Webhacker of South Korea
Defcon 28 Finalist

  • Name: posix (Beomjin Lee)
  • Age: 22
  • Participation
    • 2020 DEFCON CTF Quals 7th (Team koreanbadass)
    • 2020 Plaid CTF 4th (Team koreanbadass)
    • 2020 X-MAS GTF 3nd (Team Defenit)
    • 2020 Securinets CTF 2nd (Team Defenit)
    • 2020 CONFidence CTF Quals 1st (Team DDP)
    • 2020 Pragyan CTF 3rd (Team Defenit)
    • 2019 Christmas CTF 2nd (Team Anti PPP)
    • 2019 DVP Korea Blockchain CTF 1st (Team POSIX)
    • 2019 HolyShield CTF 2nd (Team Defenit)
    • 2019 BISC Open CTF 1st (Team POSIX)
    • 2019 Rooters CTF 1st (Team Defenit)
  • Speaker
    • HackingCamp 19, PoC Security (The Beginning and End of Web Hacking)
  • Project
    • NodeJS Module Vulnerability Automation Analysis on Best of the Best 8th
  • Organizer
    • 2019 Layer7 CTF : JSTrick
    • 2019 SUA CTF : Make Shorten, WDB
  • Development
  • Bounty Records
    • KVE-2019-1024, 1162 Youngcart RCE x 2
    • KVE-2019-1158, 1159, 1160 Youngcart XSS x 3
    • KVE-2019-1158 Youngcart SSRF
    • KVE-2019-0990, 1157 Youngcart SQL Injection x 2
    • KVE-2019-1151 Amina Builder Arbitary File Download
    • KVE-2019-821, 860, 994, 995, 1014 Gnuboard XSS x 5
    • KVE-2019-0993 Gnuboard RCE
    • KVE-2019-0991 Youngcart Purchase Bypass
    • KVE-2019-0979 KakaoBank Stored XSS
    • NBB-283, 313, 314, 315, 321, 331, 365, 382, 383, 386, 392, 405, 424, 452, 455, 457, 458, 459, 485, 486, 487, 515 XSS on Naver Web Service x 22
    • NBB-918 Information disclosure on Naver Web Service
    • NBB-320 SSRF on Naver Web Service
    • Ridibooks Bypass authentication at admin page
    • Ridibooks Account Takeover
    • Ridibooks XSS x 11, Open Redirection x 5
    • Gate.io Virtual Currency Exchange Stored XSS
    • Drive.net CRLF Injection
    • CVE-2019-17592 CSV-Parse ReDOS
    • NodeJS: Including lodash Prototype Pollution, static-eval Sandbox Escape, Total 51 Vulnerabilities on NPM Modules.