Product Security Engineer
Qualcomm
cwhan.tunz@gmail.com
choongwo@qti.qualcomm.com (last “o” is only one)
Interests
- Software Security
- Performance Engineering
- Fuzzing
Work Experience
- Engineer, Product Security
Qualcomm
Nov 2019 - Present - Software Engineer
NAVER
Working on AI (deep learning models) serving platform at Search team.
Nov 2018 - Oct 2019 - Security Engineer
NAVER
Make the Whale Browser secure
June 2017 - Nov 2018
Education
- M.S. Computer Science
Korea Advanced Institute of Science and Technology (KAIST)
Software Security Lab
March 2015 - Febraury 2017 - B.S., Computer Science and Engineering,
Ulsan National Institue of Science and Technology (UNIST)
March 2011 - February 2015
Publications
Conference
[1] Jaeseung Choi, Joonun Jang, Choongwoo Han, and Sang Kil Cha, “Grey-box Concolic Testing on Binary Code”, In Proceedings of the International Conference on Software Engineering (ICSE) 2019, Technical Track.
Journal
[1] Joohyun Lee, Kyunghan Lee, Choongwoo Han, Taehoon Kim, and Song Chong, “Resource-efficient Mobile Multimedia Streaming with Adaptive Network Selection”, IEEE Transactions on Multimedia (IF: 2.536), 2016.
Projects
- binch/binch-go: A ELF binary patch tool in console. This makes binary patch works easy and quick for small fixes.
- V8: JavaScript Engine of Chromium. I improved TypedArray performance and fixed security bugs (commits).
- Chow: Rough static analysis tool with micro-grammar written in Haskell.
(Selected) Vulnerability Reports [more]
- 2019
- Type Confusion in Chrome V8 (reward $5,000 / CVE-2019-5791) (link)
- 2018
- Out-of-bounds read in Chrome V8 (reward $4,500 / CVE-2018-6142) (link)
- 2017
- 2016
- Out-of-bounds write in Chrome V8 (reward $5,000 / CVE-2016-5200) (link)
- Memory Corruption in Chrome V8 (reward $5,000 / CVE-2016-5172) (link)
- Unauthorized branch access on GitHub (reward $5,000 + bonus $1,000) (link)
- Heap Buffer Overflow in Chrome V8 (reward $3,000 / CVE-2016-1669) (link)
- Out-of-bounds write in Chrome V8 (reward $5,000 / CVE-2016-1653) (link)
- 2015
- 2014
- Remote Code Execution in Dr.Soft Netclient5 PMS (reward XXX / KISA 14-084)
Hacking Competition Awards
- 2019
- Finalist, DEFCON CTF 27, Las Vegas (team CGC)
- 2018
- Finalist, DEFCON CTF 26, Las Vegas (team C.G.K.S)
- 2017
- 3rd place, Cyber Conflict Exercise & Contest 2017 (team 쿠앤크, award $4,000)
- Finalist, DEFCON CTF 25, Las Vegas (team RRR)
- 2015
- Finalist, SECCON CTF 2015 (team CodeRed), Japan
- 2nd place, HDCON 12 (team CodeRed) by KISA, South Korea (award $4,000)
- 2014
- 5th place, HDCON 11 (team CodeC) by KISA, South Korea (award $2,000)
- 2nd place, Incognito CTF (team CodeRed, award $600)
- Finalist, DEFCON CTF 22, Las Vegas (team CodeRed)
- 2013
- 1st place, Holyshield CTF (team CodePink) by Catholic University of Korea (award $1,000)
- 3rd place, Whitehat Hacking Contest (team HeXA) by MND, South Korea (award $8,000)
Groups
- KaisHack (2016)
- CodeRed (2013 ~)
- HeXA, UNIST Computer Security Club (2011 ~ 2014)
Talks
- 개발자가 꼭 알아야 할 보안 이야기 D2 Campus Seminar 2 Febraury 2015