Resume Profile

Hello, my name is Siwoo Mun.
I'm security researcher at RAON Whitehat, mainly focus on web app exploitation.
I'm playing CTF as member of CodeRed.



Achievement/Awards



  • ~ present
    • 3rd, 2022 Whitehat Contest Final (team 오리고기파티)
    • 2nd, Hayyim CTF 2022 (team Yamong Clinic)
    • 3rd, DEFCON CTF 30 Final, Las Vegas (team StarBugs)
    • 4th, WACON CTF 2022 Quals(team 팀 평균연령42세)
    • 4th, DEFCON CTF 29 Final (team StarBugs)
    • 5th, SECCON CTF 2022 Final, Tokyo (team Cha shu)
    • Finalist, Cyber Conflict Exercise 2022

  • 2020
    • 1st, m0leCon 2020 (team AlPray)
    • Finalist, 화이트햇 콘테스트 (team Uneducated People)
    • Finalist, 사이버 공격방어대회(CCE) Quals (team 흥부부대찌개)
    • Finalist, CONFidence CTF 2020 Teaser (team CodeRed)
    • Finalist, Midnight Sun CTF 2020 Quals (team CodeRed)
    • Finalist, 0CTF/TCTF 2020 Quals (team Heart Breaker)
    • Finalist, DEFCON CTF 28 (team StarBugs)

  • 2019
    • 1st , HolyShield CTF 2019 Junior (team HeungbuBudaeJjigae) - rewarded $1,000 USD
    • 1st , WhiteHat Contest 2019 Junior Final (team Uneducated people) - rewarded $5,000 USD
    • 1st , SUA CTF 3th (team BOB8TH_VULN_ANALYSIS)
    • 2nd , The Hacking Championship Junior 2019 (team HeungbuBudaeJjigae)
    • 3rd , Belluminar CTF 2019 (team Aleph Infinite)
    • 5th , ISITDTU CTF Final (team Aleph Infinite)
    • 5th , Timisoara CTF (team Munahnhae)
    • 9th , DEFCON CTF 27 Quals (team CGC)
    • 14th , PlaidCTF 2019 (team CGC)
    • Finalist, DEFCON CTF 27 (team CGC)
    • Finalist (5th), ISITDTU CTF Final (team Aleph Infinite)
    • Finalist (4th), Codegate CTF 2019 Junior (team munsiwoooooo)
    • Finalist (4th), 2019 DVP Global Blockchain CTF (team HeungbuBudaeJjigae) - rewarded $3,000 USD

  • 2018
    • 1st , 2018 CyberGuardians (team Layer7) - rewarded $5,000 USD
    • 2nd , Timisoara CTF, Romania (team NextLine) - rewarded $300 USD
    • 3rd , Harekaze CTF (team SeoulWesterns)
    • 3rd , 제 1회 KO-WORLD 해킹방어대회 (team phpandrust) - rewarded $1,000 USD
    • Finalist (13th), DEFCON CTF 26, Las Vegas (team C.G.K.S)
    • Finalist (8th), Cyber Conflict Exercise, Jeju (team 야몽클리닉/Red Team)
    • 은상, 2018 대한민국 육군해킹방어대회 (The Republic of Korea Army Attack and Defense Contest)

  • 2017
    • 1st , Christmas CTF 2017 (team 박광호 1인팀) - rewarded $800 USD
    • 3rd , Kookmin Univ & Ubuntu CTF 2017 (team 새싹보끔밥)
    • 4th , Neverland CTF 2017 (team gazoku - solo)
    • 8th , SECUINSIDE CTF Quals 2017 (team FHF)

Bug bounty

I'll be back with a legendary bugbounty record. just wait. (2022 ~ present)

  • 2021
    • HackerOne
      • Starbucks: rewarded $6,000 USD
      • Starbucks: rewarded $1,440 USD
      • Starbucks: rewarded $4,770 USD
    • Bugcamp
      • CISSP: rewarded $120 USD
    • GNUBOARD5

  • 2020
    • Bugcrowd
      • Atlassian: Jira Service Desk: rewarded $600 USD
      • Bitdefender: rewarded $300 USD
    • HackerOne
      • Starbucks: rewarded $1,500 USD
      • Steam(store.steampowered.com): rewarded $400 USD
      • Ford
    • Naver Bug Bounty Program
      • found 15+ vulns - rewarded $2,000 USD
    • Node.js NPM modules
      (NodeJS Module Vulnerability Automation Analysis, Best of the Best 8th)
      • CVE-2020-7719, CVE-2020-7700, CVE-2020-7702
      • CVE-2020-7717, CVE-2020-7715, CVE-2020-7716
      • CVE-2020-7707, CVE-2020-7721, CVE-2020-7701
      • CVE-2020-7724, CVE-2020-7727, CVE-2020-7718
      • CVE-2020-7725, CVE-2020-7722, CVE-2020-7703
      • CVE-2020-7704, CVE-2020-7714, CVE-2020-7706
      • CVE-2020-7723

  • 2019
    • HackerOne
      • μtorrent: Reflected XSS
      • afreecaTV: found 13+ vulns including SQL Injection
    • Naver Bug Bounty Program
      • found 8+ vulns: rewarded $1,200 USD
    • GNUBOARD5
      • SQL Injection (<=5.4.0.1) - 2019.09.08
      • XSS (<=5.4.0.1) - 2019.09.08
      • Authentication bypass (<=5.4.0.1) - 2019.09.08
    • DVP Bug Bounty
      • Gate.io: SQL Injection (DVP-2019-30029) - rewarded 4.5 ETH
      • Gate.io: DOM Based XSS (DVP-2019-30165, DVP-2019-30149) - rewarded 0.250 ETH

  • 2018
    • KISA Bug Bounty Program
      • NAVER: SQL Injection(KVE-2018-1301) - rewarded $1,000 USD

  • 2017
    • NAVER PER(Privacy Enhancement Reward)
      • found 25+ vulns (XSS, Open Redirect)

Education/Work Experience


  • K-Shield Junior, 멘토(Mentor)
    • Position: 멘토(Mentor)
    • Date: 2022.10 ~ 2022.12

  • RaonWhitehat, 핵심연구팀  
    • Position: Security Researcher
    • Date: 2021.09 ~ present
    • Task: 모의해킹, R&D

  • Best of the Best 8th, KITRI  
    • Position: Mentee (취약점분석트랙)
    • Date: 2019.07 ~ 2020.04
    • Detail: KITRI, BoB

  • CSSA IoTcube, Korea.Univ    
    • Task: Security vulnerability analysis in open source Blockchain project
    • Position: Internship
    • Date: 2018.07 ~ 2018.09
    • Detail: CSSAIoTcube

  • Sunrin Internet High School  
    • Position: Student (정보통신과)
    • Date: 2017.03 ~ 2020.02
    • Detail: sunrint.hs.kr


Speaker


  • CodeGate 2019 (First prize was awarded)    
    • Title: PHP Trick Trip
    • Content: PHP의 여러 보안 이슈와 취약점을 통해 웹 해킹 공격으로 이어질 수 있는 버그에 대해 다루며,
       Zend 엔진을 분석해본 경험을 토대로 버그가 발생하는 논리적 이유와 이를 분석했던 과정을 소개하는 발표
    • Date: 2019.03.27
    • Detail: 후기, 코드게이트 홈페이지, 발표자료(pdf)
    • Award: 발표 최우수상, 한국인터넷진흥원장상

  • 빗썸 청소년 사이버 보안 캠프, Bithumb    
    • Title: 쉽고 간단하게 배워보는 정보보안 Tip
    • Content: 개인정보가 유출될 수 있는 여러 상황을 예를들며 이를 사전에 예방하는 방법을 소개하는 발표
    • Date: 2018.11.23
    • Detail: 인터넷 기사, 빗썸 홈페이지

  • HackingCamp 18, PoC Security    
    • Title: Security option bypass 101
    • Content: PHP의 open_basedir, disable_functions 옵션을 우회하는 여러 방법에 대해 소개하는 발표
    • Date: 2018.09.02
    • Detail: 해킹캠프 홈페이지

Organizer


  • 2019
    • 2019 Belluminar CTF 문제 출제
    • 2019 Christmas CTF (사이트 개발, 문제 출제, 운영) - @munsiwoo/christmas-ctf-platform
    • 2019 Layer7 CTF (사이트 개발, 운영)
    • 2019 선린인터넷고등학교 고등해커 (예선/본선 운영, 사이트 개발, 문제 출제)
    • 2019 선린인터넷고등학교 교내해킹방어대회 (문제 출제- Github)

  • 2018
    • 2018 선린인터넷고등학교 고등해커 (예선/본선 운영, 사이트 구현, 문제 출제)
    • 2018 선린인터넷고등학교 교내해킹방어대회 (운영, 문제 출제)
    • PoC Security HackingCamp18 CTF (문제 출제 - Github)
    • 2018 Layer7 CTF (대회 운영, 문제 출제, Github)
    • 2018 H3X0R CTF (문제 출제 - Github)

  • 2017
    • 2017 PoC Security Belluminar CTF (대회 참가, 문제 출제, Github)
    • 2017 PoC Security Power of XX (문제 출제, Github)
    • 2017 Layer7 CTF (대회 운영, 문제 출제, Github)
    • 2017 H3X0R CTF (대회 운영, 문제 출제)

Projects


  • 2020 ~ present
    • 2022, ██은행 모의해킹 및 보안 컨설팅
    • 2022, (주)██프레소: 모바일 앱 모의해킹 및 보안 컨설팅
    • 2021, ██발전 모의해킹 및 보안 컨설팅, (주)파이오링크
    • 2021,██전력 모의해킹 및 보안 컨설팅, (주)파이오링크
    • 2021, ██청 모의해킹 및 보안 컨설팅, (주)파이오링크
    • 2021, ██시 모의해킹 및 보안 컨설팅, (주)파이오링크
    • 2020, (주)테스트OO 보안 컨설팅

  • 2019
    • PHP CTF Platform, GitHub
    • Automatic Analysis for Node.js Modules, (Best of the best 8th / NerdJS)
    • PHP Trick Trip, (Presented at the codegate 2019, GitHub)
    • Munfoozer, Dynamic XSS fuzzer

  • 2018
    • Simple MVC Framework in PHP, GitHub

Contact me at mun.xiwoo@gmail.com
© Siwoo Mun. All Rights Reserved