Security researcher loves to play CTF
Defcon 28 Finalist

  • Name: posix (Beomjin Lee)
  • Age: 24
  • Participation
    • 2020 Balsn CTF 2nd place (The Flat Network Society)
    • 2020 KipodAfterFree CTF 2nd place (The Flat Network Society)
    • 2020 CyberSecurityRumble CTF 1st place (The Flat Network Society)
    • 2020 hackceler8 2nd place (Team I Use Bing)
    • 2020 Cyber Conflict Exercise Finals 6th place (Team Haim)
    • 2020 SECCON 1st place (Team HangulSarang)
    • 2020 Cyber Conflict Exercise Quals 3rd place (Team Haim)
    • 2020 TokyoWesterns CTF 1st place (Team D0G$)
    • 2020 InterKosen CTF 2nd place (Team Defenit)
    • 2020 HacktivityCon CTF 5th place (Team Defenit)
    • 2020 CyBRICS CTF 2nd place (Team DefenitelyZer0)
    • 2020 TSG CTF 2nd place (Team DefenitelyZer0)
    • 2020 ASIS CTF 2nd place (Team DefenitelyZer0)
    • 2020 DEFCON CTF Quals 7th (Team koreanbadass)
    • 2020 Plaid CTF 4th (Team koreanbadass)
    • 2020 X-MAS GTF 3nd (Team Defenit)
    • 2020 Securinets CTF 2nd (Team Defenit)
    • 2020 CONFidence CTF Quals 1st (Team DDP)
    • 2020 Pragyan CTF 3rd (Team Defenit)
    • 2020 Zer0pts CTF 9th (Team Defenit)
    • 2019 SECCON CTF Quals 10th (Team SEDefenit)
    • 2019 Christmas CTF 2nd (Team Anti PPP)
    • 2019 Samsung SSTF Open CTF 3rd (Team ???)
    • 2019 DVP Korea Blockchain CTF 1st (Team POSIX)
    • 2019 HolyShield CTF 2nd (Team Defenit)
    • 2019 BISC Open CTF 1st (Team POSIX)
    • 2019 Rooters CTF 1st (Team Defenit)
    • … And so on
  • Speaker
    • POC 2020, PoC Security
      • Practical Methods to Exploit JS Application using Prototype Pollution
    • HackingCamp 2019, PoC Security
      • The Beginning and End of Web Hacking
  • Project
    • NodeJS Module Vulnerability Automation Analysis on Best of the Best 8th
      • CVE-2020-7707 CVE-2020-7721 CVE-2020-7701 CVE-2020-7717 CVE-2020-7715 CVE-2020-7716 CVE-2020-7719 CVE-2020-7700 CVE-2020-7702 CVE-2020-7704 CVE-2020-7714 CVE-2020-7706 CVE-2020-7724 CVE-2020-7727 CVE-2020-7718 CVE-2020-7725 CVE-2020-7722 CVE-2020-7703 CVE-2020-7723
  • Organizer
    • 2022 Hayyim Security CTF : Cyberchef, Gnuboard, Xpressengine, Not E, Wasmup, Marked
    • 2021 Layer7 CTF : EJS, Lookup System
    • 2019 Layer7 CTF : Tiary, Safe Evaluator
    • 2020 Defenit CTF : Highlighter, Fortune Cookie, BabyJS, AdultJS
    • 2019 Layer7 CTF : JSTrick
    • 2019 SUA CTF : Make Shorten, WDB
  • Development
    • Defenit CTF / ctf.defenit.kr
    • Bob Newsletter / bobnews.kr
  • Bounty Records
    • KVE-2019-1024, 1162 Youngcart RCE x 2
    • KVE-2019-1158, 1159, 1160 Youngcart XSS x 3
    • KVE-2019-1158 Youngcart SSRF
    • KVE-2019-0990, 1157 Youngcart SQL Injection x 2
    • KVE-2019-1151 Amina Builder Arbitary File Download
    • KVE-2019-821, 860, 994, 995, 1014 Gnuboard XSS x 5
    • KVE-2019-0993 Gnuboard RCE
    • KVE-2019-0991 Youngcart Purchase Bypass
    • KVE-2019-0979 KakaoBank Stored XSS
    • NBB-283, 313, 314, 315, 321, 331, 365, 382, 383, 386, 392, 405, 424, 452, 455, 457, 458, 459, 485, 486, 487, 515 XSS on Naver Web Service x 22
    • NBB-918 Information disclosure on Naver Web Service
    • NBB-320 SSRF on Naver Web Service
    • Ridibooks Bypass authentication at admin page
    • Ridibooks Account Takeover
    • Ridibooks XSS x 11, Open Redirection x 5
    • Gate.io Virtual Currency Exchange Stored XSS
    • Drive.net CRLF Injection
    • CVE-2019-17592 CSV-Parse ReDOS
    • NodeJS: Including lodash Prototype Pollution, static-eval Sandbox Escape, Total 51 Vulnerabilities on NPM Modules.
    • And so on