Resume

Who am I

Hello, my name is Siwoo Mun (a.k.a munsiwoo)
I'm security researcher, mainly focus on web application security.
I'm playing CTF as member of a CodeRed and Aleph Infinite ๐Ÿท

Seoul, KR
+82-10-3629-3625
mun.xiwoo@gmail.com

Achievement


  • 2020
    • 9th , CONFidence CTF 2020 Teaser (team CodeRed)
    • 10th , Midnight Sun CTF 2020 Quals (team CodeRed)
    • 10th , 0CTF/TCTF 2020 Quals (team Heart Breaker)
    • Finalist (11th), DEFCON CTF 28 โ˜  (team CandySweetGuys)

  • 2019
    • 1st , HolyShield CTF 2019 Junior (team HeungbuBudaeJjigae) - reward $ 1k
    • 1st , WhiteHat Contest 2019 Junior Final (team Uneducated people) - reward $ 5k
    • 1st , SUA CTF (team BOB8TH_VULN_ANALYSIS)
    • 2nd , The Hacking Championship Junior 2019 (team HeungbuBudaeJjigae)
    • 3rd , Belluminar CTF 2019 (team Aleph Infinite)
    • 5th , ISITDTU CTF Final (team Aleph Infinite)
    • 5th , Timisoara CTF (team Munahnhae)
    • 9th , DEFCON CTF 27 Quals (team CGC)
    • 14th , PlaidCTF 2019 (team CGC)
    • Finalist, DEFCON CTF 27 โ˜  (team CGC)
    • Finalist (5th), ISITDTU CTF Final (team Aleph Infinite)
    • Finalist (4th), Codegate CTF 2019 Junior (username munsiwoooooo)
    • Finalist (4th), 2019 DVP Global Blockchain CTF (team HeungbuBudaeJjigae) - reward $ 3k

  • 2018
    • 1st , 2018 CyberGuardians (team Layer7) - reward $ 5k
    • 2nd , Timisoara CTF, Romania (team NextLine) - reward $ 300
    • 3rd , Harekaze CTF (team SeoulWesterns)
    • 3rd , ์ œ 1ํšŒ KO-WORLD ํ•ดํ‚น๋ฐฉ์–ด๋Œ€ํšŒ (team phpandrust) - reward $ 1k
    • Finalist (13th), DEFCON CTF 26, Las Vegas โ˜  (team C.G.K.S)
    • Finalist (8th), Cyber Conflict Exercise, Jeju (team ์•ผ๋ชฝํด๋ฆฌ๋‹‰/Red Team)
    • Excellence Prize, 2018 ๋Œ€ํ•œ๋ฏผ๊ตญ ์œก๊ตฐํ•ดํ‚น๋ฐฉ์–ด๋Œ€ํšŒ (The Republic of Korea Army Attack and Defense Contest)

  • 2017
    • 1st , Christmas CTF 2017 (team ๋ฐ•๊ด‘ํ˜ธ 1์ธํŒ€) - reward $ 800
    • 3rd , Kookmin Univ & Ubuntu CTF 2017 (team ์ƒˆ์‹น๋ณด๋”๋ฐฅ)
    • 4th , Neverland CTF 2017 (team gazoku - solo)
    • 8th , SECUINSIDE CTF Quals 2017 (team FHF)

Bug bounty


  • 2020

  • 2019
    • HackerOne
      • ฮผtorrent(utorrent.com) : [censored] - external program
      • afreecatv(afreecatv.com) : found 13+ vulns including SQL Injection - external program
    • Naver Bug Bounty Program
      • found 8+ vulns (XSS) - reward $ 1.2k
    • GNUBOARD5 (sir.kr)
      • SQL Injection (<=5.4.0.1) - 2019.09.08
      • XSS (<=5.4.0.1) - 2019.09.08
      • Authentication bypass (<=5.4.0.1)
    • DVP Bug Bounty (dvpnet.io)
      • DVP-2019-30029 : Gateio SQL Injection - reward $ 1.2k
      • DVP-2019-30165, DVP-2019-30149 : Gateio XSS (found 2 vulns) - reward 0.250 ETH

  • 2018
    • KISA Bug Bounty Program
      • NAVER - SQL Injection (KVE-2018-1301) - reward $ 1k

  • 2017
    • NAVER PER(Privacy Enhancement Reward)
      • found 25+ vulns (XSS, Open Redirect)

Internship,  Educated


  • Sunrin Internet High School  
    • Position : Student
    • Date : 2017.03 ~ 2020.02
    • Details : sunrint.hs.kr

  • CSSA IoTcube, Korea.Univ    
    • Task : Security Vulnerability Analysis in Block-chain Open Source Project
    • Date : 2018.07 ~ 2018.09
    • Details : CSSAIoTcube

  • Best of the Best 8th, KITRI  
    • Position : Mentee
    • Date : 2019.07 ~ 2020.04
    • Details : KITRI, BoB

Speaker


  • HackingCamp 18, PoC Security    

  • ๋น—์ธ ์ฒญ์†Œ๋…„ ์‚ฌ์ด๋ฒ„ ๋ณด์•ˆ ์บ ํ”„, Bithumb    
    • Title : ์‰ฝ๊ณ  ๊ฐ„๋‹จํ•˜๊ฒŒ ๋ฐฐ์›Œ๋ณด๋Š” ์ •๋ณด๋ณด์•ˆ Tip
    • Content : ๊ฐœ์ธ์ •๋ณด๊ฐ€ ์œ ์ถœ๋  ์ˆ˜ ์žˆ๋Š” ์—ฌ๋Ÿฌ ์ƒํ™ฉ์„ ์˜ˆ๋ฅผ๋“ค๋ฉฐ ์ด๋ฅผ ์‚ฌ์ „์— ์˜ˆ๋ฐฉํ•˜๋Š” ๋ฐฉ๋ฒ•์„ ์†Œ๊ฐœ
    • Date : 2018.11.23
    • Detail : ์ธํ„ฐ๋„ท ๊ธฐ์‚ฌ, ๋น—์ธ ํ™ˆํŽ˜์ด์ง€

  • CodeGate 2019 (First prize was awarded)    
    • Title : PHP Trick Trip
    • Content : PHP์˜ ์—ฌ๋Ÿฌ ์ด์Šˆ์™€ ์ทจ์•ฝ์ ์œผ๋กœ ์—ฐ๊ณ„ํ•  ์ˆ˜ ์žˆ๋Š” ๋ฒ„๊ทธ์— ๋Œ€ํ•ด ๋‹ค๋ฃจ๋ฉฐ,
       Zend ์—”์ง„ ์†Œ์Šค ๋ถ„์„์„ ํ†ตํ•ด ๋ฒ„๊ทธ๊ฐ€ ๋ฐœ์ƒํ•˜๋Š” ์ด์œ ์™€ ์ด๋ฅผ ๋ถ„์„ํ–ˆ๋˜ ๊ณผ์ •์„ ์†Œ๊ฐœ
    • Date : 2019.03.27
    • Detail : ํ›„๊ธฐ, ์ฝ”๋“œ๊ฒŒ์ดํŠธ ํ™ˆํŽ˜์ด์ง€, ๋ฐœํ‘œ์ž๋ฃŒ(pdf)
    • Award : ํ•œ๊ตญ์ธํ„ฐ๋„ท์ง„ํฅ์›์žฅ์ƒ (๋ฐœํ‘œ ์ตœ์šฐ์ˆ˜์ƒ)

Organizer


  • 2019
    • 2019 Belluminar CTF ๋ฌธ์ œ ์ถœ์ œ
    • 2019 Christmas CTF (์‚ฌ์ดํŠธ ๊ฐœ๋ฐœ, ๋ฌธ์ œ ์ถœ์ œ, ์šด์˜) - @munsiwoo/christmas-ctf-platform
    • 2019 Layer7 CTF (์‚ฌ์ดํŠธ ๊ฐœ๋ฐœ, ์šด์˜)
    • 2019 ์„ ๋ฆฐ์ธํ„ฐ๋„ท๊ณ ๋“ฑํ•™๊ต ๊ณ ๋“ฑํ•ด์ปค (์˜ˆ์„ /๋ณธ์„  ์šด์˜, ์‚ฌ์ดํŠธ ๊ฐœ๋ฐœ, ๋ฌธ์ œ ์ถœ์ œ)
    • 2019 ์„ ๋ฆฐ์ธํ„ฐ๋„ท๊ณ ๋“ฑํ•™๊ต ๊ต๋‚ดํ•ดํ‚น๋ฐฉ์–ด๋Œ€ํšŒ (๋ฌธ์ œ ์ถœ์ œ- Github)

  • 2018
    • 2018 ์„ ๋ฆฐ์ธํ„ฐ๋„ท๊ณ ๋“ฑํ•™๊ต ๊ณ ๋“ฑํ•ด์ปค (์˜ˆ์„ /๋ณธ์„  ์šด์˜, ์‚ฌ์ดํŠธ ๊ตฌํ˜„, ๋ฌธ์ œ ์ถœ์ œ)
    • 2018 ์„ ๋ฆฐ์ธํ„ฐ๋„ท๊ณ ๋“ฑํ•™๊ต ๊ต๋‚ดํ•ดํ‚น๋ฐฉ์–ด๋Œ€ํšŒ (์šด์˜, ๋ฌธ์ œ ์ถœ์ œ)
    • PoC Security HackingCamp18 CTF (๋ฌธ์ œ ์ถœ์ œ - Github)
    • 2018 Layer7 CTF (๋Œ€ํšŒ ์šด์˜, ๋ฌธ์ œ ์ถœ์ œ, Github)
    • 2018 H3X0R CTF (๋ฌธ์ œ ์ถœ์ œ - Github)

  • 2017
    • 2017 PoC Security Belluminar CTF (๋Œ€ํšŒ ์ฐธ๊ฐ€, ๋ฌธ์ œ ์ถœ์ œ, Github)
    • 2017 PoC Security Power of XX (๋ฌธ์ œ ์ถœ์ œ, Github)
    • 2017 Layer7 CTF (๋Œ€ํšŒ ์šด์˜, ๋ฌธ์ œ ์ถœ์ œ, Github)
    • 2017 H3X0R CTF (๋Œ€ํšŒ ์šด์˜, ๋ฌธ์ œ ์ถœ์ œ)

Projects


  • 2019
    • CTF Platform - GitHub
    • Automatic Analysis for Node.js Modules (BoB Project)
    • PHP Trick Trip (Presented at the codegate 2019, GitHub)
    • Nully fuzzer - Dynamic reflected xss fuzzer

  • 2018
    • PHP CTF Framework (used in Layer7 CTF 2018, Sunrin High School Hacker CTF 2018)
    • Simple MVC Framework in PHP (GitHub)
    • Simple directory search tools with multi-threading (GitHub)

GitHub

@munsiwoo

Facebook

fb.com/munsiwoo

Blog

blog.munsiwoo.kr

Contact me at mun.xiwoo@gmail.com
ยฉ Siwoo Mun. All Rights Reserved