Choongwoo Han computer security researcher tunz

Security Engineer
Naver Corporation
cwhan.tunz@gmail.com
cwhan.tunz@navercorp.com

Interests

  • Software Security
  • Program Analysis
  • Fuzzing

Experience

  • Security Engineer
    Naver
    Make the Whale Browser more safe
    June 2017 - Present
  • Internship
    Naver LABS
    Subject: JavaScript Engine Fuzzing (afl-fuzz-js)
    January 2015 - Febraury 2015
  • Internship
    Mobile Smart Networking Lab, UNIST
    Subject: Low Latency TCP Congestion Control Algorithm
    Advisor: Kyunghan Lee
    Febraury 2012 - December 2014

Education

  • M.S. Computer Science
    Korea Advanced Institute of Science and Technology (KAIST)
    Software Security Lab
    March 2015 - Febraury 2017
  • B.S., Computer Science and Engineering,
    Ulsan National Institue of Science and Technology (UNIST)
    March 2011 - February 2015

Hacking Competition Awards

  • 2017
    • Finalist, DEFCON CTF 25, Las Vegas (team RRR)
  • 2015
    • Finalist, SECCON CTF 2015 (team CodeRed), Japan
    • 2nd place, HDCON 12 (team CodeRed) by KISA, South Korea (award $4,000)
  • 2014
    • 5th place, HDCON 11 (team CodeC) by KISA, South Korea (award $2,000)
    • 2nd place, Incognito CTF (team CodeRed, award $600)
    • Finalist, DEFCON CTF 22, Las Vegas (team CodeRed)
  • 2013
    • 1st place, Holyshield CTF (team CodePink) by Catholic University of Korea (award $1,000)
    • 3rd place, Whitehat Hacking Contest (team HeXA) by MND, South Korea (award $8,000)

(Selected) Vulnerability Reports [more]

  • 2017
    • Out-of-bounds read in Chrome V8 (reward $3,000 / CVE-2017-5071) (link)
    • Information Disclosure in Chrome V8 (reward $2,000 / CVE-2017-5040) (link)
  • 2016
    • Out-of-bounds write in Chrome V8 (reward $5,000 / CVE-2016-5200) (link)
    • Memory Corruption in Chrome V8 (reward $5,000 / CVE-2016-5172) (link)
    • Unauthorized branch access on GitHub (reward $5,000 + bonus $1,000) (link)
    • Heap Buffer Overflow in Chrome V8 (reward $3,000 / CVE-2016-1669) (link)
    • Out-of-bounds write in Chrome V8 (reward $5,000 / CVE-2016-1653) (link)
  • 2015
    • Remote Code Execution in GitHub for Mac (reward $2,500) (link)
    • XSS in Dropbox (reward $1,331) (post)
  • 2014
    • Remote Code Execution in Dr.Soft Netclient5 PMS (reward XXX / KISA 14-084)

Publications

  • Journals
    [1] Joohyun Lee, Kyunghan Lee, Choongwoo Han, Taehoon Kim, and Song Chong, “Resource-efficient Mobile Multimedia Streaming with Adaptive Network Selection,” IEEE Transactions on Multimedia (IF: 2.536), accepted for publication, 2016.

Projects

  • Binch: A ELF binary patch tool in console. This tool will make binary patch works easy and quick for small fixes.

Groups

  • KaisHack (2016)
  • CodeRed (2013 ~)
  • UNIST Computer Security Club, HeXA (2011 ~ 2014)

Talks