Skip to content
View leesh3288's full-sized avatar
  • Carnegie Mellon University
  • Pittsburgh, PA
  • X @0x10n

Organizations

@KAIST-GoN

Block or report leesh3288

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
leesh3288/README.md

Seunghyun Lee (a.k.a. "Xion")

Interests

  • System Security
  • Binary Analysis
  • Computer Architecture
  • Vulnerability Research & Exploitation

Affiliation

  • Ph.D. Student @ Carnegie Mellon University, Computer Science Department
  • B.S. @ KAIST (2018.02. ~ 2024.02.), CS&EE double major
  • Member of Plaid Parliament of Pwning (2024.08. ~)
  • Member of KAIST GoN (2018.03. ~)
    • Former leader of KAIST GoN (2020.03. ~ 2021.02.)
  • Member of zer0pts (2022.03. ~)
  • KAIST CERT Student Senior Member (2018.08. ~ 2021.02.)

Vulnerability Disclosures & Rewards

🧑‍💻
  • CVE-2024-12692: Type confusion in V8 in Google Chrome
  • CVE-2024-54479: Type confusion in WebKit in Apple Safari
  • CVE-2024-12381: Type confusion in V8 in Google Chrome
  • CVE-2024-10231: Type confusion in V8 in Google Chrome, exploited on v8CTF
  • CVE-2024-10230: Type confusion in V8 in Google Chrome, exploited on v8CTF
  • CVE-2024-9602: Type confusion in V8 in Google Chrome, exploited on v8CTF
  • CVE-2024-9122: Type confusion in V8 in Google Chrome, exploited on v8CTF
  • CVE-2024-8194: Type confusion in V8 in Google Chrome, exploited on v8CTF
  • CVE-2024-8385: Type confusion in Mozilla Firefox
  • CVE-2024-6779: Out of bounds memory access in V8 in Google Chrome
  • CVE-2024-9859 (1-day): Google Chrome v8CTF exploit
  • CVE-2024-6100: Type confusion in V8 in Google Chrome (TyphoonPWN 2024)
  • CVE-2024-40789: Out of bounds memory access in WebKit in Apple Safari
  • CVE-2024-3914: Use after free in V8 in Google Chrome (Pwn2Own Vancouver 2024)
  • CVE-2024-2886: Use after free in WebCodecs in Google Chrome (Pwn2Own Vancouver 2024)
  • CVE-2023-3390 (1-day): Google kernelCTF exploit in all LTS/COS/Mitigation instances, with Dongok Kim
  • CVE-2024-27934: Use after free in Deno to ACE
  • CVE-2024-27933: Permission prompt bypass in Deno to ACE
  • CVE-2023-29199, 30547, 37466, 37903: Sandbox escape in vm2
    • CVE-2023-35926, GHSA-22rr-f3p8-5gf8: Directus, Backstage affected by vm2 sandbox escape
  • CVE-2022-35951: Heap overflow in Redis XAUTOCLAIM to RCE
  • CVE-2022-35977: OOM DoS in Redis via single-parameter-controlled SETRANGE / SORT(_RO)

Awards and Honors

🏅
  • Acknowledgements
  • Security Competition / CTFs
    • 2024
      • 1st Place, DEFCON 32 CTF as MMM
        • Awarded Black Badge
      • Winner of TyphoonPWN 2024
      • Winner of Pwn2Own Vancouver 2024
    • 2023
      • Challenge author of zer0pts CTF 2023
      • 1st Place, CODEGATE CTF 2023 University Div. as KAIST GoN
      • 1st Place, Cyber Conflict Exercise 2023 (Overall Championship) as The Goose
      • 1st Place, DEFCON 31 CTF as MMM
    • 2022
      • Organized 2022 Spring / Fall GoN Open Qual CTF
      • 2nd Place, Cyber Conflict Exercise 2022 General Div. as The Goose
      • 1st Place, WACON 2022 as The Goose
      • 2nd Place, zer0pts CTF 2022 as Super HexaGoN
    • 2021
      • 1st Place, Whitehat Contest Korea 2021 Military Div. as ㅡㅡㅡ본선진출커트라인ㅡㅡㅡ
      • 2nd Place, LINE CTF 2021 as KimchiSushi
      • 2nd Place, zer0pts CTF 2021 as K-Students
    • 2020
      • Challenge author of CODEGATE CTF 2020
      • 1st Place, Cyber Operations Challenge 2020 General Div. as KAIST GoN
      • 1st Place, SECCON 2020 OnlineCTF as HangulSarang
      • 1st Place, TokyoWesterns CTF 6th 2020 as D0G$
    • 2019
      • Finalist, DEFCON 27 CTF as KaisHack GoN
      • 2nd Place, Cyber Operations Challenge 2019 as GoN
      • 3rd Place, CODEGATE CTF 2019 University Div. as KAIST GoN
    • 2018
      • Participation Award, 2018 National Cryptography Contest II-A Div.
  • Academic Awards / Scholarship
    • Doctoral Research Fellowship, KFAS (Fall 2024 -)
    • KAIST Presidential Fellowship, KAIST (Spring 2020 - Fall 2023)
    • Presidential Science Scholarship, KOSAF (Spring 2020 - Fall 2023)
    • Department Honors Scholarship, School of Computing, KAIST (Spring 2020)
    • Honor Student Program, KAIST (Spring 2020)
    • National Scholarship for Science and Engineering, KOSAF (Spring 2018 - Fall 2019)
    • Dean's List
      • Spring 2023, Fall 2020, Spring 2020, Fall 2019, College of Engineering, KAIST
      • Fall 2018, Spring 2018, School of Freshman, KAIST

Invited Talks

🗣️

Popular repositories Loading

  1. CVE-2023-4911 CVE-2023-4911 Public

    PoC for CVE-2023-4911

    C 381 58

  2. WinPwn WinPwn Public

    Windows Pwnable Study

    Python 327 36

  3. CTF CTF Public

    Repo for storing CTF related stuff (Writeups, etc.)

    JavaScript 50 8

  4. talks talks Public

    Repo for talk slides & materials

    14

  5. pwintools pwintools Public

    Forked from masthoon/pwintools

    Basic pwntools for Windows

    Python 5

  6. osv osv Public

    C 5