Experience

  • Any Worker, Somewhere

    2021.03. - Present.

  • Security Researcher, UnityLab

    2018.11. - 2021-02.

Education

  • Undergraduate Student, Kwangwoon University

    2018.03. - Present

Project

Participation

  • Cyber Conflict Exercise 2020, Finalist

    Participated as team μ΄μ²œμŒ€μ½˜νŒ¬ν΄λŸ½

    2020.10.29. - 2020.10.29.

  • μ‚¬μ΄λ²„λ³΄μ•ˆ 빅데이터 μ±Œλ¦°μ§€ 2019, Finalist (Track 6)

    Participated as team β€˜or’1’=’1

    2019.10.04. - 2019.11.08.

  • Cyber Conflict Exercise 2019, Finalist (Blue team)

    Participated as team Re: μ˜€νƒ€μΏ λͺ¨μž„

    2019.10.29. - 2019.10.30.

  • DEFCON 27 CTF, Finalist

    Participated as team SeoulPlusBadAss

    2019.08.08. - 2019.08.10.

  • Harekaze CTF 2019, 1st place

    Participated as team Yokosuka Hackers

    2019.05.18. - 2019.05.19.

  • TSG CTF 2019, 4th place

    Participated as team $wag

    2019.05.04. - 2019.05.05.

  • NEWSECU WINTER CTF 2019, 2nd place

    Participated as team $wag

    2019.01.28. - 2019.01.29.

  • InterKosen CTF 2019, 3rd place

    Participated as team KimchiPower

    2019.01.18. - 2019.01.20.

  • Cyber Conflict Exercise 2018, Finalist (Red team)

    Participated as team μ˜€νƒ€μΏ λͺ¨μž„

    2018.10.29. - 2018.10.30.

  • CTFZone 2018, Finalist

    Participated as team GoGiSaJo

    2018.07.21. - 2018.07.22.

  • DIMI CTF 2018 Online, 2nd place

    Participated as team st4rburst

    2018.06.17. - 2018.06.17.

  • Harekaze CTF 2018, 3rd place

    Participated as team SeoulWesterns

    2018.02.10. - 2018.02.11.

  • Christmas CTF 2017, 1st place

    Participated as team λ°•κ΄‘ν˜Έ 1μΈνŒ€

    2017.12.25. - 2017.12.26.

  • Layer7 CTF 2017, 1st place (Adult)

    Participated as team λ‰΄μ˜¬λ¦¬μ–ΈμŠ€ μΉ˜ν‚¨λ²„κ±° + μ˜¬μ—‘μŠ€νŠΈλΌ

    2017.09.22. - 2017.09.24.

  • 제1회 μ„œμšΈμ•„μ΄ν‹°κ³ λ“±ν•™κ΅ ν•΄ν‚Ήλ°©μ–΄λŒ€νšŒ, 2nd place (Adult)

    Participated as team Safflower

    2017.09.22. - 2017.09.23.

Provision

Exploitation

  • SuNiNaTaS, SuNiNaTaS

    • Arbitrary Private Post Read
    • Post Deletion CSRF
    • Comment Deletion CSRF
    • Post Deletion CSRF
    • Logout CSRF
    • Reflected XSS
    • Arbitrary Notice Post Write

    Reported to SuNiNaTaS (Hall Of Fame)

    2019.

  • Chromium, Google

    • XSS Auditor Bypass

    Reported to Google (Report)

    2019.04.18.

  • Naver Search, NAVER

    • Reflected XSS

    Reported to KISA (KVE-2019-0677)

    2019.

  • Naver Search, NAVER

    • Reflected XSS

    Reported to KISA (KVE-2019-0676)

    2019.

  • Asked Website, Asked

    • Stored XSS

    Reported to Asked

    2018.

  • HackerSchool Website, HackerSchool

    • SQL Injection

    Reported to HackerSchool

    2018.

  • Dothome Web Hosting, DOTHOME

    • Local Privilege Escalation
    • Remote Code Execution

    Reported to DOTHOME

    2018.

  • Gnuboard5, SIR

    • User Account Leak
    • Remote Code Execution

    Reported to KISA (KVE-2018-0510)

    2018.

  • Youngcart5, SIR

    • SQL Injection

    Reported to KISA (KVE-2018-0405)

    2018.

  • Gnuboard5, SIR

    • Reflected XSS
    • Remote Code Execution

    Reported to KISA (KVE-2018-0379)

    2018.

  • Gnuboard5, SIR

    • Reflected XSS
    • Remote Code Execution

    Reported to KISA (KVE-2018-0366)

    2018.

  • Gnuboard5, SIR

    • Reflected XSS
    • Remote Code Execution

    Reported to KISA (KVE-2018-0358)

    2018.

  • Gnuboard5, SIR

    • Reflected XSS
    • Remote Code Execution

    Reported to KISA (KVE-2018-0356)

    2018.

  • Youngcart5, SIR

    • Reflected XSS
    • Remote Code Execution

    Reported to KISA (KVE-2018-0346)

    2018.

  • Gnuboard5, SIR

    • User Account Leak

    Reported to KISA (KVE-2018-0109)

    2018.

  • Youngcart5, SIR

    • SQL Injection

    Reported to KISA (KVE-2018-0102)

    2018.

  • Youngcart5, SIR

    • SQL Injection

    Reported to KISA (KVE-2018-0101)

    2018.

  • Gnuboard5, SIR

    • Session ID Hijacking

    Reported to KISA (KVE-2018-0013)

    2018.

  • Gnuboard5, SIR

    • Reflected XSS
    • File Inclusion

    Reported to KISA (KVE-2017-1047)

    2017.

  • Naver Whale, NAVER

    • XSS Auditor Bypass

    Reported to KISA (KVE-2017-1040)

    2017.

  • Naver Whale, NAVER

    • XSS Auditor Bypass

    Reported to KISA (KVE-2017-1034)

    2017.

  • Gnuboard5, SIR

    • Board Admin Privilege Escalation

    Reported to KISA (KVE-2017-1029)

    2017.

  • Maps Marker Pro WordPress Plugin, Maps Marker

    • Arbitrary File Deletion

    Reported to HackerOne (Report)

    2017.11.14.

  • Maps Marker Pro WordPress Plugin, Maps Marker

    • SQL Injection

    Reported to HackerOne (Report)

    2017.10.08.

  • Maps Marker Pro WordPress Plugin, Maps Marker

    • SQL Injection

    Reported to HackerOne (Report)

    2017.09.27.

  • Maps Marker Pro WordPress Plugin, Maps Marker

    • SQL Injection

    Reported to HackerOne (Report)

    2017.09.26.

  • Maps Marker Pro WordPress Plugin, Maps Marker

    • SQL Injection

    Reported to HackerOne (Report)

    2017.09.26.

  • Maps Marker Pro WordPress Plugin, Maps Marker

    • SQL Injection

    Reported to HackerOne (Report)

    2017.09.26.

  • Maps Marker Pro WordPress Plugin, Maps Marker

    • SQL Injection

    Reported to HackerOne (Report)

    2017.09.26.

  • Naver Blog, NAVER

    • Clickjacking

    Reported to NAVER

    2016.

  • Naver Cafe, NAVER

    • Spoofing Grade

    Reported to NAVER

    2015.

  • XpressEngine, XEHub

    • Stored XSS

    Reported to KISA (KVE-2014-0083)

    2014.

Presentation

  • SQL Injection Attack & Defense, TeamLog of Sunrin Internet High School

    2018.09.03.

  • Web Application Exploitation, Nefus of Sunrin Internet High School

    2018.08.18.

Last updated at 2022-09-13.