- Seokchan Yoon (@ch4n3.yoon)
- [email protected]
- A CTF player 🇰🇷
- Web Security Researcher @ STEALIEN (2020.07. ~ 2023.06.)
- 최우수상(1st, 국방부 장관상), 2024 화이트햇콘퍼런스 (team: 키보드워리어플랫폼) 용사부문 Quals
- Finalist, CODEGATE 2023 UNIVERSITY (team: 경희대미남해커들)
- Finalist, CODEGATE 2022 UNIVERSITY (team: 경희대미남해커들)
- Finalist (2nd, 국가보안연구소장상), 2022 사이버공격방어대회(CCE) 공공부문 Quals (team: resilience)
- Finalist (2nd, 국가보안연구소장상), 2021 사이버공격방어대회(CCE) 공공부문 Quals (team: resilience)
- 3rd, 2020 Kyunghee University Hackathon (team 1등못하면동반입대)
- Finalist (2nd, 사이버작전사령관상), 2019 사이버작전경연대회 학생부 (team 윤석찬TV구독과좋아요알림설정까지)
- 개인전 최우수상 (1st, 서울여대 총장상), 2018 제 4회 정보보안경진대회 개인예선
- 단체전 최우수상 (1st, 교육부 장관상), 2018 제 4회 정보보안경진대회 단체본선 (team 문시우1인팀)
- Finalist (18th), CODEGATE 2018 JUNIOR
- 2nd, 2018 제 3회 전국청소년모의해킹대회
- 3rd, 2018 제 16회 SMARTEEN APP CLUB AppJam Hackathon
- 단체전 최우수상 (1st, 한국교육학술정보원장상), 2017 제 3회 정보보안경진대회 단체본선 (team 4-day exploit)
- 우수상(2nd), 2017 KMU(국민대학교) X UBUNTU 1st CTF
- NBB-1126, Stored XSS
- NBB-1143, SQL Injection
- NBB-1260, Stored XSS
- NBB-2315, Reflected XSS
- NBB-2316, Reflected XSS
- NBB-2314, Reflected XSS
- CVE-2024-7592: Quadratic complexity parsing cookies with backslashes
- CVE-2023-36053: Potential regular expression denial of service vulnerability in
EmailValidator/URLValidator - CVE-2024-24680: Potential denial-of-service in intcomma template filter
- CVE-2024-27351: Potential regular expression denial-of-service in
django.utils.text.Truncator.words() - CVE-2024-21520: Cross-Site Scripting (XSS) in browserable API of django-rest-framework
- CVE-2024-41991: Potential denial-of-service vulnerability in
django.utils.html.urlize()andAdminURLFieldWidget - CVE-2024-53908 : Potential SQL injection in
HasKey(lhs, rhs)on Oracle
- CVE-2024-39877: Apache Airflow: DAG Author Code Execution possibility in
airflow-scheduler - CVE-2024-39863: Apache Airflow: Potential XSS Vulnerability
- CVE-2024-45034: Apache Airflow: Authenticated DAG authors could execute code on scheduler nodes
- CVE-2024-41123: DoS vulnerabilities in REXML
- CVE-2024-47887: Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
- CVE-2024-41128: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
- CVE-2024-38809: Spring Framework DoS via conditional HTTP request
- KBS <청년일자리프로젝트 사장님이 美쳤어요> 사내 최연소 연구원으로 출연
- 사람인 기업스토리 <스틸리언> 편 출연
- 유튜브 ‘인싸담당자’ 채널 <스틸리언> 편 출연
- <모던 웹 서비스에서의 버그케이스와 시큐어코딩> (@STEALIEN Security Semiar; 3S)
- For English Reader, <Bug Cases and Secure Coding Techniques, in Modern Web Services>
- Related Press Releases (Kor): https://www.boannews.com/media/view.asp?idx=107983&kind=
- Replay: https://www.youtube.com/watch?v=6YgSTZ9i7Vk
- <Django 1-day Vulnerability Analysis> (@HackingCamp 26th 🇰🇷)
- I analyzed and shared disclosed vulnerabilities with high severity to Django Project, 2022
- Reference: http://hackingcamp.org/
- <Django Framework N-day Vulnerability Analysis & Secure Coding Guide> (@CODEGATE 2023 🇰🇷)
- I issued some insecure usages in django with analyzing 1-day vulnerabilities and gave secure coding guide
- Reference: https://codegate.org/sub/conference
- <해커의 관점에서 바라본 Django Framework> (@PyCon KR 10th)