Profile
Highly motivated and team-friendly individual with diverse experiences not only in Automotive penetration testing, but also in Web Hacking, and collaborative projects. Proficient in various programming languages, frameworks, and tools. Experienced in leading teams and contributing to open-source projects.
Keywords: Automotive, Penetration Testing, Reverse Engineering, UDS (ISO 14229-1), Cyber Security, UN R.155
Career
- 2023.10 - present: Automotive Penetration/Security Tester, AutoCrypt Red Team
- Performed penetration testing on various ECUs including infortainments, an instrumental cluster, and a telematics control unit, based on the TARA method (ISO/SAE 21434) and discovered possible vulnerabilities on Yocto Linux, QNX, and AUTOSAR based systems.
- I reported 11 issues in 5 ECUs. 5 issues were classified as incidents, and were reported to the CEO of Hyundai Mobis (Problems from Past Projects). It was a collaboration project with Hyundai Mobis.
- SPI: focused on sniffing data by connecting exposed SPI lines and dumping data of an exposed SOIC-8 chip on an instrument cluster.
- V2X (Vehicle-to-Everything): focused on CAM/DENM and BSM functionalities. Specialized in reverse engineering V2X communication services and developing test plans.
- BLE (Bluetooth Low-Energy): counseled a client how to test BLE features using well-known vulnerabilities.
- Contributed to Vehicle Type Approval efforts of In-Vehicle Infotainment (IVI) hardware by ensuring there were no vulnerabilities in CAN/UDS (ISO/SAE 14229-1) and a media player on IVI.
- 2020.10 - 2021.02: Application Developer Intern, PETNER Co., Ltd.
- Developed community service using Flutter and Ruby on Rails frameworks.
- 2019.03 - 2020.10: CERT Team, Republic of Korea Army
- Led a CERT squad, managing team members and executing missions.
- Handled cyber security incidents across multiple divisions.
- 2021.01 - 2022.06: Undergraduate Researcher, Kyonggi University NSE Lab
- Researched blockchain technologies and security vulnerabilities.
- Studied security flaws in Ethereum dApps and coin economics.
- Key Projects
- The Dia programming language (2024): A functional programming language focused on portability and simplicity. Additionally, a Yocto recipe for Dia is available.
- The Ch1keen Wiki (2023): Maintaining a web site collecting cyber security tips, written in Next.js.
- 4 CTF Challenges in two CTFs (2023): Made 2 Cryptography, 1 Pwn, 1 Web challenges. This project was a collaboration with STEALIEN.
- A Pwnable CTF Challenge (2023): Inspired by CVE-2018-14665.
- DevSecOps Container Security Platform (2022): A container managing platform integrating image signing and vulnerability scanning in CI/CD pipelines. Most of the code is written in Python, and is open source.
Vulnerability Findings
Volunteer Experience
- Soksok Camp(쏙쏙캠프) by Ministry of Education (Korea)
- Each university club goes to a middle school or a high school and teaches to the student. My club went to a middle school in Daejeon in the summer of 2018. It was an educational charity project by the Ministry of Education of Korea.
- My club taught basic computer science and security to the students. One of my roles was addressing the money spent by the club during the camp.
- My club got a great reputation from the students, so my club awarded a top prize (Minister of Education's) in 2019.
- Open Source Contributions
- Nix and Ronin: Packaged the Ruby based project 'Ronin' into the Nixpkgs.
- r2angr: Provided Proof-of-Concept code how to decompile with angr.
- KITRI BoB Alumni Council: Mar. 2023 - Dec. 2023
- Former member of the council, contributing to organizing workshops and alumni events.
- Promoted cybersecurity education and awareness among university students.
- State Of Origin CTF 2023
- Volunteered as a challenge creator and organizer for a CTF competition operated by Cybersecurity clubs of University of Queensland and University of New South Wales. Created 5 unique and engaging challenges.
- UbuCon Asia 2022
- Volunteered as a front desk staff at the event, helping to register and assist attendees, including international guests.
Awards and Recognitions
- 2025 South Jeolla Province Web Security Competition - Excellence Award
- 4th Place, Def Con Car Hacking Village (2024)
- Collaborated with the AutoCrypt Red Team, focusing on RAMN challenges.
- Provided reverse engineering insights and identified necessary tools for challenge solutions.
- Facilitated team communication with event staff to obtain critical hints and guidance.
- 2023 Brainhack CDDC CTF (Singapore) - Final 20th Place
- 2023 Hacktheon Sejong International Univ. Students' Cyber Security Competition (Korea) - Final 21st Place
- 2021 KOSPO Web Security Competition - Encouragement Award
- 2020 TS Security Competition 'Find Security holes' - Excellence Award
- Blood Donation Merit Award (Silver)
Education & Training
- 2023.02: Global Cyber Security 2023 in Singapore
- 2022.06 - 2023.03: KITRI Best of the Best 11th - Vulnerability Analysis Track
- 2017.03 - 2023.02: Kyonggi University
- Bachelor of Convergence Security (Double Major)
- Bachelor of Electronics Engineering (Double Major)
- Total GPA: 3.91/4.5
Certifications
- Fourth Class Amateur Radio Operator (Korea)
- SQL Developer (SQLD)
- Engineer Information Processing (정보처리기사)
- Duolingo English Test (DET): 125 (Top B2, Bottom C1 of CEFR)
Gratefully made with Elm
Copyright 2024. Ch1keen, all rights reserved.