Harold Kim
Backend Developer • Security Researcher
github stypremail [email protected]  · [email protected]pubkey›  

Experience

Security Engineer, Flatt Security Inc.
Tokyo, Japan
May 2020 - PRESENT
6 months
» Finding vulnerabilities in client's softwares and websites, not limited to penetration tests.
» Developing security-related testing tools and products for clients.
» Researches on 0day, finding 0day etc.
Senior Security Engineer, LINE Corporation
Tokyo, Japan
Feb 2019 - Apr 2020
1y 3 months
» Mainly focused on finding vulnerabilities in LINE and its affiliates' products.
» Developed automated blackbox security analysis tools and tools for detecting potential risks on services.
» Security consulting, Reviewing bugbounty reports, recruitment support, etc.
Senior Security Researcher, SEWorks Inc.
Seoul, South Korea
June 2014 - Nov 2018
4y 5 months
» Focused mainly on core server management and backend service development.
» Developed core products, including product maintanence. (Used python, GoLang+Redis, PHP, Java, etc.)
» Frequently performed vulnerability checks and penetration tests on flagship products.
» Focused on security researches for future developments.
Signaller, ROK Army
Paju, South Korea
Nov 2016 - Aug 2018
1y 8 months
» Discharged as Sergeant. Received several awards while working in the army.
» Maintained internal systems, managed and monitored security firewalls.
» Developed an application which automatically checks security status and prints out the report on every boot.
» Developed a pentest software to increase awareness on side-effects of using smartphones in the army.

Education

Undergraduate Student, University of Toronto Sept. 2014 - June 2015
9 months
» Currently studying as an undergraduate, and is going to acquire a Bachelor’s degree at some point.
» Currently on a long leave for jobs.
International Baccalaureate Diploma Sept. 2012 - June 2014
1y 9 months
» Acquired International Baccalaureate Diploma for Secondary School.
» Studied in India

Achievements

Only showing the results of top 3 places and finalists of memorable CTFs, otherwise this page will fill up with dozens of CTF results.
International
2020 Finalist, DEFCON 28 CTF United States
2020 1st place, InterKosen CTF Japan
2019 1st place, Hack.lu CTF 2019 Germany
2019 1st place, RCTF 2019 China
2019 1st place, *CTF 2019 China
2019 1st place, Harekaze CTF Japan
2019 1st place, 0CTF/TCTF 2019 Finals China
2019 Finalist, DEFCON 27 CTF United States
2018 Finalist, Real World CTF 2018 China
2018 1st place, BCTF 2018 China
2018 3rd place, Hack.lu CTF 2018 Germany
2017 Finalist, CodeGate CTF 2017 South Korea
2017 1st place, ASIS CTF Finals 2017 Iran
2017 1st place, BSides San Francisco CTF United States
2016 2nd place, EKOPARTY CTF 2016 Argentina
2016 2nd place, Silk Road CTF 2016 China
2016 2nd place, Insomni'hack 2016 Switzerland
2016 1st place, ASIS CTF 2016 Finals Iran
2016 1st place, C4CTF 2016 Saudi Arabia
2016 1st place, TU CTF 2016 United States
2016 1st place, Sharif University CTF Iran
2016 2nd place, Internetwache CTF Germany
2016 Finalist, PHDays 2016 Russia
2015 1st place, Hack Zone Tunisia 2015 Tunisia
2015 1st place, Break In 2015 India
2015 2nd place, HITB CTF 2015 Netherlands
2015 Finalist, CSAW CTF 15 United States
2014 Finalist, CSAW CTF 14 United States
2014 Finalist, DEFCON 22 CTF United States
2014 2nd place. Olympic Sochi CTF 2015 Russia
Domestic
2020 2nd place, Cyber Operations Challenge (Whitehat Contest) Seoul, South Korea
2019 1st place, Cyber Operations Challenge (Whitehat Contest) Seoul, South Korea
2018 1st place, Korean Army Hacking Defense Contest Daejeon, South Korea
2015 1st place, 14th HUST Hacking Festival Seoul, South Korea
2015 1st place, 2015 Inc0gnito Hacking Competition Seoul, South Korea

Portfolio

Disclosed vulnerabilities
CVE-2020-5659, CVE-2020-5662, CVE-2020-5663, CVE-2020-5664
Multiple vulonerabilities in XooNIps
CVE-2020-5631
XSS Bypass in CMONOS.JP
CVE-2020-5640
Unauthenticated LFI to RCE in OneThird CMS
CVE-2020-15188, CVE-2020-15182, CVE-2020-15189, CVE-2020-15183
Multiple Remote Code Execution in SoyCMS and Soy Inquiry
CVE-2020-15159
Cross Site Scripting/Remote Code Execution in baserCMS
CVE-2019-6002
Cross-site Scripting in LINE Central Dogma
KVE-2018-0441, KVE-2018-0449, KVE-2018-0439
Broken cryptosystem leading to MySQL password leakage in GNUBoard 4
Cross-site Scripting * 2 and Remote Code Execution in GNUBoard 4
Writeup
Payment Bypass, Cross-site Scripting, Open Redirect in Ridibooks
Writeup
Unauthenticated / Authenticated Remote Code Execution in EC-Cube
CTF Organizer and Challenge Author 2014 - PRESENT
2020


Organizer and challenge author, BingoCTF 2020.
» Made challenges for temporary, simpleboard and guestbook
» Linux kernel module was also implemented to detect cheating behaviors efficiently.
2019 Author, babypress and lfi2019, XCTF Finals 2019.
2018

Author, moehost and gameshop, ASISCTF 2018 Quals.
Writeups are available here.
2016
2015
2014
Organizer and challenge author, KAIST and POSTECH Science War (Hacking)
» Domestic University CTF in South Korea
» Some of challenged released in the Science War are available in Stereotyped Challenges
Stereotyped Challenges Oct. 2014 - PRESENT
6y 1 month

» Operating and developing a website consisting of extremely technical offensive security challenges.
» Most of challenges are solely developed and tested by me. all challenges are sandboxed seperately.
» Sourcecode of the website is currently available on //github.com/stypr/chall.stypr.com
Web Fuzzer development and its utilization June 2014
Talked on WOWHACKER 2nd Seminar. Seoul, Korea

» a.k.a. Introduction to web fuzzer development.
» Demonstrated the process of web fuzzer development and its utilization, including the practical usage of fuzzers and its utilizations.

Patent

Apparatus and method for managing apk file in a android platform May 2016
Patent ID: KR101623096B1, 5 inventors

» The present invention provides an apparatus for managing APK file in an android platform configured to prevent an executable file in an APK file from being analyzed through reverse engineering and decompilation in advance