- Seokchan Yoon (@ch4n3.yoon)
- [email protected]
- A CTF player ๐ฐ๐ท
- Web Security Researcher @ STEALIEN (2020.07. ~ 2023.06.)
- Finalist, CODEGATE 2023 UNIVERSITY (team: ๊ฒฝํฌ๋๋ฏธ๋จํด์ปค๋ค)
- Finalist, CODEGATE 2022 UNIVERSITY (team: ๊ฒฝํฌ๋๋ฏธ๋จํด์ปค๋ค)
- Finalist (2nd, ๊ตญ๊ฐ๋ณด์์ฐ๊ตฌ์์ฅ์), 2022 ์ฌ์ด๋ฒ๊ณต๊ฒฉ๋ฐฉ์ด๋ํ(CCE) ๊ณต๊ณต๋ถ๋ฌธ Quals (team: resilience)
- Finalist (2nd, ๊ตญ๊ฐ๋ณด์์ฐ๊ตฌ์์ฅ์), 2021 ์ฌ์ด๋ฒ๊ณต๊ฒฉ๋ฐฉ์ด๋ํ(CCE) ๊ณต๊ณต๋ถ๋ฌธ Quals (team: resilience)
- 3rd, 2020 Kyunghee University Hackathon (team 1๋ฑ๋ชปํ๋ฉด๋๋ฐ์ ๋)
- Finalist (2nd, ์ฌ์ด๋ฒ์์ ์ฌ๋ น๊ด์), 2019 ์ฌ์ด๋ฒ์์ ๊ฒฝ์ฐ๋ํ ํ์๋ถ (team ์ค์์ฐฌTV๊ตฌ๋ ๊ณผ์ข์์์๋ฆผ์ค์ ๊น์ง)
- ๊ฐ์ธ์ ์ต์ฐ์์ (1st, ์์ธ์ฌ๋ ์ด์ฅ์), 2018 ์ 4ํ ์ ๋ณด๋ณด์๊ฒฝ์ง๋ํ ๊ฐ์ธ์์
- ๋จ์ฒด์ ์ต์ฐ์์ (1st, ๊ต์ก๋ถ ์ฅ๊ด์), 2018 ์ 4ํ ์ ๋ณด๋ณด์๊ฒฝ์ง๋ํ ๋จ์ฒด๋ณธ์ (team ๋ฌธ์์ฐ1์ธํ)
- Finalist (18th), CODEGATE 2018 JUNIOR
- 2nd, 2018 ์ 3ํ ์ ๊ตญ์ฒญ์๋ ๋ชจ์ํดํน๋ํ
- 3rd, 2018 ์ 16ํ SMARTEEN APP CLUB AppJam Hackathon
- ๋จ์ฒด์ ์ต์ฐ์์ (1st, ํ๊ตญ๊ต์กํ์ ์ ๋ณด์์ฅ์), 2017 ์ 3ํ ์ ๋ณด๋ณด์๊ฒฝ์ง๋ํ ๋จ์ฒด๋ณธ์ (team 4-day exploit)
- ์ฐ์์(2nd), 2017 KMU(๊ตญ๋ฏผ๋ํ๊ต) X UBUNTU 1st CTF
- NBB-1126, Stored XSS
- NBB-1143, SQL Injection
- NBB-1260, Stored XSS
- NBB-2315, Reflected XSS
- NBB-2316, Reflected XSS
- NBB-2314, Reflected XSS
- CVE-2024-7592: Quadratic complexity parsing cookies with backslashes
- CVE-2023-36053: Potential regular expression denial of service vulnerability in
EmailValidator
/URLValidator
- CVE-2024-24680: Potential denial-of-service in intcomma template filter
- CVE-2024-27351: Potential regular expression denial-of-service in
django.utils.text.Truncator.words()
- CVE-2024-21520: Cross-Site Scripting (XSS) in browserable API of django-rest-framework
- CVE-2024-41991: Potential denial-of-service vulnerability in
django.utils.html.urlize()
andAdminURLFieldWidget
- CVE-2024-53908 : Potential SQL injection in
HasKey(lhs, rhs)
on Oracle
- CVE-2024-39877: Apache Airflow: DAG Author Code Execution possibility in
airflow-scheduler
- CVE-2024-39863: Apache Airflow: Potential XSS Vulnerability
- CVE-2024-45034: Apache Airflow: Authenticated DAG authors could execute code on scheduler nodes
- CVE-2024-41123: DoS vulnerabilities in REXML
- CVE-2024-47887: Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
- CVE-2024-41128: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
- CVE-2024-38809: Spring Framework DoS via conditional HTTP request
- KBS <์ฒญ๋ ์ผ์๋ฆฌํ๋ก์ ํธ ์ฌ์ฅ๋์ด ็พ์ณค์ด์> ์ฌ๋ด ์ต์ฐ์ ์ฐ๊ตฌ์์ผ๋ก ์ถ์ฐ
- ์ฌ๋์ธ ๊ธฐ์ ์คํ ๋ฆฌ <์คํธ๋ฆฌ์ธ> ํธ ์ถ์ฐ
- ์ ํ๋ธ โ์ธ์ธ๋ด๋น์โ ์ฑ๋ <์คํธ๋ฆฌ์ธ> ํธ ์ถ์ฐ
- <๋ชจ๋ ์น ์๋น์ค์์์ ๋ฒ๊ทธ์ผ์ด์ค์ ์ํ์ด์ฝ๋ฉ> (@STEALIEN Security Semiar; 3S)
- For English Reader, <Bug Cases and Secure Coding Techniques, in Modern Web Services>
- Related Press Releases (Kor): https://www.boannews.com/media/view.asp?idx=107983&kind=
- Replay: https://www.youtube.com/watch?v=6YgSTZ9i7Vk
- <Django 1-day Vulnerability Analysis> (@HackingCamp 26th ๐ฐ๐ท)
- I analyzed and shared disclosed vulnerabilities with high severity to Django Project, 2022
- Reference: http://hackingcamp.org/
- <Django Framework N-day Vulnerability Analysis & Secure Coding Guide> (@CODEGATE 2023 ๐ฐ๐ท)
- I issued some insecure usages in django with analyzing 1-day vulnerabilities and gave secure coding guide
- Reference: https://codegate.org/sub/conference
- <ํด์ปค์ ๊ด์ ์์ ๋ฐ๋ผ๋ณธ Django Framework> (@PyCon KR 10th)