Research MCP / LLM-tooling security • Cloud Security • Attack-surface analysis
Tooling Detection & exploitation PoCs • Security automation
Sharing Conference talks (CFP in progress) • Bilingual technical blogging
Goals Deep offensive-security craft • Community contribution

Pinned Loading

  1. hewei-gikaku hewei-gikaku Public