HyungSeok Han Computer Security Researcher DaramG

About Me

  • Computer Security Researcher (Fuzzing, Program Analysis, Automatic bug finding)
  • Staff Software Engineer @Samsung Research America

Education

Work Experience

Publications

  1. QueryX: Symbolic Query on Decompiled Code for Finding Bugs in COTS Binaries (PDF)
    HyungSeok Han, JeongOh Kyea, Yonghwi Jin, Jinoh Kang, Brian Pak, and Insu Yun
    In Proceedings of the IEEE Symposium on Security and Privacy , 2023

  2. HyperFuzzer: An Efficient Hybrid Fuzzer For Virtual CPUs (PDF)
    Xinyang Ge, Ben Niu, Robert Brotzman, Yaohui Chen, HyungSeok Han, Patrice Godefroid, and Weidong Cui
    In Proceedings of the ACM Conference on Computer and Communications Security , 2021

  3. Precise and Scalable Detection of Use-after-Compacting-Garbage-Collection Bugs (PDF)(Github)
    HyungSeok Han, Andrew Wesie, and Brian Pak.
    In Proceedings of the USENIX Security Symposium , 2021

  4. Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer (PDF)
    Suyoung Lee, HyungSeok Han, Sang Kil Cha, and Sooel Son.
    In Proceedings of the USENIX Security Symposium , 2020

  5. The Art, Science, and Engineering of Fuzzing: A Survey (PDF)
    Valentin Jean Marie Manès, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, and Maverick Woo.
    IEEE Transactions on Software Engineering (Best Paper Award) , 2019

  6. B2R2: Building an Efficient Front-End for Binary Analysis (PDF)(Github)
    Minkyu Jung, Soomin Kim, HyungSeok Han, Jaeseung Choi, and Sang Kil Cha.
    In Proceedings of the NDSS WorkShop on Binary Analysis Research (Best Paper Award) , 2019

  7. CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines (PDF)(Github)
    HyungSeok Han, DongHyeon Oh, and Sang Kil Cha.
    In Proceedings of the Network and Distributed System Security Symposium , 2019

  8. IMF: Inferred Model-based Fuzzer (PDF)(Github)
    HyungSeok Han, and Sang Kil Cha.
    In Proceedings of the ACM Conference on Computer and Communications Security , 2017

  9. Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations (PDF)
    Hongil Kim, Dongkwan Kim, Minhee Kwon, Hyungseok Han, Yeongjin Jang, Dongsu Han, Taesoo Kim, and Yongdae Kim
    In Proceedings of the ACM Conference on Computer and Communications Security , 2015

Honors and Awards

  • 2022
    • MSRC 2022 Most Valuable Researcher
  • 2021
    • Top MSRC 2021 Q4 Security Researchers
    • Top MSRC 2021 Q3 Security Researchers
  • 2020
    • Top MSRC 2020 Q3 Security Researchers
  • 2018
    • 1st place, KISA Data Challenge (Automated Vulnerability Detection Track)
  • 2017
    • 1st place, Whitehat Contest 2017 by Ministry of National Defense, South Korea (award $30,000)
    • 1st place, HDCON 14 by KISA, South Korea (award $20,000)
    • 3rd place, CODEGATE 2017 Global Hacking Competition (award $5,000)
    • Finalist, SECCON CTF 2017
  • 2016
    • 5th place, DEFCON CTF 24
    • Finalist, HITCON CTF 2016
  • 2015
    • Finalist, SECCON CTF 2015
  • 2014
    • 2nd place, Whitehat Hacking Contest 2014 (award $20,000)
    • Finalist, DEFCON CTF 22
    • Finalist, CODEGATE 2014 Global Hacking Competition
    • Finalist, SECUINSIDE CTF

Bug Reports

  • 2022
    • CVE-2022-23293, Local Privilege Escalation in Windows Kernel.
  • 2021
    • CVE-2021-43235, Information Disclosure in Windows Kernel.
    • CVE-2021-43230, Local Privilege Escalation in Windows Kernel.
    • CVE-2021-43229, Local Privilege Escalation in Windows Kernel.
    • CVE-2021-43227, Information Disclosure in Windows Kernel.
    • CVE-2021-43224, Information Disclosure in Windows Kernel.
    • CVE-2021-41378, Remote Code Execution in Windows Kernel.
    • CVE-2021-41370, Local Privilege Escalation in Windows Kernel.
    • CVE-2021-41367, Local Privilege Escalation in Windows Kernel.
    • CVE-2021-40443, Local Privilege Escalation in Windows Kernel.
  • 2020
    • CVE-2020-17041, Local Privilege Escalation in Windows Print Spooler.
    • CVE-2020-17042, Remote Code Exeuction in Windows Print Spooler.
    • CVE-2020-6434, Use after free in Google Chrome.
    • CVE-2020-3915, Local Privilege Escalation in macOS 10.15.3.
  • 2019
    • CVE-2019-0923, Memory corruption in ChakraCore of Edge.
    • CVE-2019-8594, Arbitrary code execution in JavaSriptCore of Safari.
    • CVE-2019-0860, Arbitrary code execution in ChakraCore of Edge.
  • 2018
    • CVE-2018-4464, Arbitrary code execution in JavaSriptCore of Safari.
    • CVE-2018-4437, Arbitrary code execution in JavaSriptCore of Safari.
    • CVE-2018-4378, Arbitrary code execution in JavaSriptCore of Safari.
    • CVE-2018-4372, Arbitrary code execution in JavaSriptCore of Safari.
  • 2017
    • CVE-2017-7159, Arbitrary code execution with system privileges in macOS 10.13.1.
    • CVE-2017-8634, Memory corruption in ChakraCore of Edge.
  • 2016
    • CVE-2016-1665, Information leak in V8 of Chrome. (reward $1,000)
  • 2015
    • Local Privilege Escalation in OSX Yosemite (10.10.3) via Parallels
    • XSS in KakaoTalk