munsiwoo.kr

Who am I

My name is Siwoo Mun (a.k.a munsiwoo, munswings)
I'm web application bug hunter, studying programming and security engineering.
I'm playing in the CTF as a member of team CodeRed and Aleph Infinite 🤭

DEFCON CTF 26 Finalist ☠ (team C.G.K.S)
DEFCON CTF 27 Finalist ☠ (team CGC)
DEFCON CTF 28 Finalist ☠ (team CandySweetGuys)

Achievement

2020
- 9th , CONFidence CTF 2020 Teaser (team CodeRed)
- 10th , Midnight Sun CTF 2020 Quals (team CodeRed)
- Finalist (11th), DEFCON CTF 28 (team CandySweetGuys)

2019
- 1st , HolyShield CTF 2019 Junior (team HeungbuBudaeJjigae) - reward $1,000
- 1st , WhiteHat Contest 2019 Junior Final (team Uneducated people) - reward $5,000
- 1st , SUA CTF (team BOB8TH_VULN_ANALYSIS)
- 2nd , The Hacking Championship Junior 2019 (team HeungbuBudaeJjigae)
- 3rd , Belluminar CTF 2019 (team Aleph Infinite)
- 5th , ISITDTU CTF Final (team Aleph Infinite)
- 5th , Timisoara CTF (team Munahnhae)
- 9th , DEFCON CTF 27 Quals (team CGC)
- 14th , PlaidCTF 2019 (team CGC)
- Finalist, DEFCON CTF 27, Las Vegas/Play remotely (team CGC)
- Finalist (5th), ISITDTU CTF Final (team Aleph Infinite)
- Finalist (4th), Codegate CTF 2019 Junior (username munsiwoooooo)
- Finalist (4th), 2019 DVP Global Blockchain CTF (team HeungbuBudaeJjigae) - reward $3,000

2018
- 1st , 2018 CyberGuardians (team Layer7) - reward $5,000
- 2nd , Timisoara CTF, Romania (team NextLine) - reward $300
- 3rd , Harekaze CTF (team SeoulWesterns)
- 3rd , 제 1회 KO-WORLD 해킹방어대회 (team phpandrust) - reward $1,000
- Finalist (13th), DEFCON CTF 26, Las Vegas (team C.G.K.S)
- Finalist (8th), Cyber Conflict Exercise, Jeju (team 야몽클리닉/Red Team)
- Excellence Prize, 2018 대한민국 육군해킹방어대회 (The Republic of Korea Army Attack and Defense Contest)

2017
- 1st , Christmas CTF 2017 (team 박광호 1인팀) - reward $800
- 3rd , Kookmin Univ & Ubuntu CTF 2017 (team 새싹보끔밥)
- 4th , Neverland CTF 2017 (team gazoku - solo)
- 8th , SECUINSIDE CTF Quals 2017 (team FHF)

Internship, Educated

Sunrin Internet High School
- Position : Student
- Date : 2017.03 ~ 2020.02
- Details : sunrint.hs.kr

CSSA IoTcube, Korea.Univ
- Task : Security Vulnerability Analysis in Block-chain Open Source Project
- Date : 2018.07 ~ 2018.09
- Details : CSSA, IoTcube

Best of the Best 8th, KITRI
- Position : Mentee
- Date : 2019.07 ~ 2020.04
- Details : KITRI, BoB

Speaker

HackingCamp 18, PoC Security
- Title : Security option bypass 101
- Content : PHP의 open_basedir, disable_functions 옵션을 우회할 수 있는 여러 방법을 소개한다.
- Date : 2018.09.02
- Detail : HackingCamp

빗썸 청소년 사이버 보안 캠프, Bithumb
- Title : 쉽고 간단하게 배워보는 정보보안 Tip
- Content : 중학생 대상으로 개인정보가 유출될 수 있는 여러가지 상황을 소개하고 이를 예방할 수 있는 예방법을 알려준다.
- Date : 2018.11.23
- Detail : Internet article, Bithumb

CodeGate 2019 (First prize was awarded)
- Title : PHP Trick Trip
- Content : PHP Trick Trip이라는 주제를 가지고 PHP의 여러 이슈, 버그에 대해 다룬다.
  PHP 인터프리터(Zend Engine) 소스코드 오디팅을 통해 트릭이 발생하는 이유를 논리적으로 분석해보고
  이를 분석하기 위한 준비 과정과 시행착오 등의 분석 기행기를 소개한다.
- Date : 2019.03.27
- Detail : Blog, CodeGate, PDF
- Award : 한국인터넷진흥원장상 (발표 우수상)

Organizer

2019
- 2019 Christmas CTF (사이트 개발, 문제 출제, 운영) - @munsiwoo/christmas-ctf-platform
- 2019 Layer7 CTF (사이트 개발, 운영)
- 2019 선린인터넷고등학교 고등해커 (예선/본선 운영, 사이트 개발, 문제 출제)
- 2019 선린인터넷고등학교 교내해킹방어대회 (문제 출제- Github)

2018
- 2018 선린인터넷고등학교 고등해커 (예선/본선 운영, 사이트 구현, 문제 출제)
- 2018 선린인터넷고등학교 교내해킹방어대회 (운영, 문제 출제)
- PoC Security HackingCamp18 CTF (문제 출제 - Github)
- 2018 Layer7 CTF (대회 운영, 문제 출제, Github)
- 2018 H3X0R CTF (문제 출제 - Github)

2017
- 2017 PoC Security Belluminar CTF (대회 참가, 문제 출제, Github)
- 2017 PoC Security Power of XX (문제 출제, Github)
- 2017 Layer7 CTF (대회 운영, 문제 출제, Github)
- 2017 H3X0R CTF (대회 운영, 문제 출제)

Projects

2019
- Automatic Analysis for Node.js Modules (BoB Project)
- PHP Trick Trip (Presented at the codegate 2019, Github)
- Nully fuzzer - Dynamic reflected xss fuzzer
- Mun Template - Simple PHP Template engine (Github)

2018
- PHP CTF Framework (used in Layer7 CTF 2018, Sunrin High School Hacker CTF 2018)
- Simple MVC Framework in PHP (Github)
- Simple directory search tools with multi-threading (Github)

Bug bounty

2019
- HackerOne Directory
  - μTorrent(utorrent.com) : [censored] - External Program
  - AfreecaTV(afreecatv.com) : found 13+ vulns including SQL Injection - External Program
- Naver Bug Bounty Program
  - found 8+ vulns (XSS) - reward $1,200
- GNUBOARD5 (sir.kr)
  - SQL Injection (<=5.4.0.1) - 2019.09.08
  - XSS (<=5.4.0.1) - 2019.09.08
  - Authentication bypass (<=5.4.0.1)
- DVP Bug Bounty (dvpnet.io)
  - DVP-2019-30029 : Gateio SQL Injection - reward 1.2k$
  - DVP-2019-30165, DVP-2019-30149 : Gateio XSS (found 2 vulns) - reward 0.250 ETH

2018
- KISA Bug Bounty Program
  - NAVER - SQL Injection (KVE-2018-1301) - reward $1,000

2017
- NAVER PER(Privacy Enhancement Reward)
  - found 25+ vulns (XSS, Open Redirect)

Harrison Mun

Who am I

Achievement

Internship, Educated

Speaker

Organizer

Projects

Bug bounty

Github

Facebook

Blog