KITRI "BEST OF THE BEST" 9th Vulnerability Analysis
- (Project. VirtualBoBs : Virtualization Software Bug Hunting)
- Project Leader. Unreal Engine Bug Hunting (10th)
- Project Leader. Apple Safari Bug Hunting [A.K.A ApplePIE] (11th)
- Vulnerability Researcher @ PK Security (2023.07 ~ 2023.09)
- Security Researcher @ SSD Labs (2022.05 ~ 2023.06)
- Undergraduate Student Researcher @ DNSLab, Korea University (2021.08 ~ Now)
- Zero Day Execution(@Zerocution)
- DNSLab, Korea University
- Browser, Kernel, iOS N-Day Research
- Personal E-Mail :
[email protected]
- LG Electronics Vulnerability Report Letter of Appreciation
- Microsoft 2022 Q1 TOP 100 Security Researcher
- Mozilla 2022 Q1 Firefox Bug Bounty Rewards Hall of Fame
- [$10,000 Donated] - Apple Web Service Security Acknowledgements Hall of Fame - November. 2022
- Apple Web Service Security Acknowledgements Hall of Fame - January. 2024
- Heap Buffer Overflow (OOB Wrtie) in Google Chrome V8 Internationalization : CVE-2022-1638
- Out-Of-Bounds Write in Apple Safari ICU : CVE-2022-32787
- UI Spoofing in Apple Safari : CVE-2022-32816
- Heap Buffer Overflow (OOB Read) in Google Chrome ANGLE: Chrome BETA, Issue 1335688
- UI Spoofing in Apple Safari : CVE-2022-42799
- Type Confusion in Apple Safari JavaScriptCore : CVE-2022-42823
- Same-Origin Policy Bypass in Apple Safari DataTransfer : CVE-2022-42824
- Same-Origin Policy Bypass in Apple Safari DataTransfer : CVE-2022-46698
- Download Protections Bypass in Mozilla Firefox : CVE-2022-46875
- Type Confusion in Apple Safari StreamAPI : CVE-2023-23517, [ApplePIE]
- Type Confusion in Apple Safari StreamAPI : CVE-2023-23518, [ApplePIE]
- Same-Origin Policy Bypass in Mozilla Firefox : CVE-2023-25741
- Out-Of-Bounds Access in Mozilla Firefox : CVE-2023-29531
- Use-After-Free in Apple Safari Web Inspector : CVE-2023-28201
- Insufficient policy enforcement in Google Chrome Safe Browsing: Issue 1343317
- Buffer Overflow in Mozilla Firefox : CVE-2023-4582
- Use-After-Free in Apple Safari GPU : CVE-2023-39434
- Information Disclosure in Apple libxslt (Works in Safari) : CVE-2023-40403
- Double-Free in Google Chrome SwiftShader : ZDI-23-1583
- Heap-Buffer-Overflow Sandbox Escape in Mozilla Firefox WebGL : CVE-2023-6856
- Heap Buffer Overflow in Apple CoreGraphics : CVE-2024-23286
- Use-After-Free in Samsung Galaxy SveService : SVE-2024-0092(CVE-2024-20861)
- Out-Of-Bounds Write in Samsung Galaxy SveService : SVE-2024-0096(CVE-2024-20862)
- Improper input validation in frcmc-service : [Severity Low, Bounty Awarded]
- Improper Input Validation lead to initiate FaceTime calls without user authorization in Apple iOS Mail : CVE-2024-23282
- Denial of Service in Oracle VirtualBox : CVE-2021-2086, CVE-2021-35540
- Remote Code Execution in Oracle VirtualBox : CVE-2022-39421
- RCE in Polaris Office : CVE-2021-34280
- RCE or Info Leak in Foxit PDF Reader : CVE-2021-34973, CVE-2021-45978, CVE-2021-45979, CVE-2021-45980, CVE-2022-24370, CVE-2022-24356, ZDI-CAN-15299, CVE-2022-24954, CVE-2022-24955, CVE-2022-30557, CVE-2021-42678, CVE-2021-42679, CVE-2022-37376, CVE-2022-37377, CVE-2022-37378
- RCE in Microsoft Office : CVE-2022-22004
- RCE in Adobe Product : CVE-2022-23202
- LPE in McAfee Product : CVE-2022-0129
- LPE in Trend Micro Product : CVE-2022-26319, CVE-2022-26337
- RCE in Trend Micro Apex One : CVE-2023-25143
- LPE in Mozilla VPN : CVE-2022-0517
- RCE in Samsung Driver : SVE-2022-0082 (CVE-2022-27842), SVE-2022-0083 (CVE-2022-27843), SVE-2022-0115 (CVE-2022-28541), SVE-2021-24333 (CVE-2022-28779), SVE-2022-0854 (CVE-2022-30744), SVE-2022-1099 (CVE-2022-33711), SVE-2022-0855(CVE-2022-36840), SVE-2022-1770(CVE-2022-39845)
- RCE in Microsoft Windows Upgrade Assistant : CVE-2022-24543