Gyuho Lee

DFIR Specialist • Security Researcher

iidx

[email protected] linkedin

About Me

Nick Name
» extr

Interested In
» Cyber Threat Intelligence » Web Service Development » Tea & Whisky

CTF & Research Groups

2019-	HypwnLab, South Korea » Nondisclosure 1-day & 0-day Research Group
2015-2017	DCUA, Multinational » CTF Team (dcua & some Penthackon members)
2014-2015	Penthackon, Multinational » CTF Team (Penthackon & some WOWHACKER members)
2013-	WOWHACKER, South Korea » Research Group
2012-2013	TeamTMP, South Korea » CTF Team (4th & factorial)
2011-2012	4th, South Korea » CTF Team

Experience

Security Technical Engineer, NCSOFT Gyeonggi, South Korea	May 2021 - Present -
» Developing of automation of operation tasks of security infrastructure and heterogeneous security systems

Senior Researcher, Plainbit Co., Ltd. Gyeonggi, South Korea	Aug 2019 - May 2021 1 year 10 months
» Supported DFIR(Digital forensics and incident response) service. » Developed DFIR-related tools for the public good. » Analyzed APT accidents and study countermeasures.

Security Researcher, SEWorks Inc. Seoul, South Korea / CA, United States	Feb 2017 - Nov 2018 1 year 10 months
» Military Service (Skilled industrial Personnel) » Developed automation tools for products operation and management of backend servers. » Developed modules to analyze malicious APKs.

Software Vulnerability Analyst, WINS Co., LTD. Gyeonggi, South Korea	Jan 2016 - Jan 2017 1 year
» Vulnerability research and 1-day vulnerabilities analysis on Microsoft products. » Developed malicious behavior analysis module included in APT attack detection appliance. » Reviewed appliance bug bounty reports.

Achievement/Awards

Only showing the results of top 3 places and finalists of memorable CTFs,

International
2020	1st place, InterKosen CTF	Japan
2020	1st place, Defenit CTF	South Korea
2019	1st place, Harekaze CTF	Japan
2019	3rd place, DFRWS IoT Forensic Challenge, write-up	United States
2018	2nd place, Digital Forensic Challenge 2018	South Korea
2017	2nd place, ASIS CTF Finals	Iran
2017	3rd place, Volga CTF	Russia
2016	Finalist, TrendMicro CTF	Japan
2016	2nd place, EKOPARTY CTF 2016	Argentina
2016	1st place, ASIS CTF Finals	Iran
2016	1st place, Volga CTF	Russia
2014	Finalist, DEFCON 22 CTF	United States

Domestic
2022	Finalist, Cyber Conflict Exercise	Daegu, South Korea
2019	Finalist, Cyber Conflict Exercise	Busan, South Korea
2015	1st place, 14th HUST Hacking Festival	Seoul, South Korea
2015	1st place, Find the Digital Culprit	Seoul, South Korea
2015	1st place, Inc0gnito Hacking Competition	Seoul, South Korea
2014	3rd place, Find the Digital Culprit	Seoul, South Korea
2013	3rd place, Whitehat Contest	Seoul, South Korea
2013	3rd place, Find the Digital Culprit	Seoul, South Korea
2011	Bronze Prize, Soonchunhyang University 'Y.I.S.F.'	Asan, South Korea
2011	Bronze Prize, Tongmyong University 'Information Science Olympiad'	Busan, South Korea

Portfolio

Software Vulnerability Reports

CVE-2022-41156	Remote Code Execution, Ondisk Player Agent
CVE-2022-23766	Arbitrary File Execution, BigFile Agent
CVE-2020-7881	Remote Code Execution, AfreecaTV streamer service
CVE-2019-12808	Local Privilege Escalation, ALTOOLS update service
RIDI Bug Bountry	Remote Code Execution, Ridibooks Qt Viewer
KVE-2018-1470	Remote Code Execution, Infoleak NDA
KVE-2018-0128	Remote Code Execution, NDA
KVE-2018-0058	Heap Buffer Overflow, NDA
KVE-2017-0226	Remote Code Execution, NDA
KVE-2017-0129	Arbitrary File Read, NDA

CTF Organizer and Challenge Author

2021	Organizer and Challenge author, ACSC » Challenge write-up: NYONG Coin & BitLocker Artifact
2021	Challenge author, 强网杯全国网络安全挑战赛
2020	Challenge author, PBCTF » Challenge write-up: Vaccine Stealer
2020	Organizer and Challenge author, Bingo CTF » Challenge write-up: ISO & Disassembed
2018	Challenge author, Cyber Conflict Exercise & Contest
2015-2016	Organizer and Challenge author, Christmas CTF
2015	Challenge author BoB CTF
2013-2016	Organizer and Challenge author, KAIST and POSTECH Science War (Hacking)
2012-2013	Organizer and Challenge author, Hoseo Information Security Challenge

Presentation

2019	Memory forensics using volatility, Supreme Prosecutors' Office » SPO training course
2014	WOWHACKER OFFSET open hacking seminar - 1^st., WOWHACKER » Analyze and demonstrate ADD(Attention Deficit Disorder) technology of memory anti-forensics.