Jeongwon Jo
Experience
RedAlert Republic of Korea
SECURITY RESEARCHER April, 2022 ‑ Present
- Research the security status of various search engine/web services
- Found 0-Day vulnerabilities in various CMS and NPM or desktop apps
██ ████████ Republic of Korea
BLUE Team November, 2021 - December, 2021
- Found various vulnerabilities in the ██ bank project
- Found various vulnerabilities in websites of various customers
██ ████████ Republic of Korea
BLUE Team August, 2021 - September, 2021
- Found various vulnerabilities in websites of various customers
Activity
CTF Player Republic of Korea/USA
Web Hacking April, 2021 - Present
Dreamhack Challenge Author Republic of Korea
- easyxss-v2 (XSS, SSRF, IDOR, URL Parser Confusing) at Dreamhack#451
- easyxss (XSS, Hostname Bypass) at Dreamhack#273
- Environment Pollution (Prototype Pollution, Strtoupper) at Dreamhack#205
URLParserCon Republic of Korea
- There are various flaws in many URL parsers. This flaw can lead to SSRF, XSS, and Open Redirect
- Have listed the various URL Parser modules of NPM. Found 0-Day in the parser and reported it.
- Earned 4170 USD through this project
Bug Bounty
NASA Bug Bounty USA
- Remote Code Execution in NASA (1-Day Exploit)
- Remote Code Execution in NASA (0-Day Exploit)
Microsoft Bug Bounty USA
- Just XSS Sanitizer flaw - VULN-064235
Dreamhack Bug Bounty Republic of Korea/500 USD
- Leak all write ups via IDOR in dreamhack.io
CVE Hunting International/4608.5 USD
- CVE-2021-3815, CVE-2021-3829, CVE-2021-3831 ~ CVE-2022-21649, CVE-2022-21650 (25+)
KVE Hunting Republic of Korea/1600 USD
- KVE-2021-1229, KVE-2021-1276, KVE-2021-1416, KVE-2021-1417, KVE-2021-1456, KVE-2021-1462, KVE-2021-1464
NBB Hunting Republic of Korea/1500 USD
- NBB-2081, NBB-2082, NBB-2083, NBB-2153, NBB-2256, NBB-2285, NBB-2286, NBB-2287, NBB-2292