/shpik.kr/

# Sitemap

.
├─ Blog
├─ Github
├─ Facebook
└─ Twitter

# Profile

## NAME

    Sehun Oh

## NICKS

    shpik

## ORGANIZATION

    TenDollar / Security Group / - / 2017 ~
    Mashiro / CTF Team / All / 2019 ~
    Reverselab / CTF Team / Web,Pwnable / 2019 ~
    HypwnLab / Nondisclosure Research Group / Secret / 2019 ~

## JOBS

    Security Researcher
      CYBERONE.Co.LTD (Seoul, Republic of Korea) / Pentester, R&D / 2017 ~ 2019

## INTERESTS

    Web Exploitation
    Fuzzing Development
    Chrome Javascript Engine(v8)
    Space Science

# Vulnerability

## CVE

    CVE-2018-13410 : Info-zip, DoS
    CVE-2018-19296 : PHPMailer, Object Injection

## KVE

    KVE-2017-0019 : Netis M3300N, Command Injection
    KVE-2017-0278 : gnuboard5, LFI to RCE
    KVE-2019-0246 : Naver, [censored]
    KVE-2019-0247 : Naver, [censored]
    KVE-2019-0523 : Naver, Reflected XSS
    KVE-2019-0556 : gnuboard5, Webroot full-path disclosure
    KVE-2019-0860 : Naver, Reflected XSS
    KVE-2019-0924 : Tistory, Reflected XSS

# Achievement

## Capture The Flag - Participation

    2019, InterKosen CTF, 1st, Mashiro(Emilia)
    2019, Harekaze CTF, 1st, Yokosuka Hackers
    2019, DEFCON 27, Quals 22nd, $TLDR$
    2019, ASIS CTF, Quals 37th, Harekaze
    2019, Midnight Sun CTF, Quals 23rd, Harekaze
    2019, UTCTF, Quals 23th, Mashiro
    2019, Codegate CTF, Quals 23nd, TenDollar
    2019, InterKosen CTF, 3rd, KimchiPower
    2018, Pwn2Win CTF, Quals 13th, TenDollar
    2018, Cyber Conflict Exercise & Contest(CCE), Quals 7th, Final 9th, TenDollar
    2018, SECCON CTF, Quals 19th, TenDollar
    2018, Hackcon CTF, 18th, TenDollar
    2018, TJCTF, 16th, TenDollar
    2018, DEFCON 26, Quals 15th, Final 13th, C.G.K.S
    2018, Samsung CTF, Finalist, shpik
    2018, KO-WORLD CTF, Final 2nd, TenDollar
    2017, Cyber Conflict Exercise & Contest(CCE), Quals 13th, TenDollar
    2017, Samsung CTF, Finalist, shpik
    2017, Hack Dat Kiwi CTF, 14th, TenDollar

## Capture The Flag - Operator

    2018, TenDollar CTF
      - Cat-Proxy : Web/Object Injection/SSRF/LFI
      - Kou : Web/Reverse/Overflow/LFI

## Presentation

    Effective SQL Injection @CYBERONE.Co.LTD
    Apache Struts2 exploit @CYBERONE.Co.LTD
    Pwnable Basic @CYBERONE.Co.LTD
    File Structure and Exploit Flaw at ubuntu16.04 @CYBERONE.Co.LTD
    CPP Exploit @CYBERONE.Co.LTD
    v8 exploit @TenDollar
    Web Application Exploit for mismanagement @