HyungSeok Han Computer Security Researcher DaramG

About Me

Education

  • 2018.3 -
    Ph.D., Gradute School of Information Security @KAIST SoftSec

  • 2017.3 - 2018.2
    M.S., Gradute School of Information Security @KAIST SoftSec

  • 2012.2 - 2017.2
    B.S., Computer Science @KAIST

Publications

  1. B2R2: Building an Efficient Front-End for Binary Analysis (to appear)
    Minkyu Jung, Soomin Kim, HyungSeok Han, Jaeseung Choi, and Sang Kil Cha.
    In Proceedings of the NDSS WorkShop on Binary Analysis Research (Best Paper Award) , 2019

  2. CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines (PDF)(Github)
    HyungSeok Han, DongHyeon Oh, and Sang Kil Cha.
    In Proceedings of the Network and Distributed System Security Symposium , 2019

  3. IMF: Inferred Model-based Fuzzer (PDF)(Github)
    HyungSeok Han, and Sang Kil Cha.
    In Proceedings of the ACM Conference on Computer and Communications Security , 2017

  4. Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations (PDF)
    Hongil Kim, Dongkwan Kim, Minhee Kwon, Hyungseok Han, Yeongjin Jang, Dongsu Han, Taesoo Kim, and Yongdae Kim
    In Proceedings of the ACM Conference on Computer and Communications Security , 2015

Hacking Competition Awards

  • 2018
    • 1st place, KISA Data Challenge (Automated Vulnerability Detection Track)
  • 2017
    • 1st place, Whitehat Contest 2017 by Ministry of National Defense, South Korea (award $30,000)
    • 1st place, HDCON 14 by KISA, South Korea (award $20,000)
    • 3rd place, CODEGATE 2017 Global Hacking Competition (award $5,000)
    • Finalist, SECCON CTF 2017
  • 2016
    • 5th place, DEFCON CTF 24
    • Finalist, HITCON CTF 2016
  • 2015
    • Finalist, SECCON CTF 2015
  • 2014
    • 2nd place, Whitehat Hacking Contest 2014 (award $20,000)
    • Finalist, DEFCON CTF 22
    • Finalist, CODEGATE 2014 Global Hacking Competition
    • Finalist, SECUINSIDE CTF

Bug Reports

  • 2019
    • CVE-2019-0923, Memory corruption in ChakraCore of Edge.
    • CVE-2019-8594, Arbitrary code execution in JavaSriptCore of Safari.
    • CVE-2019-0860, Arbitrary code execution in ChakraCore of Edge.
  • 2018
    • CVE-2018-4464, Arbitrary code execution in JavaSriptCore of Safari.
    • CVE-2018-4437, Arbitrary code execution in JavaSriptCore of Safari.
    • CVE-2018-4378, Arbitrary code execution in JavaSriptCore of Safari.
    • CVE-2018-4372, Arbitrary code execution in JavaSriptCore of Safari.
  • 2017
    • CVE-2017-7159, Arbitrary code execution with system privileges in macOS 10.13.1.
    • CVE-2017-8634, Memory corruption in ChakraCore of Edge.
  • 2016
    • CVE-2016-1665, Information leak in V8 of Chrome. (reward $1,000)
  • 2015
    • Local Privilege Escalation in OSX Yosemite (10.10.3) via Parallels
    • XSS in KakaoTalk