Career Profile
Welcome! I am a proactive Security Engineer and an author of several books in the field of security, combining practical experience with academic insights. With over 9 years of experience in developing security solutions for electronic products and devices, my expertise lies in creating innovative approaches to safeguard against digital threats. Currently, I am furthering my knowledge as a Ph.D. student in Digital Forensics, deepening my understanding of this critical field.
Experience
Software Security Engineer
LG Electronics
2017-Present
- Design and establish systems for automating security vulnerability assessments.
- Conduct vulnerability discovery through fuzzing and exploit development for findings.
- Develop and implement mitigation plans and perform remediation activities.
- Establish Secure Development Lifecycle policies.
- Provide vulnerability assessments for smart TVs, vehicle components, and mobile devices.
- Conduct internal training on topics such as fuzzing, cryptography, Python, and digital forensics.
- Analyze and mitigate vulnerabilities in mobile applications (iOS and Android) by conducting malware analysis and vulnerability assessments.
- Conduct vulnerability discovery through fuzzing and exploit development for findings.
- Develop and implement mitigation plans and perform remediation activities.
- Establish Secure Development Lifecycle policies.
- Provide vulnerability assessments for smart TVs, vehicle components, and mobile devices.
- Conduct internal training on topics such as fuzzing, cryptography, Python, and digital forensics.
- Analyze and mitigate vulnerabilities in mobile applications (iOS and Android) by conducting malware analysis and vulnerability assessments.
Technologies Used: Python3, Swift, secure coding practices, fuzzing, exploit development for arm32/aarch64.
Software / System Operator (First Lieutenant)
Meteorological Data Center, Weather Wing, Republic of Korea Air Force
2012-2015
- Managed the weather computer server and the recovery of the server against incidents.
- Identified, analyzed, and improved system, network, and software vulnerabilities.
- Developed weather analysis software including a data transmitting program.
- Identified, analyzed, and improved system, network, and software vulnerabilities.
- Developed weather analysis software including a data transmitting program.
Technologies Used: Solaris, IBM AIX, Red Hat, DB, Web Service, C/C++, Incident response
Awards
Korea Copyright Protection Agency, 2022-12-05
Ministry of National Defense, 2022-11-15
Publication Industry Promotion Agency of Korea, 2020-07-28
Korean Digital Forensics Society, 2018-11-30
Korea Information Technology Research Institute, 2016-03-23
Publications
KIISE, KSC, 2023-12-20
Decoding Publishing Co, 2023-09-08
Journal of Digital Forensics, 2023-03-31
Acorn Publishing Co, 2022-04-30
Acorn Publishing Co, 2021-03-30
Acorn Publishing Co, 2020-02-28
V-makers, 2018-11-26
IEEE International Congress on Big Data (BigData Congress), 2017-06-25
KIISC, CISC-W, 2017-12-09
KIISC, CISC-S, 2017-06-22
Bpan Books, 2017-01-05
Bpan Books, 2016-12-22
Korean Digital Forensics Society, 2016-12-16
Projects
Contributor to MobSF (Mobile Security Framework)
- Contributed to the Mobile Security Framework (MobSF), a powerful automated tool for performing security assessments on mobile applications. Specifically, enhanced the parsing capabilities of Mach-O binaries(iOS) by adding improvements to ARC (Automatic Reference Counting) and Stack Canary Checks. This contribution helps in identifying and mitigating vulnerabilities more effectively in iOS applications, enhancing the security analysis capabilities of MobSF.
Contributor to Volatility 3 (open source project)
- Assisted in the development of the Linux and macOS plugins for Volatility 3, the most advanced memory forensics framework, and made valuable contributions to bug fixes within the volatility3 framework.
Awesome Fuzzing
- Managed and curated the Awesome Fuzzing page, a comprehensive resource that gathers top-notch research papers from leading conferences in the field of security testing. The page serves as a platform where individuals can access and explore a curated collection of cutting-edge publications related to fuzzing.
ARM Binary Exploitation Series
- Authored a series of blog posts on building and solving Protostar pwnable challenges in 32-bit ARM environment, covering topics such as ARM assembly programming, shellcode development, stack buffer overflow, return-to-libc attacks (Ret2Lib), return-oriented programming (ROP), sigreturn-oriented programming (SROP), format string bugs, and heap exploitation.
Volunteering
Pre-Viewer
Hanbit Publishing Network
2024-Present
Serving as a Pre-Viewer, critically reviewing Japanese IT books and providing feedback to enhance content quality before their translation into Korean.
Expert Adviser
Security Investigation Bureau, National Investigation Headquarters, National Police Agency
2022-Present
Conducting research on state-sponsored hacker groups such as North Korea, China, and Russia.
Mentor
South Korea's Military Cyber Command
2021-2023
Trained Military Information Security Professional Personnel in Cyber Security.
Technical Translator
Golang Korea
2023
Currently translating some chapters from the book "Efficient Go" by Bartlomiej Plotka, published by O'Reilly.
DFC(Digital Forensics Challenge) Organizer
Digital Forensics Research Society, Korea Information Security Association
2020-2021
Created questions for a challenge on iOS, Android, Memory Forensics, and Reverse Engineering.
Nuricops, Cyber Honorary Police
Seoul Metropolitan Police Agency
2019-2020
Participated in cybercrime prevention activities such as online monitoring, reporting, and applying for blocking.
Software Expert Mentor
Daedeok Software Meister High School
2017
Instructed digital forensics club activities.
Certified Digital Forensic Professional
Korea Digital Forensic Professional Association
2015-Present
Conducted research on digital forensics technology.