About
CHAN IN KIM (LOURCODE)
@TOOR (Team of offensive Research)
Interests
- Computer Science
- Software Vulnerability
- Embedded Hacking
Education
- Department of Computer Game Development, Korea Game Science High School
- Department of Information Security, Soonchunhyang Univ.
Experience
- 2020.3 ~ 2020.6, Mentee, K-Shield Jr, Security incident analysis & response
- 2023.7 ~ 2024.3, Mentee, KITRI Best of the Best 12th, Vuln Analysis, WhiteHat10
- 2024.3 ~ 2024.8, Internship, Offensive Researcher at S2W Inc.
- 2024.9 ~ now, Researcher at ENKI WhiteHat
Publications
- 2023
- 부채널 공격을 통한 임베디드 장비의 부트로더 보안 기법 우회에 관한 연구, 한국융합보안학회
Awards
- 2023
- 1st place, 충청권사이버보안경진대회
- 4th place, TS 보안 허점을 찾아라!
- 우수논문상, 한국융합보안학회 추계학술대회
Bug Reports
- 2023
- Wordpress 3rd-party Plugins
- CVE-2023-29439, XSS in FooGallery
- CVE-2023-30491, XSS in CodeBard’s Patron Button and Widgets for Patreon
- CVE-2023-32961, XSS in Katie Seaborn Zotpress
- macOS 3rd-party Apps
- CVE-2023-34190, REDACTED
- CVE-2023-7224, Code Injection in OpenVPN Connect for macOS
- Hikvision Web Components
- CVE-2023-28812, Remote Code Execution (Discovered with @ENVY)
- CVE-2023-28813, Remote Code Execution (Discovered with @ENVY)
- Hikvision NVR
- CVE-2024-29947, NULL Pointer Dereference (Discovered with @ENVY)
- CVE-2024-29948, Out-of-bounds read (Discovered with @ENVY)
- CVE-2024-29949, Command Injection (Discovered with @ENVY)
- Synology Surveillance Station
- CVE-2024-29228, Missing Authorization (Discovered with @ENVY)
- CVE-2024-29229, Missing Authorization (Discovered with @ENVY)
- CVE-2024-29241, Missing Authorization (Discovered with @ENVY)
- CVE-2024-29227, SQL Injection (Discovered with @ENVY)
- CVE-2024-29230, SQL Injection (Discovered with @ENVY)
- CVE-2024-29231, Improper Validation of Array Index (Discovered with @ENVY)
- CVE-2024-29232, SQL Injection (Discovered with @ENVY)
- CVE-2024-29233, SQL Injection (Discovered with @ENVY)
- CVE-2024-29234, SQL Injection (Discovered with @ENVY)
- CVE-2024-29235, SQL Injection (Discovered with @ENVY)
- CVE-2024-29236, SQL Injection (Discovered with @ENVY)
- CVE-2024-29237, SQL Injection (Discovered with @ENVY)
- CVE-2024-29238, SQL Injection (Discovered with @ENVY)
- CVE-2024-29239, SQL Injection (Discovered with @ENVY)
- CVE-2024-29240, Missing Authorization (Discovered with @ENVY)
- Wordpress 3rd-party Plugins
- 2024
- macOS 3rd-party Apps
- KVE-2024-0073, REDACTED
- CVE-2024-37885, Code Injection in Nextcloud Desktop for macOS
- macOS 3rd-party Apps