Who am I

My name is Siwoo Mun (a.k.a munsiwoo, munsiu)
I'm South Korean student, studying programming and security engineering.
I'm doing CTF activities on a team CodeRed and I like offensive security research mainly in web application. 🤗

• DEFCON CTF 26 Finalist ☠ (Team C.G.K.S)
• DEFCON CTF 27 Finalist ☠ (Team CGC)

Achievement

• 2019
  • 1st , SUA CTF (team BOB8TH_VULN_ANALYSIS)
  • 4th , ISITDTU CTF Quals (team Aleph infinite)
  • 9th , DEFCON CTF 27 Quals (team CGC)
  • 14th , PlaidCTF 2019 (team CGC)
  • Finalist, WhiteHat Contest 2019 Junior (team Uneducated people)
  • Finalist, DEFCON CTF 27, Las Vegas/Play remotely (team CGC)
  • Finalist (5th), ISITDTU CTF Final (team Aleph infinite)
  • Finalist (4th), Codegate CTF 2019 Junior (team munsiwoooooo)


• 2018
  • 1st , 2018 CyberGuardians (team Layer7) - 5,000 USD
  • 2nd , Timisoara CTF, Romania (team NextLine) - 300 USD
  • 3rd , Harekaze CTF (team SeoulWesterns)
  • 3rd , 제 1회 KO-WORLD 해킹방어대회 (team phpandrust) - 1,000 USD
  • Finalist (13th), DEFCON CTF 26, Las Vegas (team C.G.K.S)
  • Finalist (8th), Cyber Conflict Exercise, Jeju (team 야몽클리닉/Red Team)
  • 은상, 2018 대한민국 육군해킹방어대회 (Army hacking defense contest)


• 2017
  • 1st , Christmas CTF 2017 (team 박광호 1인팀) - 800 USD
  • 3rd , Kookmin Univ & Ubuntu CTF 2017 (team 새싹보끔밥)
  • 4th , Neverland CTF 2017 (team gazoku - solo)
  • 8th , SECUINSIDE CTF Quals 2017 (team FHF)

Internship,  Educated

• Sunrin Internet High School  
  • Position : Student
  • Date : 2017.03 ~ 2020.02
  • Details : sunrint.hs.kr


• CSSA IoTcube, Korea.Univ    
  • Task : Security Vulnerability Analysis in Block-chain Open Source Project
  • Date : 2018.07 ~ 2018.09
  • Details : CSSA, IoTcube


• Best of the Best 8th, KITRI  
  • Position : Student
  • Date : 2019.07 ~ 2020.04
  • Details : KITRI, BoB

Speaker

• HackingCamp 18, PoC Security    
  • Title : Security option bypass 101
  • Content : PHP 보안 옵션인 open_basedir, disable_functions 옵션을 우회할 수 있는 여러 방법을 소개한다.
  • Date : 2018.09.02
  • Detail : HackingCamp

• 빗썸 청소년 사이버 보안 캠프, Bithumb    
  • Title : 쉽고 간단하게 배워보는 정보보안 Tip
  • Content : 개인정보가 유출될 수 있는 여러가지 상황을 소개하고 이를 예방할 수 있는 예방법을 알려준다.
  • Date : 2018.11.23
  • Detail : Internet article, Bithumb

• CodeGate 2019 (First prize was awarded)    
  • Title : PHP Trick Trip
  • Content : PHP Trick Trip이라는 주제를 가지고 PHP의 여러 이슈, 버그에 대해 다룬다.
     PHP 인터프리터(Zend Engine) 소스코드 오디팅을 통해 트릭이 발생하는 이유를 논리적으로 분석해보고
     이를 분석하기 위한 준비 과정과 시행착오 등의 분석 기행기를 소개한다.
  • Date : 2019.03.27
  • Detail : Blog post, CodeGate, PDF
  • Award : 한국인터넷진흥원장상

Organizer

• 2019
  • 2019 선린인터넷고등학교 교내해킹방어대회 (문제 출제- Github)


• 2018
  • 2018 선린인터넷고등학교 고등해커 (예선/본선 운영, 문제 출제)
  • 2018 선린인터넷고등학교 교내해킹방어대회 (운영, 문제 출제)
  • PoC Security HackingCamp18 CTF (문제 출제 - Github)
  • 2018 Layer7 CTF (대회 운영, 문제 출제, Github)
  • 2018 H3X0R CTF (문제 출제 - Github)


• 2017
  • 2017 PoC Security Belluminar CTF (대회 참가, 문제 출제, Github)
  • 2017 PoC Security Power of XX (문제 출제, Github)
  • 2017 Layer7 CTF (대회 운영, 문제 출제, Github)
  • 2017 H3X0R CTF (대회 운영, 문제 출제)

Projects

• 2019
  • PHP Trick Trip (Presented at the codegate 2019, Github)
  • Nully fuzzer - Selenium based reflected xss dynamic fuzzer (Private)


• 2018
  • PHP CTF Framework (used in Layer7 CTF 2018, Sunrin High School Hacker CTF 2018)
  • Simple MVC Framework in PHP (Github)
  • Simple directory search tools with multi-threading (Github)

Bug bounty

• 2019
  • HackerOne Directory
    • utorrent.com : [censored] - External Program
    • AfreecaTV(afreecatv.com) : found 13+ vulns including SQLi - External Program
  • Naver Bug Bounty Program
    • found 7+ vulns (XSS)


• 2018
  • KISA Bug Bounty Program
    • NAVER - SQL Injection (KVE-2018-1301) : 1,000 USD


• 2017
  • NAVER PER(Privacy Enhancement Reward)
    • found 25+ vulns (XSS, Open Redirect)