KITRI "BEST OF THE BEST" 9th Vulnerability Analysis
- (Project. VirtualBoBs : Virtualization Software Bug Hunting)
- Project Leader. Unreal Engine Bug Hunting (10th)
- Project Leader. Apple Safari Bug Hunting [A.K.A ApplePIE] (11th)
Work
- Security Researcher @ SSD Labs (2022.05 ~ Now)
- Undergraduate Student Researcher @ DNSLab, Korea University (2021.08 ~ Now)
Research
- Zero Day Execution(@Zerocution)
- DNSLab, Korea University
Interests
- Browser, Virtualization, Kernel N-Day Research
Contact
- Personal E-Mail :
pwnable@korea.ac.kr - Work E-Mail :
dohyunl@ssd-disclosure.com
Awards
- LG Electronics Vulnerability Report Letter of Appreciation
- Microsoft 2022 Q1 TOP 100 Security Researcher
- Mozilla 2022 Q1 Firefox Bug Bounty Rewards Hall of Fame
- [$10,000 Donated] - Apple Web Service Security Acknowledgements Hall of Fame (November. 2022)
CTF
- CyberOC '사이버작전경연대회' 2019 Finals
- Timisoara CTF 2019 Finals
- The Hacking Championship Junior '더 해킹 챔피온십 주니어' 2019 Finals
- CyberOC '사이버작전경연대회' 2020 Finals
- Information Security Olympiad '정보보호올림피아드' Finals 2020 (Bronze Prize)
🥉 - VolgaCTF 2021 Finals
- HackTheon '전국 대학생 사이버보안 경진대회' 2022 (3rd prize)
🥉
Security Report
Browser
- Heap Buffer Overflow (OOB Wrtie) in Google Chrome V8 Internationalization : CVE-2022-1638
- Out-Of-Bounds Write in Apple Safari ICU : CVE-2022-32787
- UI Spoofing in Apple Safari : CVE-2022-32816
- Heap Buffer Overflow (OOB Read) in Google Chrome ANGLE: Chrome BETA, Issue 1335688
- UI Spoofing in Apple Safari : CVE-2022-42799
- Type Confusion in Apple Safari JavaScriptCore : CVE-2022-42823
- Same-Origin Policy Bypass in Apple Safari DataTransfer : CVE-2022-42824
- Same-Origin Policy Bypass in Apple Safari DataTransfer : CVE-2022-46698
- Download Protections Bypass in Mozilla Firefox : CVE-2022-46875
- Type Confusion in Apple Safari StreamAPI : CVE-2023-23517, [ApplePIE]
- Type Confusion in Apple Safari StreamAPI : CVE-2023-23518, [ApplePIE]
- Same-Origin Policy Bypass in Mozilla Firefox : CVE-2023-25741
- Out-Of-Bounds Access in Mozilla Firefox : CVE-2023-29531
- Use-After-Free in Apple Safari Web Inspector : CVE-2023-28201
- Insufficient policy enforcement in Google Chrome Safe Browsing: Issue 1343317
Virtualization
- Denial of Service in Oracle VirtualBox : CVE-2021-2086, CVE-2021-35540
- Remote Code Execution in Oracle VirtualBox : CVE-2022-39421
Enterprise Software
- RCE in Polaris Office : CVE-2021-34280
- RCE or Info Leak in Foxit PDF Reader : CVE-2021-34973, CVE-2021-45978, CVE-2021-45979, CVE-2021-45980, CVE-2022-24370, CVE-2022-24356, ZDI-CAN-15299, CVE-2022-24954, CVE-2022-24955, CVE-2022-30557, CVE-2021-42678, CVE-2021-42679, CVE-2022-37376, CVE-2022-37377, CVE-2022-37378
- RCE in Microsoft Office : CVE-2022-22004
- RCE in Adobe Product : CVE-2022-23202
Anti Virus
- LPE in McAfee Product : CVE-2022-0129
- LPE in Trend Micro Product : CVE-2022-26319, CVE-2022-26337
- RCE in Trend Micro Apex One : CVE-2023-25143
VPN
- LPE in Mozilla VPN : CVE-2022-0517
Driver
- RCE in Samsung Driver : SVE-2022-0082 (CVE-2022-27842), SVE-2022-0083 (CVE-2022-27843), SVE-2022-0115 (CVE-2022-28541), SVE-2021-24333 (CVE-2022-28779), SVE-2022-0854 (CVE-2022-30744), SVE-2022-1099 (CVE-2022-33711), SVE-2022-0855(CVE-2022-36840), SVE-2022-1770(CVE-2022-39845)
- RCE in Microsoft Windows Upgrade Assistant : CVE-2022-24543
