메인 컨텐츠로 넘어가기

Jeongwon Jo

email blog.pocas P0cas 🔒︎Report

Experience

RedAlert Republic of Korea

SECURITY RESEARCHER April, 2022 ‑ Present

  • Research the security status of various search engine/web services
  • Found 0-Day vulnerabilities in various CMS and NPM or desktop apps

██ ████████ Republic of Korea

BLUE Team November, 2021 - December, 2021

  • Found various vulnerabilities in the ██ bank project
  • Found various vulnerabilities in websites of various customers

██ ████████ Republic of Korea

BLUE Team August, 2021 - September, 2021

  • Found various vulnerabilities in websites of various customers

Activity

CTF Player Republic of Korea/USA

Web Hacking April, 2021 - Present

Dreamhack Challenge Author Republic of Korea

URLParserCon Republic of Korea

  • There are various flaws in many URL parsers. This flaw can lead to SSRF, XSS, and Open Redirect
  • Have listed the various URL Parser modules of NPM. Found 0-Day in the parser and reported it.
  • Earned 4170 USD through this project

Bug Bounty

NASA Bug Bounty USA

  • Remote Code Execution in NASA (1-Day Exploit)
  • Remote Code Execution in NASA (0-Day Exploit)

Microsoft Bug Bounty USA

  • Just XSS Sanitizer flaw - VULN-064235

Dreamhack Bug Bounty Republic of Korea/500 USD

  • Leak all write ups via IDOR in dreamhack.io

CVE Hunting International/4608.5 USD

  • CVE-2021-3815, CVE-2021-3829, CVE-2021-3831 ~ CVE-2022-21649, CVE-2022-21650 (25+)

KVE Hunting Republic of Korea/1600 USD

  • KVE-2021-1229, KVE-2021-1276, KVE-2021-1416, KVE-2021-1417, KVE-2021-1456, KVE-2021-1462, KVE-2021-1464

NBB Hunting Republic of Korea/1500 USD

  • NBB-2081, NBB-2082, NBB-2083, NBB-2153, NBB-2256, NBB-2285, NBB-2286, NBB-2287, NBB-2292