munsiwoo.kr

Achievement/Awards

~ present
- 4th, WACON CTF 2022 Quals(team 팀 평균연령42세)
- 11th, DEF CON CTF Qualifier 2022(team StarBugs)
- 4th, DEFCON CTF 29 Final ☠ (team StarBugs)
- 3rd, Hayyim CTF (team Yamong Clinic)

2020
- 1st, m0leCon 2020 (team AlPray)
- Finalist, 화이트햇 콘테스트 (team Uneducated People)
- Finalist, 사이버 공격방어대회(CCE) Quals (team 흥부부대찌개)
- Finalist, CONFidence CTF 2020 Teaser (team CodeRed)
- Finalist, Midnight Sun CTF 2020 Quals (team CodeRed)
- Finalist, 0CTF/TCTF 2020 Quals (team Heart Breaker)
- Finalist, DEFCON CTF 28 ☠ (team StarBugs)

2019
- 1st , HolyShield CTF 2019 Junior (team HeungbuBudaeJjigae) - rewarded $1,000 USD
- 1st , WhiteHat Contest 2019 Junior Final (team Uneducated people) - rewarded $5,000 USD
- 1st , SUA CTF 3th (team BOB8TH_VULN_ANALYSIS)
- 2nd , The Hacking Championship Junior 2019 (team HeungbuBudaeJjigae)
- 3rd , Belluminar CTF 2019 (team Aleph Infinite)
- 5th , ISITDTU CTF Final (team Aleph Infinite)
- 5th , Timisoara CTF (team Munahnhae)
- 9th , DEFCON CTF 27 Quals (team CGC)
- 14th , PlaidCTF 2019 (team CGC)
- Finalist, DEFCON CTF 27 ☠ (team CGC)
- Finalist (5th), ISITDTU CTF Final (team Aleph Infinite)
- Finalist (4th), Codegate CTF 2019 Junior (team munsiwoooooo)
- Finalist (4th), 2019 DVP Global Blockchain CTF (team HeungbuBudaeJjigae) - rewarded $3,000 USD

2018
- 1st , 2018 CyberGuardians (team Layer7) - rewarded $5,000 USD
- 2nd , Timisoara CTF, Romania (team NextLine) - rewarded $300 USD
- 3rd , Harekaze CTF (team SeoulWesterns)
- 3rd , 제 1회 KO-WORLD 해킹방어대회 (team phpandrust) - rewarded $1,000 USD
- Finalist (13th), DEFCON CTF 26, Las Vegas ☠ (team C.G.K.S)
- Finalist (8th), Cyber Conflict Exercise, Jeju (team 야몽클리닉/Red Team)
- 은상, 2018 대한민국 육군해킹방어대회 (The Republic of Korea Army Attack and Defense Contest)

2017
- 1st , Christmas CTF 2017 (team 박광호 1인팀) - rewarded $800 USD
- 3rd , Kookmin Univ & Ubuntu CTF 2017 (team 새싹보끔밥)
- 4th , Neverland CTF 2017 (team gazoku - solo)
- 8th , SECUINSIDE CTF Quals 2017 (team FHF)

I'm still a novice bug bounty hunter ;0
//hackerone.com/munsiwoo

2021
- HackerOne
  - Starbucks: rewarded $6,000 USD
  - Starbucks: rewarded $1,440 USD
  - Starbucks: rewarded $4,770 USD
- Bugcamp
  - CISSP: rewarded $120 USD
- GNUBOARD5
  - XSS (<=5.4.13.1) - 2021.06.24 (commit log, write up)

2020
- Bugcrowd
  - Atlassian: Jira Service Desk: rewarded $600 USD
  - Bitdefender: rewarded $300 USD
- HackerOne
  - Starbucks: rewarded $1,500 USD
  - Steam(store.steampowered.com): rewarded $400 USD
  - Ford
- Naver Bug Bounty Program
  - found 15+ vulns - rewarded $2,000 USD
- Node.js NPM modules
  (NodeJS Module Vulnerability Automation Analysis, Best of the Best 8th)
  - CVE-2020-7719, CVE-2020-7700, CVE-2020-7702
  - CVE-2020-7717, CVE-2020-7715, CVE-2020-7716
  - CVE-2020-7707, CVE-2020-7721, CVE-2020-7701
  - CVE-2020-7724, CVE-2020-7727, CVE-2020-7718
  - CVE-2020-7725, CVE-2020-7722, CVE-2020-7703
  - CVE-2020-7704, CVE-2020-7714, CVE-2020-7706
  - CVE-2020-7723

2019
- HackerOne
  - μtorrent: Reflected XSS
  - afreecaTV: found 13+ vulns including SQL Injection
- Naver Bug Bounty Program
  - found 8+ vulns: rewarded $1,200 USD
- GNUBOARD5
  - SQL Injection (<=5.4.0.1) - 2019.09.08
  - XSS (<=5.4.0.1) - 2019.09.08
  - Authentication bypass (<=5.4.0.1) - 2019.09.08
- DVP Bug Bounty
  - Gate.io: SQL Injection (DVP-2019-30029) - rewarded 4.5 ETH
  - Gate.io: DOM Based XSS (DVP-2019-30165, DVP-2019-30149) - rewarded 0.250 ETH

2018
- KISA Bug Bounty Program
  - NAVER: SQL Injection(KVE-2018-1301) - rewarded $1,000 USD

2017
- NAVER PER(Privacy Enhancement Reward)
  - found 25+ vulns (XSS, Open Redirect)

RaonSecure, 라온화이트햇 핵심연구팀
- Position: Security Researcher
- Date: 2021.09 ~
- Task: 모의해킹, R&D

█████
- Position: Security Researcher
- Date: 2020.08 ~ 2021.09
- Task: 모의해킹, 1-DAY 취약점 분석, 보안관제플랫폼 개발

Best of the Best 8th, KITRI
- Position: Mentee (취약점분석트랙)
- Date: 2019.07 ~ 2020.04
- Detail: KITRI, BoB

CSSA IoTcube, Korea.Univ
- Task: Security vulnerability analysis in open source Blockchain project
- Position: Internship
- Date: 2018.07 ~ 2018.09
- Detail: CSSA, IoTcube

Sunrin Internet High School
- Position: Student (정보통신과)
- Date: 2017.03 ~ 2020.02
- Detail: sunrint.hs.kr

CodeGate 2019 (First prize was awarded)
- Title: PHP Trick Trip
- Content: PHP의 여러 보안 이슈와 취약점을 통해 웹 해킹 공격으로 이어질 수 있는 버그에 대해 다루며,
  Zend 엔진을 분석해본 경험을 토대로 버그가 발생하는 논리적 이유와 이를 분석했던 과정을 소개하는 발표
- Date: 2019.03.27
- Detail: 후기, 코드게이트 홈페이지, 발표자료(pdf)
- Award: 발표 최우수상, 한국인터넷진흥원장상

빗썸 청소년 사이버 보안 캠프, Bithumb
- Title: 쉽고 간단하게 배워보는 정보보안 Tip
- Content: 개인정보가 유출될 수 있는 여러 상황을 예를들며 이를 사전에 예방하는 방법을 소개하는 발표
- Date: 2018.11.23
- Detail: 인터넷 기사, 빗썸 홈페이지

HackingCamp 18, PoC Security
- Title: Security option bypass 101
- Content: PHP의 open_basedir, disable_functions 옵션을 우회하는 여러 방법에 대해 소개하는 발표
- Date: 2018.09.02
- Detail: 해킹캠프 홈페이지

2019
- 2019 Belluminar CTF 문제 출제
- 2019 Christmas CTF (사이트 개발, 문제 출제, 운영) - @munsiwoo/christmas-ctf-platform
- 2019 Layer7 CTF (사이트 개발, 운영)
- 2019 선린인터넷고등학교 고등해커 (예선/본선 운영, 사이트 개발, 문제 출제)
- 2019 선린인터넷고등학교 교내해킹방어대회 (문제 출제- Github)

2018
- 2018 선린인터넷고등학교 고등해커 (예선/본선 운영, 사이트 구현, 문제 출제)
- 2018 선린인터넷고등학교 교내해킹방어대회 (운영, 문제 출제)
- PoC Security HackingCamp18 CTF (문제 출제 - Github)
- 2018 Layer7 CTF (대회 운영, 문제 출제, Github)
- 2018 H3X0R CTF (문제 출제 - Github)

2017
- 2017 PoC Security Belluminar CTF (대회 참가, 문제 출제, Github)
- 2017 PoC Security Power of XX (문제 출제, Github)
- 2017 Layer7 CTF (대회 운영, 문제 출제, Github)
- 2017 H3X0R CTF (대회 운영, 문제 출제)

2020 ~ present
- 2022, ██은행 모의해킹 및 보안 컨설팅
- 2022, (주)██프레소: 모바일 앱 모의해킹 및 보안 컨설팅
- 2021, ██발전 모의해킹 및 보안 컨설팅, (주)파이오링크
- 2021,██전력 모의해킹 및 보안 컨설팅, (주)파이오링크
- 2021, ██청 모의해킹 및 보안 컨설팅, (주)파이오링크
- 2021, ██시 모의해킹 및 보안 컨설팅, (주)파이오링크
- 2020, (주)테스트OO 보안 컨설팅

2019
- PHP CTF Platform, GitHub
- Automatic Analysis for Node.js Modules, (Best of the best 8th / NerdJS)
  - DAPP: automatic detection and analysis of prototype pollution vulnerability in Node.js modules
    Springer 출판사의 International Journal of Information Security (IJIS) (SCIE)에 게재
    https://link.springer.com/article/10.1007/s10207-020-00537-0
- PHP Trick Trip, (Presented at the codegate 2019, GitHub)
- Munfoozer, Dynamic XSS fuzzer