Undergraduate student of Computer and Information Security Department at Sejong University (2014 ~ )
Work Experience
Intern, Grayhash (2014.09 ~ 2014.12)
Assistant research engineer, Grayhash (2015.01 ~ 2016.04, 2018.02 ~ 2020.04)
Developing wargame, security education platform service with Vue.js, Django for workers in LINE Plus.
Penetration testing(including APT projects) and reviewing source code for cryptocurrency exchange, messenger service, online game service and multiple web services which has 1M+ users.
Researching security vulnerability in Browsers, Kernel drivers, Windows applications and so on.
Serving security training several times for clients.
Browser hacking training : How to analyse vulnerability in browsers, write a exploit code on Windows os, Bypass mitigations of browsers.
Bughunting
Bug hunting (Global)
Microsoft Internet Explorer 11 CMarkupPointer Use-After-Free Vulnerability (CVE-2014-1799)
Bypassed ‘Vtguard ‘mitigation without Information Disclosure vulnerability
Demo : https://youtu.be/cTC0buSM4rw
Microsoft Internet Explorer 11 Ptls6::LsFmtText Out-Of-Bounds Read & RCE Vulnerability (CVE-2015-0037)
Microsoft Internet Explorer 9 Uninitialized Memory Reference (CVE-2015-1712)
Microsoft Internet Explorer 11 CTitleElement Use-After-Free.(CVE-2015-1714)
Microsoft Internet Explorer 11 Memory Corruption (CVE-2015-2447)
Microsoft Internet Explorer 11 Uninitialized Memory Reference (ZDI-CAN-2712)
Apple OSX IOKIT IOFireWireFamilly Null Pointer Dereference Vulnerability (CVE-2016-1745)
Apple OSX IOKIT IntelAccelator Null Pointer Dereference Vulnerability (CVE-2016-1818)
Academic Club for researching software security in Sejong University.
Leader (2017 - 2018)
Education
Trainee, KITRI Best Of the Best (2013.07 ~ 2014.02)
Recognized Top 10 among 120 trainee.
Conference
Codegate Junior - Music Player Exploit (2013)
Codegate - Bug Hunting Challenge (2014)
Inc0gnito - Fuzzing For Fun (2014)
Korea Whitehat Contest - Meeting with White hacker (2014)
Korea Whitehat Contest - Meeting with White hacker (2016)
Seminar & Training
K-BOB Security Forum - Demonstrate APT attack using weaponized exploit. (2014)
Hunting zeroday in software - Korea Internet & Security Agency (2015)
Bug hunting with Windbg - Korea Internet & Security Agency (2015)
How to become a cool security researcher - Institute of Information Security Education for the Gifted, Kongju University (2017)
Competition
2015 Software Develop&Security Contest - Second place
2016 Software Develop&Security Contest - First place
2016 Crypto Contest - Participation Prize
2017 Defcon - Finalist (Hacking4Danbi)
2018 Codegate CTF (University) - Second place
2018 HITB-XCTF Singapore Final 6th place
Award
KISA(Korea Internet & Security Agency) Bug bounty program 1st (2013)
KITRI Best Of the Best TOP 10 (2014)
MSRC(Microsoft Security Reponse Center) TOP 100 (2015)
BlackHat USA - Awarded Student Scholarship Program (2017)
Personal Projects
Sweetmon2
https://github.com/sweetchipsw/sweetmon2
This is a fuzzer monitoring tool based Python3 + Django2. You can manage your fuzzers and crashes on the web. It can reduce repetitive work for fuzz testers.