# Sitemap
/shpik.kr/
# Profile
## NAME
Sehun Oh ([email protected])## NICKS
shpik## ORGANIZATION
TenDollar / Security Group / - / 2017 ~ 2019Mashiro / CTF Team / All / 2019 ~
Reverselab / CTF Team / Web,Pwnable / 2019 ~
HypwnLab / Nondisclosure Research Group / Secret / 2019 ~
## JOBS
CYBERONE.Co.LTD (Seoul, Republic of Korea) / Pentester, R&D / 2017 ~ 2019LINE Corp. (Tokyo, Japan) / Security Engineer / 2019 ~
## INTERESTS
Web ExploitationFuzzing Development
Chrome Javascript Engine(v8)
Space Science
# Vulnerability
## CVE
CVE-2018-13410: Info-zip, DoSCVE-2018-19296: PHPMailer, Object Injection
## KVE
KVE-2017-0019: Netis M3300N, Command InjectionKVE-2017-0278: gnuboard5, LFI to RCE
KVE-2019-0246: Naver, [censored]
KVE-2019-0247: Naver, [censored]
KVE-2019-0523: Naver, Reflected XSS
KVE-2019-0556: gnuboard5, Webroot full-path disclosure
KVE-2019-0860: Naver, Reflected XSS
KVE-2019-0924: Tistory, Reflected XSS
# Achievement
## Capture The Flag - Participation
2021, DEFCON CTF, Quals 16th, uuuderflow2021, Plaid CTF, 9th, uuuderflow
2020, Harekaze Mini CTF, 1st, NekoLover
2020, TrendMicro CTF, Quals 6th, Reverselab
2020, SECCON CTF, 8th, Disaster-level Hacker Laboratory
2020, Cyber Operations Challenge CTF, Quals 6th, Finalist, 승객들
2020, InterKosen CTF, 1st, HypwnLab
2020, TSG CTF, 5th, Shimarin Fan Club
2020, 0CTF, Quals 1st, Final 5th, koreanbadass
2020, Volga CTF, 5th, Yurucamp Hackers
2020, Zer0pts CTF, 1st, god_shpik
2020, Aero CTF, 6th, SBthread
2019, TrendMicro CTF, Quals 5th, Final 10th, Reverselab
2019, TokyoWesterns CTF, 28th, Reverselab
2019, Cyber Conflict Exercise & Contest(CCE), Quals 4th, Final 7th, Reverselab
2019, Cyber Operations Challenge CTF, Quals 1st, Reverselab
2019, InterKosen CTF, 1st, Mashiro(Emilia)
2019, Harekaze CTF, 1st, Yokosuka Hackers
2019, DEFCON 27, Quals 22nd, $TLDR$
2019, ASIS CTF, Quals 37th, Harekaze
2019, Midnight Sun CTF, Quals 23rd, Harekaze
2019, UTCTF, Quals 23rd, Mashiro
2019, Codegate CTF, Quals 23rd, TenDollar
2019, InterKosen CTF, 3rd, KimchiPower
2018, Pwn2Win CTF, Quals 13th, TenDollar
2018, Cyber Conflict Exercise & Contest(CCE), Quals 7th, Final 9th, TenDollar
2018, SECCON CTF, Quals 19th, TenDollar
2018, Hackcon CTF, 18th, TenDollar
2018, TJCTF, 16th, TenDollar
2018, DEFCON 26, Quals 15th, Final 13th, C.G.K.S
2018, Samsung CTF, Finalist, shpik
2018, KO-WORLD CTF, Final 2nd, TenDollar
2017, Cyber Conflict Exercise & Contest(CCE), Quals 13th, TenDollar
2017, Samsung CTF, Finalist, shpik
2017, Hack Dat Kiwi CTF, 14th, TenDollar
## Capture The Flag - Operator
2021, Asian Cyber Security Challenge(ACSC)- favorite emojis
2021, LINE CTF (LINE AST)
- babyweb
- babysandbox
2020, H University CTF (ReverseLab)
- xxxx: Web/Apache/SSRF
- xxxx: Web/Nginx/WS
2020, Bingo CTF (HypwnLab)
- Simple_board: Pwn/Uninitialize Stack
- Simple_game: Pwn/Vector/Struct
- Whalerice: Web/SSRF/CSS
2019, H University CTF (ReverseLab)
- xxxx: Web/Whitebox/SSRF
- xxxx: Web/Prototype Pollution
2018, TenDollar CTF (TenDollar)
- Cat-Proxy: Web/Object Injection/SSRF/LFI
- Kou: Web/Reverse/Overflow/LFI
## Presentation
Effective SQL Injection @CYBERONE.Co.LTDApache Struts2 exploit @CYBERONE.Co.LTD
Pwnable Basic @CYBERONE.Co.LTD
File Structure and Exploit Flaw at ubuntu16.04 @CYBERONE.Co.LTD
CPP Exploit @CYBERONE.Co.LTD
v8 exploit @TenDollar
Web Application Exploit for mismanagement @CYBERONE.Co.LTD
## Met
2019, cd802001, extr