Resume Profile

Hello, My Korean name is Siwoo Mun.
I'm security engineer at SAMSUNG SDS, mainly focus on web app exploitation.
I'm playing CTF as member of CodeRed, Aleph Infinite


Seoul, KR


Awards



  • ~ Present

  • 2020
    • 1st, m0leCon 2020 (team AlPray)
    • Finalist, 화이트햇 콘테스트 (team Uneducated People)
    • Finalist, 사이버 공격방어대회(CCE) Quals (team 흥부부대찌개)
    • Finalist, CONFidence CTF 2020 Teaser (team CodeRed)
    • Finalist, Midnight Sun CTF 2020 Quals (team CodeRed)
    • Finalist, 0CTF/TCTF 2020 Quals (team Heart Breaker)
    • Finalist, DEFCON CTF 28 (team StarBugs)

  • 2019
    • 1st , HolyShield CTF 2019 Junior (team HeungbuBudaeJjigae) - rewarded $1,000 USD
    • 1st , WhiteHat Contest 2019 Junior Final (team Uneducated people) - rewarded $5,000 USD
    • 1st , SUA CTF 3th (team BOB8TH_VULN_ANALYSIS)
    • 2nd , The Hacking Championship Junior 2019 (team HeungbuBudaeJjigae)
    • 3rd , Belluminar CTF 2019 (team Aleph Infinite)
    • 5th , ISITDTU CTF Final (team Aleph Infinite)
    • 5th , Timisoara CTF (team Munahnhae)
    • 9th , DEFCON CTF 27 Quals (team CGC)
    • 14th , PlaidCTF 2019 (team CGC)
    • Finalist, DEFCON CTF 27 (team CGC)
    • Finalist (5th), ISITDTU CTF Final (team Aleph Infinite)
    • Finalist (4th), Codegate CTF 2019 Junior (team munsiwoooooo)
    • Finalist (4th), 2019 DVP Global Blockchain CTF (team HeungbuBudaeJjigae) - rewarded $3,000 USD

  • 2018
    • 1st , 2018 CyberGuardians (team Layer7) - rewarded $5,000 USD
    • 2nd , Timisoara CTF, Romania (team NextLine) - rewarded $300 USD
    • 3rd , Harekaze CTF (team SeoulWesterns)
    • 3rd , 제 1회 KO-WORLD 해킹방어대회 (team phpandrust) - rewarded $1,000 USD
    • Finalist (13th), DEFCON CTF 26, Las Vegas (team C.G.K.S)
    • Finalist (8th), Cyber Conflict Exercise, Jeju (team 야몽클리닉/Red Team)
    • 은상, 2018 대한민국 육군해킹방어대회 (The Republic of Korea Army Attack and Defense Contest)

  • 2017
    • 1st , Christmas CTF 2017 (team 박광호 1인팀) - rewarded $800 USD
    • 3rd , Kookmin Univ & Ubuntu CTF 2017 (team 새싹보끔밥)
    • 4th , Neverland CTF 2017 (team gazoku - solo)
    • 8th , SECUINSIDE CTF Quals 2017 (team FHF)

Bug bounty

I'll be back with a legendary bugbounty record. just wait. (2022 ~ present)

  • 2021
    • HackerOne
      • Starbucks: rewarded $6,000 USD
      • Starbucks: rewarded $1,440 USD
      • Starbucks: rewarded $4,770 USD
    • Bugcamp
      • CISSP: rewarded $120 USD
    • GNUBOARD5

  • 2020
    • Bugcrowd
      • Atlassian: Jira Service Desk: rewarded $600 USD
      • Bitdefender: rewarded $300 USD
    • HackerOne
      • Starbucks: rewarded $1,500 USD
      • Steam(store.steampowered.com): rewarded $400 USD
      • Ford
    • Naver Bug Bounty Program
      • found 15+ vulns - rewarded $2,000 USD
    • Node.js NPM modules
      (NodeJS Module Vulnerability Automation Analysis, Best of the Best 8th)
      • CVE-2020-7719, CVE-2020-7700, CVE-2020-7702
      • CVE-2020-7717, CVE-2020-7715, CVE-2020-7716
      • CVE-2020-7707, CVE-2020-7721, CVE-2020-7701
      • CVE-2020-7724, CVE-2020-7727, CVE-2020-7718
      • CVE-2020-7725, CVE-2020-7722, CVE-2020-7703
      • CVE-2020-7704, CVE-2020-7714, CVE-2020-7706
      • CVE-2020-7723

  • 2019
    • HackerOne
      • μtorrent: Reflected XSS
      • afreecaTV: found 13+ vulns including SQL Injection
    • Naver Bug Bounty Program
      • found 8+ vulns: rewarded $1,200 USD
    • GNUBOARD5
      • SQL Injection (<=5.4.0.1) - 2019.09.08
      • XSS (<=5.4.0.1) - 2019.09.08
      • Authentication bypass (<=5.4.0.1) - 2019.09.08
    • DVP Bug Bounty
      • Gate.io: SQL Injection (DVP-2019-30029) - rewarded 4.5 ETH
      • Gate.io: DOM Based XSS (DVP-2019-30165, DVP-2019-30149) - rewarded 0.250 ETH

  • 2018
    • KISA Bug Bounty Program
      • NAVER: SQL Injection(KVE-2018-1301) - rewarded $1,000 USD

  • 2017
    • NAVER PER(Privacy Enhancement Reward)
      • found 25+ vulns (XSS, Open Redirect)

Education/Work Experience


  • K-Shield Junior, 멘토(Mentor)
    • Position: 멘토(Mentor)
    • Date: 2022.10 ~ 2022.12

  • RAON Whitehat, 핵심연구팀  
    • Position: Security Researcher
    • Date: 2021.09 ~ 2023.12
    • Task: 모의해킹, R&D

  • Best of the Best 8th, KITRI  
    • Position: Mentee (취약점분석트랙)
    • Date: 2019.07 ~ 2020.04
    • Detail: KITRI, BoB

  • CSSA IoTcube, Korea.Univ    
    • Task: Security vulnerability analysis in open source Blockchain project
    • Position: Internship
    • Date: 2018.07 ~ 2018.09
    • Detail: CSSAIoTcube

  • Sunrin Internet High School  
    • Position: Student (정보통신과)
    • Date: 2017.03 ~ 2020.02
    • Detail: sunrint.hs.kr


Speaker


  • CodeGate 2019 (First prize was awarded)    
    • Title: PHP Trick Trip
    • Content: PHP의 여러 보안 이슈와 취약점을 통해 웹 해킹 공격으로 이어질 수 있는 버그에 대해 다루며,
       Zend 엔진을 분석해본 경험을 토대로 버그가 발생하는 논리적 이유와 이를 분석했던 과정을 소개하는 발표
    • Date: 2019.03.27
    • Detail: 후기, 코드게이트 홈페이지, 발표자료(pdf)
    • Award: 발표 최우수상, 한국인터넷진흥원장상

  • 빗썸 청소년 사이버 보안 캠프, Bithumb    
    • Title: 쉽고 간단하게 배워보는 정보보안 Tip
    • Content: 개인정보가 유출될 수 있는 여러 상황을 예를들며 이를 사전에 예방하는 방법을 소개하는 발표
    • Date: 2018.11.23
    • Detail: 인터넷 기사, 빗썸 홈페이지

  • HackingCamp 18, PoC Security    
    • Title: Security option bypass 101
    • Content: PHP의 open_basedir, disable_functions 옵션을 우회하는 여러 방법에 대해 소개하는 발표
    • Date: 2018.09.02
    • Detail: 해킹캠프 홈페이지

Organizer


  • 2019
    • 2019 Belluminar CTF 문제 출제
    • 2019 Christmas CTF (사이트 개발, 문제 출제, 운영) - @munsiwoo/christmas-ctf-platform
    • 2019 Layer7 CTF (사이트 개발, 운영)
    • 2019 선린인터넷고등학교 고등해커 (예선/본선 운영, 사이트 개발, 문제 출제)
    • 2019 선린인터넷고등학교 교내해킹방어대회 (문제 출제- Github)

  • 2018
    • 2018 선린인터넷고등학교 고등해커 (예선/본선 운영, 사이트 구현, 문제 출제)
    • 2018 선린인터넷고등학교 교내해킹방어대회 (운영, 문제 출제)
    • PoC Security HackingCamp18 CTF (문제 출제 - Github)
    • 2018 Layer7 CTF (대회 운영, 문제 출제, Github)
    • 2018 H3X0R CTF (문제 출제 - Github)

  • 2017
    • 2017 PoC Security Belluminar CTF (대회 참가, 문제 출제, Github)
    • 2017 PoC Security Power of XX (문제 출제, Github)
    • 2017 Layer7 CTF (대회 운영, 문제 출제, Github)
    • 2017 H3X0R CTF (대회 운영, 문제 출제)

Projects


  • 2019
    • PHP CTF Platform, GitHub
    • Automatic Analysis for Node.js Modules, (Best of the best 8th / NerdJS)
    • PHP Trick Trip, (Presented at the codegate 2019, GitHub)
    • Munfoozer, Dynamic XSS fuzzer

  • 2018
    • Simple MVC Framework in PHP, GitHub

Contact me at [email protected]
© Siwoo Mun. All Rights Reserved