Giter Club home page Giter Club logo

PROFILE

  • Seokchan Yoon (@ch4n3.yoon)
  • [email protected]
  • A CTF player
  • Web Security Researcher @ STEALIEN (2020.07. ~ 2023.06.)

ACHIEVEMENT/AWARDS

  • Finalist, CODEGATE 2023 UNIVERSITY (team: 경희대미남해커들)
  • Finalist, CODEGATE 2022 UNIVERSITY (team: 경희대미남해커들)
  • Finalist (2nd, 국가보안연구소장상), 2022 사이버공격방어대회(CCE) 공공부문 Quals (team: resilience)
  • Finalist (2nd, 국가보안연구소장상), 2021 사이버공격방어대회(CCE) 공공부문 Quals (team: resilience)
  • 3rd, 2020 Kyunghee University Hackathon (team 1등못하면동반입대)
  • Finalist (2nd, 사이버작전사령관상), 2019 사이버작전경연대회 학생부 (team 윤석찬TV구독과좋아요알림설정까지)
  • 개인전 최우수상 (1st, 서울여대 총장상), 2018 제 4회 정보보안경진대회 개인예선
  • 단체전 최우수상 (1st, 교육부 장관상), 2018 제 4회 정보보안경진대회 단체본선 (team 문시우1인팀)
  • Finalist (18th), CODEGATE 2018 JUNIOR
  • 2nd, 2018 제 3회 전국청소년모의해킹대회
  • 3rd, 2018 제 16회 SMARTEEN APP CLUB AppJam Hackathon
  • 단체전 최우수상 (1st, 한국교육학술정보원장상), 2017 제 3회 정보보안경진대회 단체본선 (team 4-day exploit)
  • 우수상(2nd), 2017 KMU(국민대학교) X UBUNTU 1st CTF

BUG BOUNTIES

NAVER

  • NBB-1126, Stored XSS
  • NBB-1143, SQL Injection
  • NBB-1260, Stored XSS
  • NBB-2315, Reflected XSS
  • NBB-2316, Reflected XSS
  • NBB-2314, Reflected XSS

Python

  • (coming soon)

Django

  • CVE-2023-36053: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator
  • CVE-2024-24680: Potential denial-of-service in intcomma template filter
  • CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words()
  • CVE-2024-21520: Cross-Site Scripting (XSS) in browserable API of django-rest-framework
  • CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget

Apache Airflow

  • CVE-2024-39877: Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler
  • CVE-2024-39863: Apache Airflow: Potential XSS Vulnerability
  • (coming soon)

Ruby

  • CVE-2024-41123: DoS vulnerabilities in REXML

Ruby on Rails

  • (coming soon)

Java Spring

  • CVE-2024-38809: Spring Framework DoS via conditional HTTP request

MEDIA / PRESENTATION

2020

2021

2022

2023

  • <Django 1-day Vulnerability Analysis> (@HackingCamp 26th 🇰🇷)
    • I analyzed and shared disclosed vulnerabilities with high severity to Django Project, 2022
    • Reference: http://hackingcamp.org/
  • <Django Framework N-day Vulnerability Analysis & Secure Coding Guide> (@CODEGATE 2023 🇰🇷)

Seokchan Yoon's Projects

ctf-maker icon ctf-maker

간단하게 CTF 사이트를 만드는 프로젝트

cve-2024-21520-demo icon cve-2024-21520-demo

A demonstration of common XSS vulnerabilities in Django Rest Framework applications. This repository showcases intentionally vulnerable code to educate developers on identifying and mitigating XSS attacks in DRF-based projects. For educational purposes only.

dimigo-torrents icon dimigo-torrents

디미고에서 토렌트 쓰는 놈들이 어떤 항목을 다운로드했는지 보여주는 사이트를 파싱하는 스크립트

django-pickleserializer-rce-poc icon django-pickleserializer-rce-poc

Proof of Concept (PoC) repository demonstrating the Remote Code Execution (RCE) vulnerability in Django's PickleSerializer (up to version 4.0). This repository provides examples and explanations to understand the exploit and its impact

docker-image-maker icon docker-image-maker

사용자에게 Container를 제공해주고 자동으로 Image화하는 프로그램(BE: Django, FE: React)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.