atsushi, sada ultra-supara

Code wins arguments👋

🐤 Welcome to my GitHub Pages, atsushi, sada here!
🔭 I’m currently working as a Security Engineer at fintech startups!
⭐️ Focus
- Cloud Security (aws, GitHub Ecosystem)
- Enterprise Security (Jamf, Intune, EDR)
- Security Dev Tool (Static Analysis全般, Malware, CloudSec)
🎤 Presentation
- BlackHat USA 2026 Arsenal (Malware Track) link
- BlackHat ASIA 2025 Arsenal (Code Assesment Track) link

sisakulint ('23-present)

🎤 Black Hat Asia Arsenal Web Page ('25)
document pages
sisakulint — SAST for GitHub Actions: 52 Rules, 38 Auto-Fix & Taint Tracking Engine - YouTube
CI-Friendly static linter with autofix, SAST and semantic analysis for GitHub Actions!
sisakulint outperforms GitHub official tool:CodeQL in both speed and coverage for Actions-specific vulnerabilities.

Benchmark	Result
GitHub Security Lab (GHSL) advisories	100% (18/18)
GitHub Security Advisories (GHSA)	81.6% (31/38)
Auto-fix coverage	38+ rules

Detection categories

Category	Rules
Code Injection & Expression Safety	9
Supply Chain & Dependency Security	7
Credential & Secret Protection	7
Pipeline Poisoning & Artifact Integrity	8
Triggers & Access Control	7
Workflow Quality & Best Practices	8

Differentiators

Taint propagation across steps, jobs, and reusable workflows (unique capability)
Multi-step semantic analysis, not single-step pattern matching
Validated against real-world vulns in PX4-Autopilot, weaviate, nrwl/nx, ag-grid, etc.

MachStealer (‘25-present)
- 🎤 Black Hat USA Arsenal Web Page ('26)
- Open-source PoC reproducing the credential harvesting pipeline shared by macOS infostealer families (AMOS, Poseidon, Banshee, Cthulhu, Cuckoo). Apple Silicon only. No exfiltration by design.
- MachStealer: The Shared Pipeline Behind Every macOS Infostealer — Security Research PoC - YouTube
- 【ずんだもん解説】MachStealer：全macOSインフォスティーラーに共通する攻撃パイプラインを解剖する - YouTube

Ritsumeikan University ('20-'24)
- Bachelor of Computer Science and Engineering (March, '24)