Contact

Contact

Profile

Profile

  • Security researcher loves to play CTF
  • Republic of Korea
Work Experience

Work Experience

Awards

Awards

  • 2020 SECCON CTF 1st place

    Awarded on: Oct 11, 2020

    Team HangulSarang

  • 2020 Cyber Conflict Exercise Quals 3rd place

    Awarded on: Sep 27, 2020

    Team Haim

  • 2020 TokyoWesterns CTF 1st place

    Awarded on: Sep 20, 2020

    Team D0G$

  • 2020 InterKosen CTF 2nd place

    Awarded on: Jan 01, 2020

    Team Defenit

  • 2020 HacktivityCon CTF 5th place

    Awarded on: Jan 01, 2020

    Team Defenit

  • 2020 CyBRICS CTF 2nd place

    Awarded on: Jan 01, 2020

    Team DefenitelyZer0

  • 2020 TSG CTF 2nd place

    Awarded on: Jan 01, 2020

    Team DefenitelyZer0

  • 2020 ASIS CTF 2nd place

    Awarded on: Jan 01, 2020

    Team DefenitelyZer0

  • 2020 Plaid CTF 4th place

    Awarded on: Jan 01, 2020

    Team koreanbadass

  • 2020 DEFCON CTF Quals 7th place

    Awarded on: Jan 01, 2020

    Team koreanbadass

  • 2020 CONFidence CTF Quals 1st place

    Awarded on: Jan 01, 2020

    Team DDP

  • 2020 WeCTF 1st place

    Awarded on: Jan 01, 2020

    Team st9846 (st98 + posix)

  • 2020 redpwn CTF 7th place

    Awarded on: Jan 01, 2020

    Team Defenit

  • 2020 Codegate CTF 10th place

    Awarded on: Jan 01, 2020

    Team POSIX, college part

  • 2020 X-MAS GTF 3nd place

    Awarded on: Jan 01, 2020

    Team Defenit

  • 2020 Securinets CTF 2nd place

    Awarded on: Jan 01, 2020

    Team Defenit

  • 2020 Pragyan CTF 3rd place

    Awarded on: Jan 01, 2020

    Team Defenit

  • 2020 Zer0pts CTF 9th place

    Awarded on: Jan 01, 2020

    Team Defenit

  • 2019 SECCON CTF Quals 10th place

    Awarded on: Jan 01, 2019

    Team SEDefenit

  • 2019 Christmas CTF 2nd place

    Awarded on: Jan 01, 2019

    Team ANTI PPP

  • 2019 Samsung SSTF Open CTF 3rd place

    Awarded on: Jan 01, 2019

  • 2019 DVP Korea Blockchain CTF 1st place

    Awarded on: Jan 01, 2019

    Team POSIX

  • 2019 HolyShield CTF 2nd place

    Awarded on: Jan 01, 2019

    Team Defenit

  • 2019 BISC Open CTF 1st place

    Awarded on: Jan 01, 2019

    Team POSIX

  • 2019 Rooters CTF 1st place

    Awarded on: Jan 01, 2019

    Team Defenit

Speaker

Speaker

  • (Scheduled) Practical prototype pollution on NodeJS applications, POC 2020

    Published on: 2020

  • The Beginning and End of Web Hacking, HackingCamp 2019

    Published on: 2019

Project

Project

  • NodeJS Module Vulnerability Automation Analysis, Best of the Best 8th

    Jan, 2019 - Jan, 2019

    CVE-2020-7707 CVE-2020-7721 CVE-2020-7701 CVE-2020-7717 CVE-2020-7715 CVE-2020-7716 CVE-2020-7719 CVE-2020-7700 CVE-2020-7702 CVE-2020-7704 CVE-2020-7714 CVE-2020-7706 CVE-2020-7724 CVE-2020-7727 CVE-2020-7718 CVE-2020-7725 CVE-2020-7722 CVE-2020-7703 CVE-2020-7723

Organizer

Organizer

  • 2020 Defenit CTF, Defenit

    Jan, 2020 - Jan, 2020

    In charge of overall management

    • Highlighter
    • Fortune Cookie
    • BabyJS
    • AdultJS
  • Layer CTF, Layer7

    Jan, 2019 - Jan, 2019

    Organizer

    • JSTrick
  • SUA CTF, SUA

    Jan, 2019 - Jan, 2019

    Organizer

    • Make Shorten
    • WDB
Development

Development

  • Web Development, Defenit CTF

    Jan, 2020 - Jan, 2020

  • Web Development, Bobnews

    Jan, 2019 - Jan, 2019

Publications

Publications

  • A Study on the Node.js Vulnerability Analysis Methodology, KIPS

    Published on: Jan 01, 2019

Records

Records

  • Prototype Pollution, Json

    Jan, 2020 - Jan, 2020

    CVE-2020-7712
  • Prototype Pollution, Express-Fileupload

    Jan, 2020 - Jan, 2020

    CVE-2020-7699
  • Regex DOS, CSV-Parse

    Jan, 2020 - Jan, 2020

    CVE-2019-17592
  • Xpress Engine3 pre-auth RCE

    Jan, 2020 - Jan, 2020

    not patched
  • Youngcart RCE * 2

    Jan, 2019 - Jan, 2019

    KVE-2019-1024 KVE-2019-1162
  • Youngcart Cross-Site Scripting * 3

    Jan, 2019 - Jan, 2019

    KVE-2019-1158 KVE-2019-1159 KVE-2019-1160
  • Youngcart SSRF

    Jan, 2019 - Jan, 2019

    KVE-2019-1158
  • Youngcart SQL Injection * 2

    Jan, 2019 - Jan, 2019

    KVE-2019-0990 KVE-2019-1157
  • Amina Builder Arbitary File Download

    Jan, 2019 - Jan, 2019

    KVE-2019-1151
  • Gnuboard Cross-Site Scripting * 5

    Jan, 2019 - Jan, 2019

    KVE-2019-821 KVE-2019-860 KVE-2019-994 KVE-2019-995 KVE-2019-1014
  • Gnuboard RCE

    Jan, 2019 - Jan, 2019

    KVE-2019-0993
  • Youngcart Purchase Bypass

    Jan, 2019 - Jan, 2019

    KVE-2019-0991
  • Stored Cross-Site Scripting - KakaoBank

    Jan, 2019 - Jan, 2019

    KVE-2019-0979
  • Cross-Site Scripting * 22 - Naver Web Service

    Jan, 2019 - Jan, 2019

    NBB-283 NBB-313 NBB-314 NBB-315 NBB-321 NBB-331 NBB-365 NBB-382 NBB-383 NBB-386 NBB-392 NBB-405 NBB-424 NBB-452 NBB-455 NBB-457 NBB-458 NBB-459 NBB-485 NBB-486 NBB-487 NBB-515
  • Information Disclosure - Naver Web Service

    Jan, 2019 - Jan, 2019

    NBB-918
  • Server Side Request Forgery - Naver Web Service

    Jan, 2019 - Jan, 2019

    NBB-320
  • Bypass authentication in Admin Page - Ridibooks

    Jan, 2019 - Jan, 2019

  • Account Takeover - Ridibooks

    Jan, 2019 - Jan, 2019

  • Cross-Site Scripting * 11 - Ridibooks

    Jan, 2019 - Jan, 2019

  • Open Redirection * 5 - Ridibooks

    Jan, 2019 - Jan, 2019

  • Stored Cross-Site Scripting - Gate.io

    Jan, 2019 - Jan, 2019

  • CRLF Injection, Drive.net

    Jan, 2019 - Jan, 2019

Interests

Interests

  • New Era

    Binary Exploitation