Beomjin Lee

Contact

Name beomjin lee (posix)
Email posix.research[at]gmail.com
Blog https:blog.p6.is
Twitter https:twitter.com/po6ix

Profile

Security researcher loves to play CTF
Republic of Korea

Work Experience

Researcher, Hayyim Security

Sep, 2020 - Now
Mar, 2020 - Aug, 2020

Awards

2020 SECCON CTF 1st place

Awarded on: Oct 11, 2020

Team HangulSarang
2020 Cyber Conflict Exercise Quals 3rd place

Awarded on: Sep 27, 2020

Team Haim
2020 TokyoWesterns CTF 1st place

Awarded on: Sep 20, 2020

Team D0G$
2020 InterKosen CTF 2nd place

Awarded on: Jan 01, 2020

Team Defenit
2020 HacktivityCon CTF 5th place

Awarded on: Jan 01, 2020

Team Defenit
2020 CyBRICS CTF 2nd place

Awarded on: Jan 01, 2020

Team DefenitelyZer0
2020 TSG CTF 2nd place

Awarded on: Jan 01, 2020

Team DefenitelyZer0
2020 ASIS CTF 2nd place

Awarded on: Jan 01, 2020

Team DefenitelyZer0
2020 Plaid CTF 4th place

Awarded on: Jan 01, 2020

Team koreanbadass
2020 DEFCON CTF Quals 7th place

Awarded on: Jan 01, 2020

Team koreanbadass
2020 CONFidence CTF Quals 1st place

Awarded on: Jan 01, 2020

Team DDP
2020 WeCTF 1st place

Awarded on: Jan 01, 2020

Team st9846 (st98 + posix)
2020 redpwn CTF 7th place

Awarded on: Jan 01, 2020

Team Defenit
2020 Codegate CTF 10th place

Awarded on: Jan 01, 2020

Team POSIX, college part
2020 X-MAS GTF 3nd place

Awarded on: Jan 01, 2020

Team Defenit
2020 Securinets CTF 2nd place

Awarded on: Jan 01, 2020

Team Defenit
2020 Pragyan CTF 3rd place

Awarded on: Jan 01, 2020

Team Defenit
2020 Zer0pts CTF 9th place

Awarded on: Jan 01, 2020

Team Defenit
2019 SECCON CTF Quals 10th place

Awarded on: Jan 01, 2019

Team SEDefenit
2019 Christmas CTF 2nd place

Awarded on: Jan 01, 2019

Team ANTI PPP
2019 Samsung SSTF Open CTF 3rd place

Awarded on: Jan 01, 2019
2019 DVP Korea Blockchain CTF 1st place

Awarded on: Jan 01, 2019

Team POSIX
2019 HolyShield CTF 2nd place

Awarded on: Jan 01, 2019

Team Defenit
2019 BISC Open CTF 1st place

Awarded on: Jan 01, 2019

Team POSIX
2019 Rooters CTF 1st place

Awarded on: Jan 01, 2019

Team Defenit

Speaker

(Scheduled) Practical prototype pollution on NodeJS applications, POC 2020

Published on: 2020
The Beginning and End of Web Hacking, HackingCamp 2019

Published on: 2019

Project

NodeJS Module Vulnerability Automation Analysis, Best of the Best 8th

Jan, 2019 - Jan, 2019

CVE-2020-7707 CVE-2020-7721 CVE-2020-7701 CVE-2020-7717 CVE-2020-7715 CVE-2020-7716 CVE-2020-7719 CVE-2020-7700 CVE-2020-7702 CVE-2020-7704 CVE-2020-7714 CVE-2020-7706 CVE-2020-7724 CVE-2020-7727 CVE-2020-7718 CVE-2020-7725 CVE-2020-7722 CVE-2020-7703 CVE-2020-7723

Organizer

2020 Defenit CTF, Defenit

Jan, 2020 - Jan, 2020
In charge of overall management
- Highlighter
- Fortune Cookie
- BabyJS
- AdultJS
Layer CTF, Layer7

Jan, 2019 - Jan, 2019
Organizer
- JSTrick
SUA CTF, SUA

Jan, 2019 - Jan, 2019
Organizer
- Make Shorten
- WDB

Development

Web Development, Defenit CTF

Jan, 2020 - Jan, 2020
Web Development, Bobnews

Jan, 2019 - Jan, 2019

Publications

A Study on the Node.js Vulnerability Analysis Methodology, KIPS

Published on: Jan 01, 2019

Records

Prototype Pollution, Json

Jan, 2020 - Jan, 2020

CVE-2020-7712
Prototype Pollution, Express-Fileupload

Jan, 2020 - Jan, 2020

CVE-2020-7699
Regex DOS, CSV-Parse

Jan, 2020 - Jan, 2020

CVE-2019-17592
Xpress Engine3 pre-auth RCE

Jan, 2020 - Jan, 2020

not patched
Youngcart RCE * 2

Jan, 2019 - Jan, 2019

KVE-2019-1024 KVE-2019-1162
Youngcart Cross-Site Scripting * 3

Jan, 2019 - Jan, 2019

KVE-2019-1158 KVE-2019-1159 KVE-2019-1160
Youngcart SSRF

Jan, 2019 - Jan, 2019

KVE-2019-1158
Youngcart SQL Injection * 2

Jan, 2019 - Jan, 2019

KVE-2019-0990 KVE-2019-1157
Amina Builder Arbitary File Download

Jan, 2019 - Jan, 2019

KVE-2019-1151
Gnuboard Cross-Site Scripting * 5

Jan, 2019 - Jan, 2019

KVE-2019-821 KVE-2019-860 KVE-2019-994 KVE-2019-995 KVE-2019-1014
Gnuboard RCE

Jan, 2019 - Jan, 2019

KVE-2019-0993
Youngcart Purchase Bypass

Jan, 2019 - Jan, 2019

KVE-2019-0991
Stored Cross-Site Scripting - KakaoBank

Jan, 2019 - Jan, 2019

KVE-2019-0979
Cross-Site Scripting * 22 - Naver Web Service

Jan, 2019 - Jan, 2019

NBB-283 NBB-313 NBB-314 NBB-315 NBB-321 NBB-331 NBB-365 NBB-382 NBB-383 NBB-386 NBB-392 NBB-405 NBB-424 NBB-452 NBB-455 NBB-457 NBB-458 NBB-459 NBB-485 NBB-486 NBB-487 NBB-515
Information Disclosure - Naver Web Service

Jan, 2019 - Jan, 2019

NBB-918
Server Side Request Forgery - Naver Web Service

Jan, 2019 - Jan, 2019

NBB-320
Bypass authentication in Admin Page - Ridibooks

Jan, 2019 - Jan, 2019
Account Takeover - Ridibooks

Jan, 2019 - Jan, 2019
Cross-Site Scripting * 11 - Ridibooks

Jan, 2019 - Jan, 2019
Open Redirection * 5 - Ridibooks

Jan, 2019 - Jan, 2019
Stored Cross-Site Scripting - Gate.io

Jan, 2019 - Jan, 2019
CRLF Injection, Drive.net

Jan, 2019 - Jan, 2019

Interests

New Era

Binary Exploitation