munsiwoo.kr

Achievement/Awards

2021
- Finalist, DEFCON CTF 29 ☠ (team StarBugs)

2020
- 1st, m0leCon 2020
- Finalist, 사이버작전 경연대회(Whitehat Contest) (team Uneducated People)
- Finalist, 사이버 공격방어대회(CCE) Quals (team 흥부부대찌개)
- Finalist, CONFidence CTF 2020 Teaser (team CodeRed)
- Finalist, Midnight Sun CTF 2020 Quals (team CodeRed)
- Finalist, 0CTF/TCTF 2020 Quals (team Heart Breaker)
- Finalist, DEFCON CTF 28 ☠ (team StarBugs)

2019
- 1st , HolyShield CTF 2019 Junior (team HeungbuBudaeJjigae) - reward $ 1k
- 1st , WhiteHat Contest 2019 Junior Final (team Uneducated people) - reward $ 5k
- 1st , SUA CTF 3th (team BOB8TH_VULN_ANALYSIS)
- 2nd , The Hacking Championship Junior 2019 (team HeungbuBudaeJjigae)
- 3rd , Belluminar CTF 2019 (team Aleph Infinite)
- 5th , ISITDTU CTF Final (team Aleph Infinite)
- 5th , Timisoara CTF (team Munahnhae)
- 9th , DEFCON CTF 27 Quals (team CGC)
- 14th , PlaidCTF 2019 (team CGC)
- Finalist, DEFCON CTF 27 ☠ (team CGC)
- Finalist (5th), ISITDTU CTF Final (team Aleph Infinite)
- Finalist (4th), Codegate CTF 2019 Junior (username munsiwoooooo)
- Finalist (4th), 2019 DVP Global Blockchain CTF (team HeungbuBudaeJjigae) - reward $ 3k

2018
- 1st , 2018 CyberGuardians (team Layer7) - reward $ 5k
- 2nd , Timisoara CTF, Romania (team NextLine) - reward $ 300
- 3rd , Harekaze CTF (team SeoulWesterns)
- 3rd , 제 1회 KO-WORLD 해킹방어대회 (team phpandrust) - reward $ 1k
- Finalist (13th), DEFCON CTF 26, Las Vegas ☠ (team C.G.K.S)
- Finalist (8th), Cyber Conflict Exercise, Jeju (team 야몽클리닉/Red Team)
- Excellence Prize, 2018 대한민국 육군해킹방어대회 (The Republic of Korea Army Attack and Defense Contest)

2017
- 1st , Christmas CTF 2017 (team 박광호 1인팀) - reward $ 800
- 3rd , Kookmin Univ & Ubuntu CTF 2017 (team 새싹보끔밥)
- 4th , Neverland CTF 2017 (team gazoku - solo)
- 8th , SECUINSIDE CTF Quals 2017 (team FHF)

Bug bounty

I'm still a novice bug bounty hunter :0

2020
- Bugcrowd
  - Atlassian - Jira Service Desk : rewarded $600
  - Bitdefender : rewarded $300
- HackerOne
  - Starbucks(starbucks.co.kr) : rewarded $1.5k
  - Steam(store.steampowered.com) : [censored]
  - Ford : [censored]
- Naver Bug Bounty Program
  - found 15+ vulns - rewarded $2k
- Node.js NPM modules
  (NodeJS Module Vulnerability Automation Analysis, Best of the Best 8th)
  - CVE-2020-7719, CVE-2020-7700, CVE-2020-7702
  - CVE-2020-7717, CVE-2020-7715, CVE-2020-7716
  - CVE-2020-7707, CVE-2020-7721, CVE-2020-7701
  - CVE-2020-7724, CVE-2020-7727, CVE-2020-7718
  - CVE-2020-7725, CVE-2020-7722, CVE-2020-7703
  - CVE-2020-7704, CVE-2020-7714, CVE-2020-7706
  - CVE-2020-7723

2019

HackerOne
- μtorrent(utorrent.com) : [censored]
- AfreecaTV(afreecatv.com) : found 13+ vulns including SQL Injection
Naver Bug Bounty Program
- found 8+ vulns (XSS) - rewarded $1.2k
GNUBOARD5 (sir.kr)
- SQL Injection (<=5.4.0.1) - 2019.09.08
- XSS (<=5.4.0.1) - 2019.09.08
- Authentication bypass (<=5.4.0.1)
DVP Bug Bounty (dvpnet.io)
- DVP-2019-30029 : Gate.io SQL Injection - rewarded $1.2k
- DVP-2019-30165, DVP-2019-30149 : Gateio XSS (found 2 vulns) - rewarded $450

2018

KISA Bug Bounty Program
- NAVER - SQL Injection (KVE-2018-1301) - rewarded $1k

2017

NAVER PER(Privacy Enhancement Reward)
- found 25+ vulns (XSS, Open Redirect)

Educated/Internship

Sunrin Internet High School

Position: Student
Date: 2017.03 ~ 2020.02
Details: sunrint.hs.kr

CSSA IoTcube, Korea.Univ

Task: Security vulnerability analysis in Blockchain open source project
Position: Internship
Date: 2018.07 ~ 2018.09
Details: CSSA, IoTcube

Best of the Best 8th, KITRI

Position: 취약점분석트랙 (멘티)
Date: 2019.07 ~ 2020.04
Details: KITRI, BoB

Speaker

HackingCamp 18, PoC Security

Title : Security option bypass 101
Content : PHP의 open_basedir, disable_functions 옵션을 우회하는 여러 방법에 대해 소개
Date : 2018.09.02
Detail : 해킹캠프 홈페이지

빗썸 청소년 사이버 보안 캠프, Bithumb

Title : 쉽고 간단하게 배워보는 정보보안 Tip
Content : 개인정보가 유출될 수 있는 여러 상황을 예를들며 이를 사전에 예방하는 방법을 소개
Date : 2018.11.23
Detail : 인터넷 기사, 빗썸 홈페이지

CodeGate 2019 (First prize was awarded)

Title : PHP Trick Trip
Content : PHP의 여러 이슈와 취약점으로 연계할 수 있는 버그에 대해 다루며,
Zend 엔진 소스 분석을 통해 버그가 발생하는 이유와 이를 분석했던 과정을 소개
Date : 2019.03.27
Detail : 후기, 코드게이트 홈페이지, 발표자료(pdf)
Award : 한국인터넷진흥원장상 (발표 최우수상)

Organizer

2019

2019 Belluminar CTF 문제 출제
2019 Christmas CTF (사이트 개발, 문제 출제, 운영) - @munsiwoo/christmas-ctf-platform
2019 Layer7 CTF (사이트 개발, 운영)
2019 선린인터넷고등학교 고등해커 (예선/본선 운영, 사이트 개발, 문제 출제)
2019 선린인터넷고등학교 교내해킹방어대회 (문제 출제- Github)

2018

2018 선린인터넷고등학교 고등해커 (예선/본선 운영, 사이트 구현, 문제 출제)
2018 선린인터넷고등학교 교내해킹방어대회 (운영, 문제 출제)
PoC Security HackingCamp18 CTF (문제 출제 - Github)
2018 Layer7 CTF (대회 운영, 문제 출제, Github)
2018 H3X0R CTF (문제 출제 - Github)

2017

2017 PoC Security Belluminar CTF (대회 참가, 문제 출제, Github)
2017 PoC Security Power of XX (문제 출제, Github)
2017 Layer7 CTF (대회 운영, 문제 출제, Github)
2017 H3X0R CTF (대회 운영, 문제 출제)

Projects

2021

(주)테스트OO 보안 컨설팅
OO발전 모의해킹 및 보안 컨설팅
OO전력 모의해킹 및 보안 컨설팅
OO청 모의해킹 및 보안 컨설팅
OO시 모의해킹 및 보안 컨설팅

2019

CTF Platform - GitHub
Automatic Analysis for Node.js Modules (BoB Project) / Team NerdJS
PHP Trick Trip (Presented at the codegate 2019, GitHub)
Nully fuzzer - Dynamic reflected xss fuzzer

2018

PHP CTF Framework (used in Layer7 CTF 2018, Sunrin High School Hacker CTF 2018)
Simple MVC Framework in PHP (GitHub)
Simple directory search tools with multi-threading (GitHub)

Resume

Who am I

Achievement/Awards

Bug bounty

Educated/Internship

Speaker

Organizer

Projects

GitHub

Facebook

Blog