/shpik.kr/

# Sitemap

.
├─ Blog
├─ Github
├─ Facebook
└─ Twitter

# Profile

## NAME

    Sehun Oh ([email protected])

## NICKS

    shpik

## ORGANIZATION

    TenDollar / Security Group / - / 2017 ~ 2019
    Mashiro / CTF Team / All / 2019 ~
    Reverselab / CTF Team / Web,Pwnable / 2019 ~
    HypwnLab / Nondisclosure Research Group / Secret / 2019 ~

## JOBS

    CYBERONE.Co.LTD (Seoul, Republic of Korea) / Pentester, R&D / 2017 ~ 2019
    LINE Corp. (Tokyo, Japan) / Security Engineer / 2019 ~

## INTERESTS

    Web Exploitation
    Fuzzing Development
    Chrome Javascript Engine(v8)
    Space Science

# Vulnerability

## CVE

    CVE-2018-13410: Info-zip, DoS
    CVE-2018-19296: PHPMailer, Object Injection

## KVE

    KVE-2017-0019: Netis M3300N, Command Injection
    KVE-2017-0278: gnuboard5, LFI to RCE
    KVE-2019-0246: Naver, [censored]
    KVE-2019-0247: Naver, [censored]
    KVE-2019-0523: Naver, Reflected XSS
    KVE-2019-0556: gnuboard5, Webroot full-path disclosure
    KVE-2019-0860: Naver, Reflected XSS
    KVE-2019-0924: Tistory, Reflected XSS

# Achievement

## Capture The Flag - Participation

    2021, DEFCON CTF, Quals 16th, uuuderflow
    2021, Plaid CTF, 9th, uuuderflow
    2020, Harekaze Mini CTF, 1st, NekoLover
    2020, TrendMicro CTF, Quals 6th, Reverselab
    2020, SECCON CTF, 8th, Disaster-level Hacker Laboratory
    2020, Cyber Operations Challenge CTF, Quals 6th, Finalist, 승객들
    2020, InterKosen CTF, 1st, HypwnLab
    2020, TSG CTF, 5th, Shimarin Fan Club
    2020, 0CTF, Quals 1st, Final 5th, koreanbadass
    2020, Volga CTF, 5th, Yurucamp Hackers
    2020, Zer0pts CTF, 1st, god_shpik
    2020, Aero CTF, 6th, SBthread
    2019, TrendMicro CTF, Quals 5th, Final 10th, Reverselab
    2019, TokyoWesterns CTF, 28th, Reverselab
    2019, Cyber Conflict Exercise & Contest(CCE), Quals 4th, Final 7th, Reverselab
    2019, Cyber Operations Challenge CTF, Quals 1st, Reverselab
    2019, InterKosen CTF, 1st, Mashiro(Emilia)
    2019, Harekaze CTF, 1st, Yokosuka Hackers
    2019, DEFCON 27, Quals 22nd, $TLDR$
    2019, ASIS CTF, Quals 37th, Harekaze
    2019, Midnight Sun CTF, Quals 23rd, Harekaze
    2019, UTCTF, Quals 23rd, Mashiro
    2019, Codegate CTF, Quals 23rd, TenDollar
    2019, InterKosen CTF, 3rd, KimchiPower
    2018, Pwn2Win CTF, Quals 13th, TenDollar
    2018, Cyber Conflict Exercise & Contest(CCE), Quals 7th, Final 9th, TenDollar
    2018, SECCON CTF, Quals 19th, TenDollar
    2018, Hackcon CTF, 18th, TenDollar
    2018, TJCTF, 16th, TenDollar
    2018, DEFCON 26, Quals 15th, Final 13th, C.G.K.S
    2018, Samsung CTF, Finalist, shpik
    2018, KO-WORLD CTF, Final 2nd, TenDollar
    2017, Cyber Conflict Exercise & Contest(CCE), Quals 13th, TenDollar
    2017, Samsung CTF, Finalist, shpik
    2017, Hack Dat Kiwi CTF, 14th, TenDollar

## Capture The Flag - Operator

    2021, Asian Cyber Security Challenge(ACSC)
      - favorite emojis
    2021, LINE CTF (LINE AST)
      - babyweb
      - babysandbox
    2020, H University CTF (ReverseLab)
      - xxxx: Web/Apache/SSRF
      - xxxx: Web/Nginx/WS
    2020, Bingo CTF (HypwnLab)
      - Simple_board: Pwn/Uninitialize Stack
      - Simple_game: Pwn/Vector/Struct
      - Whalerice: Web/SSRF/CSS
    2019, H University CTF (ReverseLab)
      - xxxx: Web/Whitebox/SSRF
      - xxxx: Web/Prototype Pollution
    2018, TenDollar CTF (TenDollar)
      - Cat-Proxy: Web/Object Injection/SSRF/LFI
      - Kou: Web/Reverse/Overflow/LFI

## Presentation

    Effective SQL Injection @CYBERONE.Co.LTD
    Apache Struts2 exploit @CYBERONE.Co.LTD
    Pwnable Basic @CYBERONE.Co.LTD
    File Structure and Exploit Flaw at ubuntu16.04 @CYBERONE.Co.LTD
    CPP Exploit @CYBERONE.Co.LTD
    v8 exploit @TenDollar
    Web Application Exploit for mismanagement @CYBERONE.Co.LTD

## Met

    2019, cd80
    2001, extr