Bug bounty

• Loading...
  • Immunefi
    • [censored]: Critical level rewarded $22,410 USDC
    • [censored]: Critical level rewarded $15,000 USDC
    • [censored]: High level rewarded $5,000 USDC
    • [censored]: High level rewarded $6,000 USDC


• 2021
  • HackerOne
    • Starbucks: Critical level rewarded $6,000 USD
    • Starbucks: rewarded $1,440 USD
    • Starbucks: rewarded $4,770 USD
  • Bugcamp
    • CISSP: rewarded $120 USD
  • GNUBOARD5
    • XSS (<=5.4.13.1) - 2021.06.24 (commit log, write up)


• 2020
  • Bugcrowd
    • Atlassian: Jira Service Desk: rewarded $600 USD
    • Bitdefender: rewarded $300 USD
  • HackerOne
    • Starbucks: rewarded $1,500 USD
    • Steam(store.steampowered.com): rewarded $400 USD
  • Naver Bug Bounty Program
    • found 15+ vulns - total rewarded $2,000 USD
  • Prototype Pollution: Node.js NPM modules
    (NodeJS Module Vulnerability Automation Analysis, Best of the Best 8th)
    
    • CVE-2020-7719, CVE-2020-7700, CVE-2020-7702
    • CVE-2020-7717, CVE-2020-7715, CVE-2020-7716
    • CVE-2020-7707, CVE-2020-7721, CVE-2020-7701
    • CVE-2020-7724, CVE-2020-7727, CVE-2020-7718
    • CVE-2020-7725, CVE-2020-7722, CVE-2020-7703
    • CVE-2020-7704, CVE-2020-7714, CVE-2020-7706
    • CVE-2020-7723


• 2019
  • HackerOne
    • μtorrent: Reflected XSS
    • afreecaTV: found 13+ vulns including SQL Injection
  • Naver Bug Bounty Program
    • found 8+ vulns: total rewarded $1,200 USD
  • GNUBOARD5
    • SQL Injection (<=5.4.0.1) - 2019.09.08
    • XSS (<=5.4.0.1) - 2019.09.08
    • Authentication bypass (<=5.4.0.1) - 2019.09.08
  • DVP Bug Bounty
    • Gate.io: SQL Injection (DVP-2019-30029) - rewarded 4.5 ETH
    • Gate.io: DOM Based XSS (DVP-2019-30165, DVP-2019-30149) - rewarded 0.250 ETH


• 2018
  • KISA Bug Bounty Program
    • NAVER: SQL Injection(KVE-2018-1301) - rewarded $1,000 USD


• 2017
  • NAVER PER(Privacy Enhancement Reward)
    • found 25+ vulns (XSS, Open Redirect)

Work Experience

• SAMSUNG SDS, 통합보안센터(Samsung Security Center)  
  • Position: Security Researcher
  • Date: Jan, 2024 ~
  • Task: Penetration Testing, Vulnerability Research


• RAON Whitehat, 핵심연구팀(Core Research Team)  
  • Position: Security Researcher
  • Date: Sep, 2021 ~ Dec, 2023 (2 year 3 months)
  • Task: Penetration Testing, Vulnerability Research


• Best of the Best 8th, KITRI  
  • Position: Mentee (취약점분석트랙)
  • Date: Jul, 2019 ~ Apr, 2020 (9 months)
  • Detail: KITRI, BoB

Speaker

• CODEGATE 2019(Junior Best Presentation Award)    
  • Title: PHP Trick Trip
  • Content: PHP의 여러 보안 이슈와 취약점을 통해 웹 해킹 공격으로 이어질 수 있는 버그에 대해 다루며,
     Zend 엔진을 분석해본 경험을 토대로 버그가 발생하는 논리적 이유와 이를 분석했던 과정을 소개하는 발표
  • Content(eng): This presentation covers various security issues and vulnerabilities in PHP that can lead to web hacking techniques,
    and based on my experience analyzing the Zend Engine, it discusses the logical reasons for bugs and the process of analyzing them.
  • Date: Mar 27, 2019
  • Detail: CODEGATE Official Website, Presentation
  • Award: 한국인터넷진흥원장상

• 빗썸 청소년 사이버 보안 캠프, Bithumb    
  • Title: 쉽고 간단하게 배워보는 정보보안 Tip
  • Content: 개인정보가 유출될 수 있는 여러 상황을 예를들며 이를 사전에 예방하는 방법을 소개하는 발표
  • Date: Nov 23, 2018
  • Detail: Articles, Bithumb Official Website

• HackingCamp 18, PoC Security    
  • Title: Security option bypass 101
  • Content: PHP의 open_basedir, disable_functions 옵션을 우회하는 여러 방법에 대해 소개하는 발표
  • Date: Sep 02, 2018
  • Detail: HackingCamp Official Website

Publications

• 2019
  • Automatic Analysis for Node.js Modules, (Best of the best 8th / NerdJS)
    • DAPP: automatic detection and analysis of prototype pollution vulnerability in Node.js modules
      Springer, International Journal of Information Security (IJIS) (SCIE)에 게재
      https://link.springer.com/article/10.1007/s10207-020-00537-0
  • PHP Trick Trip, (Presented at the CODEGATE conference 2019, GitHub)