Daejun Kim Security Researcher

Home

πŸ™‹β€β™‚οΈ About Me

I am a security researcher who is interested in offensive cybersecurity. My primary research interests lie in finding, analyzing, and patching software vulnerabilities. In particular, I am interested in these areas: blockchain, web, and system security. Also, I've found hundreds of high-impact vulnerabilities while conducting security auditing projects so far.

πŸ“˜ Education

Mar. 2019 - Feb. 2021 M.S., Graduate School of Information Security, KAIST (Advisor: Sooel Son)
Mar. 2015 - Feb. 2019 B.S., Computer Engineering, Sejong University

πŸ’» Work Experience

Feb. 2021 - Theori, Security Researcher (Leader)
Mar. 2017 - Feb. 2019 Theori, Security Researcher
Jan. 2017 - Feb. 2017 Naver, Security Researcher (Intern)
Jul. 2016 - Aug. 2016 Naver, Security Researcher (Intern)

πŸ”Ž Extra Curricular

2019 - 2020 KAIST Information Security Club (KaisHack)
2015 - 2019 Sejong University Information Security Club (SSG)
2013 Best of The Best (2nd)
2012 - Wargame Site Administrator (XCZ.KR)

πŸ“ƒ Publications

  1. FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities
    Sunnyeo Park, Daejun Kim (co-leading author), Suman Jana, and Sooel Son.
    In proceedings of the USENIX Security Symposium, 2022
    [paper] [bib]

  2. AdCube: WebVR Ad Fraud and Practical Confinement of Third-Party Ads
    Hyunjoo Lee, Jiyeon Lee (co-leading author), Daejun Kim, Suman Jana, Insik Shin, and Sooel Son.
    In proceedings of the USENIX Security Symposium, 2021
    [paper] [bib]

  3. Who Spent My EOS? On the (In)Security of Resource Management of EOS.IO
    Sangsup Lee, Daejun Kim (co-leading author), Dongkwan Kim, Sooel Son, and Yongdae Kim.
    In Proceedings of the USENIX Security Symposium WorkShop on Offensive Technologies (WOOT), 2019
    [paper] [bib]

πŸ› Reported Bugs

IMMUNEFI-2021-4114 Theft of asset in Dinosaur eggs (NFT system)
CVE-2021-40102 Remote Code Execution in Concrete CMS
HACKERONE-2018-484463 Denial of Service in EOS blockchain node
HACKERONE-2018-398631 Denial of Service in EOS blockchain node
HACKERONE-2018-386785 Denial of Service in EOS blockchain node
KVE-2018-0049 Remote Code Exeuction in Kakao potplayer
KVE-2016-0852 Remote Code Exeuction in Kakao potplayer
KVE-2016-0851 Remote Code Exeuction in Kakao potplayer
KVE-2016-0580 Remote Code Exeuction in network router of Zio
KVE-2016-0573 Remote Code Exeuction in network router of WeVo
KVE-2016-0438 Remote Code Exeuction in Kakao potplayer
KVE-2016-0051 Remote Code Exeuction in Kakao potplayer
KVE-2016-0049 Remote Code Exeuction in Kakao potplayer
KVE-2016-0041 Remote Code Exeuction in Kakao potplayer
KVE-2015-0730 Remote Code Exeuction in Gom audio

πŸ† Honors and Awards

2022 1st place, Defcon 30 - Team MMM (CTF)
2019 Finallist, Defcon 27 - Team KaisHack (CTF)
2017 2nd place, Codegate - University (CTF)
2017 2nd place, Cyber Conflict Exercise - Defense Team (CTF)
2016 First prize, Whitehat Contest (CTF)
2016 3rd place, HDCON (CTF)
2016 First prize, KISA S/W Secure Coding Contest
2015 Excellence prize, KISA S/W Secure Coding Contest
2015 Bronze prize, Incognito IoT Hacking Contest (CTF)
2014 First prize, Best of The Best, Consulting Presentation Contest
2014 First prize, South Korea Youth Information Security Contest (CTF)
2014 First prize, Soongsil University (CTF)
2014 Finallist, Defcon 22 (CTF)
2013 First prize, Whitehat Contest (CTF)
2013 First prize, Whitehat Contest (CTF)
2013 Bronze prize, South Korea Youth Information Security Contest (CTF)
2012 Bronze prize, South Korea Youth Information Security Contest (CTF)
2012 Bronze prize, Hoseo University (CTF)