Security Engineer
Naver Corporation
cwhan.tunz@gmail.com
cwhan.tunz@navercorp.com

Interests

• Software Security
• Program Analysis
• Fuzzing

Work Experience

• Security Engineer
  NAVER
  Make the Whale Browser secure
  June 2017 - Present
• Internship
  NAVER LABS
  Subject: JavaScript Engine Fuzzing (afl-fuzz-js)
  January 2015 - Febraury 2015

Education

• M.S. Computer Science
  Korea Advanced Institute of Science and Technology (KAIST)
  Software Security Lab
  March 2015 - Febraury 2017
• B.S., Computer Science and Engineering,
  Ulsan National Institue of Science and Technology (UNIST)
  March 2011 - February 2015

Hacking Competition Awards

• 2017
  • 3rd place, Cyber Conflict Exercise & Contest 2017 (team 쿠앤크, award $4,000)
  • Finalist, DEFCON CTF 25, Las Vegas (team RRR)
• 2015
  • Finalist, SECCON CTF 2015 (team CodeRed), Japan
  • 2nd place, HDCON 12 (team CodeRed) by KISA, South Korea (award $4,000)
• 2014
  • 5th place, HDCON 11 (team CodeC) by KISA, South Korea (award $2,000)
  • 2nd place, Incognito CTF (team CodeRed, award $600)
  • Finalist, DEFCON CTF 22, Las Vegas (team CodeRed)
• 2013
  • 1st place, Holyshield CTF (team CodePink) by Catholic University of Korea (award $1,000)
  • 3rd place, Whitehat Hacking Contest (team HeXA) by MND, South Korea (award $8,000)

(Selected) Vulnerability Reports [more]

• 2018
  • Out-of-bounds read in Chrome V8 (reward $4,500 / CVE-2018-6142) (link)
• 2017
  • Out-of-bounds access in Chrome V8 (reward $3,000 / CVE-2017-5122) (link)
  • Out-of-bounds read in Chrome V8 (reward $3,000 / CVE-2017-5071) (link)
  • Information Disclosure in Chrome V8 (reward $2,000 / CVE-2017-5040) (link)
• 2016
  • Out-of-bounds write in Chrome V8 (reward $5,000 / CVE-2016-5200) (link)
  • Memory Corruption in Chrome V8 (reward $5,000 / CVE-2016-5172) (link)
  • Unauthorized branch access on GitHub (reward $5,000 + bonus $1,000) (link)
  • Heap Buffer Overflow in Chrome V8 (reward $3,000 / CVE-2016-1669) (link)
  • Out-of-bounds write in Chrome V8 (reward $5,000 / CVE-2016-1653) (link)
• 2015
  • Remote Code Execution in GitHub for Mac (reward $2,500) (link)
  • XSS in Dropbox (reward $1,331) (post)
• 2014
  • Remote Code Execution in Dr.Soft Netclient5 PMS (reward XXX / KISA 14-084)

Publications

• Journals
  [1] Joohyun Lee, Kyunghan Lee, Choongwoo Han, Taehoon Kim, and Song Chong, “Resource-efficient Mobile Multimedia Streaming with Adaptive Network Selection,” IEEE Transactions on Multimedia (IF: 2.536), accepted for publication, 2016.

Projects

• Binch: A ELF binary patch tool in console. This tool will make binary patch works easy and quick for small fixes.
• V8: JavaScript Engine of Chromium. I improved TypedArray performance.
• Chow: Rough static analysis tool with micro-grammar writtn in Haskell.

Groups

• KaisHack (2016)
• CodeRed (2013 ~)
• HeXA, UNIST Computer Security Club (2011 ~ 2014)

Talks

• 개발자가 꼭 알아야 할 보안 이야기 D2 Campus Seminar 2 Febraury 2015