메인 컨텐츠로 넘어가기

SeungHyun Kim

(+82) 10-5410-1572 sqrtrev@gmail.com vuln.live sqrtrev @sqrtrev

Skills

Programming Languages C/C++, C#, Python, PHP, SQL, Java, Javascript, x86/x64 Assembly, Bash, Golang Frameworks and tools Burp Suite, GDB, IDA Pro, Binary Ninja, MySQL, SQLite3, MongoDB, Flask, django, apache2, nginx, node.js, Linux The things that I can do Backend Web Development, Socket Programming, Reverse engineering/exploit development for x86, Windows API based Programming, Secure Coding, Penetration Testing

Education

Korea University Republic of Korea

BACHELOR AND MASTER’S DEGREE March, 2019 ‑

  • GPA 3.55 / 4.5

Experience

Korea University Republic of Korea

UNDERGRADUATE RESEARCHER August, 2020 ‑ January, 2021

  • Bug hunting from a computer hardware community which is named ”QuasarZone” and has over 200,000 users
  • Reported 0‑day vulnerability on Wordpress plugin and got assigned CVE‑2020‑23325

Stealien Republic of Korea

TEMPORARY RESEARCHER March, 2020 ‑ May, 2020

  • A Linux kernel analysis project from Stealien
  • We studied old version Linux kernel via books and analyzed ARM kernel structure in source code level

Pentest at public institution of Korea Republic of Korea

RED Team May, 2021 - May, 2021

  • Worked with NIS
  • Found some critical vulnerabilities

Pentest at N***** Republic of Korea

RED Team June, 2021 -

  • Worked with CYDF and School of Cybersecurity of Korea University
  • Found some critical vulnerabilities

Activity

Conference Speaker Republic of Korea

  • The Hacker Owl 2th - Topic: PHP output buffering analysis in php-src level

CTF Player (a.k.a hacking competition) International

CTF Challenge Author International

  • A web challenge (about abusing PHP execution timeline with Segmentation Fault and session.upload_progress.cleanup) at IJCTF 2021
  • Three web challenges (about Prototype Pollution + SQL Quine, DNS rebinding, pwn PHP via Zend module) at ASIS CTF 2020
  • Three challenges (about DOM Clobbering, blind regular expression injection, pwn custom C++ http server) at IJCTF CTF 2020
  • A web challenge (about XSS using SQL Injection with OUTFILE for bypassing CSP) at Belluminar 2019

0‑day research

  • SQL Injection at Wordpress Plugin / CVE‑2020‑23325
  • divide‑by‑zero (DoS) with Polaris Office / CVE‑2021‑27550
  • Reported 0‑day vulnerability of Windows explorer.exe to MSRC(Microsoft Security Response Center / VULN‑044164)
  • Head and Security Researcher at Lab of Pwning

Security Blog

  • Personal blog at vuln.live
  • I write about new techniques and CTF write ups normally.

Honors & Awards

2021 1st place, N1CTF 2021 (Prize: 1,000 USD) International
2nd place, TSG CTF 2021 (Prize: 213.37 USD) International
2nd place, CCE 2021 Prequal (General Section) Republic of Korea
Finalist, International Cybersecurity Challenge by ENISA (Member of the national team) International
2nd place, Whitehat Contest 2021 (General Section, Prize: 10,000 USD) Republic of Korea
3rd place, Samsung CTF 2021 (SSTF, Prize: Samsung Electronics (almost 1,000 USD)) International
Qualified for Final, XCTF Final International
1st place, CyBRICS CTF 2021 (Prize: 5,000 USD + XCTF Final Ticket) International
Qualified for Final, Google CTF 2021 International
1st place, redpwn CTF 2021 International
3rd place, WeCTF 2021 International
1st place, S4CTF 2021 International
1st place, Securinets CTF Prequal International
3rd place, LINE CTF (Prize: 2,000 USD) International
3rd place, Aero CTF International
1st place, Union CTF International
3rd place, UTCTF International
2nd place, TetCTF International
1st place, zer0pts CTF (Prize: 1,337 USD by Github Security Lab + 75 XTZ) International
6th place, DEFCON CTF 29 Final International
2020 1st place, HITCON CTF (Prize: 8,192 USD, DEFCON 29 Final Ticket) International
1st place, Dragon CTF (Prize: 2,000 USD) International
1st place, Balsn CTF (Prize: 30,000 TWD) International
Finalist, Cyber Operations Competition (General Seciton) Republic of Korea
Finalist, Codegate 2020 (University Section, USACykor) Republic of Korea
1st place, KipodAfterFree CTF (Prize: 1,024 USD) International
2nd place, pbctf (Prize: 200 USD + Binary Ninja License) International
3rd place, Tasteless CTF International
1st place, Poseidon CTF International
3rd place, hxpCTF International
2nd place, 3kCTF International
2nd place, NahamCon CTF (Prize: 250 USD) International
2016 Finalist, Codegate 2016 (Junior Section) International
2015 4th place, WhiteHat Contest 2015 (Junior Section, Final) Republic of Korea
Finalist, Codegate 2015 (Junior Section) International
Prize by Hauri, YISF 2015 Republic of Korea
2014 Finalist, Seucrity Olympiad Republic of Korea
Prize by Ahnlab, YISF 2014 Republic of Korea