Security Engineer at GMO Flatt Security inc.
1
Talks Delivered
1
Events Spoken At
0
Countries Visited
1
Years Speaking
1
Total Talks Given
- **AWS Dev Day 2023**
_E-2: Learning Security by Design from Anti-Patterns in Amazon S3, Amazon Cognito, and AWS Lambda_
[Slide deck](https://www.docswell.com/s/a-zara-n/5248R9-devday)
- **BSides Las Vegas 2024**
_Are you content with our current attacks on Content-Type?_
[Talk info](https://archive.bsideslv.org/2024/talks#PAPKRL) / [Slides](https://speakerdeck.com/flatt_security/are-you-content-with-our-current-attacks-on-content-type)
- **BSides Tokyo 2024**
_XSS using dirty Content-Type in the cloud era_
[Talk info](https://bsides.tokyo/2024/#norihide-saito--azara) / [Slides](https://speakerdeck.com/flatt_security/xss-using-dirty-content-type-in-cloud-era)
- **JSAC 2024 (JPCERT/CC)**
_Introduction to Cloud Incident Investigation Through Architecture-Based Understanding_
Hands-on workshop covering real-world unauthorized access cases in AWS and Azure.
- **CODE BLUE 2024**
_Beyond Misconfigurations: A Comprehensive Look at Threats in Object Storage like S3_
[Program page](https://archive.codeblue.jp/2024/program/time-table/day1-opentalks-007/)
Areas of Expertise
Presentation Types
Audience Types
With the widespread adoption of IMDSv2 and serverless architectures, traditional AWS privilege escalation via SSRF has become difficult. However, attack paths originating from browsers leveraging Cognito Identity Pools remain viable. This talk systematizes the kill chain from reconnaissance to privilege escalation and post-exploitation, presenting proof-of-concepts and defense strategies, including misconfigured
