Experience

South Korea

RED TEAM/FREELANCER Apr, 2022 ‑ Present

• I am working only at home
• Source code auditing and Architecture analysis
• Research the security status of various search engine/web services
• Found 0-Day vulnerabilities in various CMS and NPM or desktop apps

██ ████████ South Korea

BLUE TEAM Nov, 2021 - Dec, 2021

• Found various vulnerabilities in the ██ bank project
• Found various vulnerabilities in websites of various customers

██ ████████ South Korea

BLUE TEAM Aug, 2021 - Sep, 2021

• Found various vulnerabilities in websites of various customers

Activity

CTF Player South Korea/USA

Web Hacking Apr, 2020 - Present

• Participate in CTF at ST4RT and icypete but i participate alone often :)

Dreamhack Challenge Author South Korea

• easyxss-v2 (XSS, SSRF, IDOR, URL Parser Confusing) at Dreamhack#451
• easyxss (XSS, Hostname Bypass) at Dreamhack#273
• Environment Pollution (Prototype Pollution, Strtoupper) at Dreamhack#205

URLParserCon South Korea

NPM Researching 2022

• There are various flaws in many URL parsers. This flaw can lead to SSRF, XSS, and Open Redirect
• Have listed the various URL Parser modules of NPM. Found 0-Day in the parser and reported it.
• Earned 4170 USD through this project

Bug Bounty

NASA Bug Bounty

• Remote Code Execution in NASA (1-Day Exploit)
• Remote Code Execution in NASA (0-Day Exploit)

Microsoft Bug Bounty

• Just XSS Sanitizer flaw - VULN-064235

Dreamhack Bug Bounty 500 USD

• Leak all write ups via IDOR in dreamhack.io

CVE Hunting 4623.5 USD

• CVE-2021-3815, CVE-2021-3829, CVE-2021-3831 ~ CVE-2022-21649, CVE-2023-1117 (26+)

KVE Hunting 1600 USD

• KVE-2021-1229, KVE-2021-1276, KVE-2021-1416, KVE-2021-1417, KVE-2021-1456, KVE-2021-1462, KVE-2021-1464

NBB Hunting 1500 USD

• NBB-2081, NBB-2082, NBB-2083, NBB-2153, NBB-2256, NBB-2285, NBB-2286, NBB-2287, NBB-2292