Xion
@0x10n
Followers
1,783
Following
103
Media
30
Statuses
319
To-be CMU PhD student / Winner of Pwn2Own Vancouver '24, TyphoonPWN '24, kernelCTF, v8CTF, DEFCON 31 CTF, ... / KAIST GoN '18 & @zer0pts
Daejeon, Republic of Korea
Joined August 2020
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Paris
• 951856 Tweets
OAT MAIYARAP X FREENBECKY
• 675847 Tweets
#iHERBLivexENGLOT
• 475379 Tweets
#MyLoveMixUpTHep8
• 306168 Tweets
#ดุจอัปสรตอนจบ
• 115964 Tweets
SNCF
• 106785 Tweets
#それスノ
• 74776 Tweets
ニコニコ復活
• 61178 Tweets
WE LOVE YOU ELVISHYADAV
• 59037 Tweets
フジロック
• 53812 Tweets
Watch Satsang Of Sant RampalJi
• 47532 Tweets
França
• 37474 Tweets
モノノ怪
• 32481 Tweets
Snoop Dogg
• 31806 Tweets
#PostponeGrandBiniverse
• 30496 Tweets
Zico
• 30396 Tweets
オリンピックの開会式
• 29285 Tweets
コインor時短
• 27785 Tweets
#笑うマトリョーシカ
• 22082 Tweets
トイストーリー
• 19402 Tweets
#ساعه_استجابه
• 18995 Tweets
Obamas
• 17356 Tweets
Roxxxy
• 10510 Tweets
キラーズ
• 10055 Tweets
just a sloppy poc
0
45
180
vm2 is now officially deprecated due to several vulnerabilities under disclosure process.
4
44
134
Not bad for a first time I guess :)
7
3
104
yay :)
now back to praying for tomorrow's Edge+Chrome double-tap entry 🙏
6
3
91
I've uploaded a list of resources that I accumulated throughout learning Windows pwnable. The list isn't exactly well sorted, but hopefully it would be useful as a reference for those trying to learn Windows pwnable with Linux backgrounds.
3
24
71
I only have a vague guess on what that $20k is (I don't have issue tracker visibility), but anyways GG :)
2
4
68
2nd place on zer0pts CTF 2022 with
@SuperGuesser
+ KAIST GoN.
Due to COVID cohort I only had my lowly smartphone for the whole CTF, but one has to cope with such environments :)
Solved gitfileexplorer, chirashi-sushi
modern-rome, memsafed, accountant, sbx-note, redis-lite (1/2)
3
10
64
vm2 sandbox escape on versions up to 3.9.15 (and yes, this is different from the async exception vuln)
1
15
61
Submitted my latest research on browser security to Black Hat USA
#BHUSA
related to my two Pwn2Own entries! Looking forward to discuss about finding and exploiting the bugs, revealing long overlooked design issues & show even more exploit techniques in the way :)
@BlackHatEvents
0
4
58
😉
💻 It looks like Chrome was PWNed with an RCE. We're now looking into the details and verifying everything
0
7
64
0
5
51
Recognized that I reported another v8sbx escape (not the one from p2o) about a week before this... 💸
The V8 Sandbox is now in scope for Chrome VRP for bypass submissions, meeting specific criteria, with rewards up to $5,000!
Please see the Chrome VRP rules [] for full submission criteria and eligibility details.
0
10
100
0
1
43
Ranked
#1
at WACon 2022 Quals (a local ctf w/ chals made by
@SuperGuesser
) with old KAIST GoN members ironore15,
@c0m0r1
&
@gPayl0ad
as "The Goose". Still in my mandatory military service so had to play on an overnight stay outside.
Review: CTF was tasty, Dewar's 12yo was fun.
0
7
36
This revealed to be the best random draw ever 🎉
1
2
36
Played HITCON CTF 2020 part-time as G0D (KAIST GoN + Definit +zer0pts). I had too much univ stuff on my hands so couldn't participate much. Solved Revenge of Pwn and worked on Archangel Michael's Storage, got all infoleaks but had no time to ROP 😭
4
2
31
I authored 4 challenges - the X-box series (not the console, it's X-mas sandBox so don't sue me)
X-box:
Rusty X-box:
Tasty X-box:
Crusty X-box:
Authored some challenges for 2023 X-mas CTF:
CTF starts at Dec. 23 10:00 and ends at Dec. 25 23:59 (UTC+9).
Challenges are crowdsourced from the Dreamhack user community.
Relax, have fun and enjoy Christmas and the CTF!
1
8
25
1
5
27
Authored some challenges for 2023 X-mas CTF:
CTF starts at Dec. 23 10:00 and ends at Dec. 25 23:59 (UTC+9).
Challenges are crowdsourced from the Dreamhack user community.
Relax, have fun and enjoy Christmas and the CTF!
1
8
25
Yet another one on ~3.9.16:
(CVE-2023-30547)
Note that this isn't the only bug patched in 3.9.17.
vm2 sandbox escape on versions up to 3.9.15 (and yes, this is different from the async exception vuln)
1
15
61
0
8
23
* 2022 Fall GoN Open Qual CTF 개최 *
2022 Fall GoN Qual CTF가 개최됩니다!
기간: 8.22 22:00 ~ 8.29 21:00(KST)
URL:
이번 대회는 KAIST 정보보호대학원과 사이버보안연구센터의 후원을 받아 진행되며 다양한 상품이 준비되어 있으니 많은 참여 부탁드립니다.
0
3
24
퍼너블만 뚝딱하고 가야지
-> 0솔 문제는 풀어주는게 예의 아닐까?
-> 솔버 적은 문제들 몇 개만 더 볼까?
-> blockchain만 한번 해볼까?
-> 다른 컨텐츠도 없는데 남은 문제들 다 털어내야 깔끔하지 않을까?
3
0
23
Ranked 2nd place in zer0pts CTF 2021 as K-Students (KaisHack GoN x PLUS x CyKor). Solved Stopwatch, GuestFS:AFR, OneShot, nasm kit. All first-blood except for AFR.
Short writeup:
3
2
22
Played Google CTF as
@Water_Paddler
by
@kaanezder
's suggestion, ranked 5th place.
TBH due to my current affiliation I couldn't play much, but still a good experience overall.
0
0
21
Ranked
#1
for
#seccon
2020 ctf as a member of KAIST GoN under the alliance team HangulSarang in commemoration of Hangul Day ()
Solution for kvdb, first blood out of two solvers. Worked together with
@ashuu_lee
, great teamwork.
1
2
21
A tad late tweet, but here's the Finals result:
Ranked
#1
at WACon 2022 Quals (a local ctf w/ chals made by
@SuperGuesser
) with old KAIST GoN members ironore15,
@c0m0r1
&
@gPayl0ad
as "The Goose". Still in my mandatory military service so had to play on an overnight stay outside.
Review: CTF was tasty, Dewar's 12yo was fun.
0
7
36
0
3
21
CVE-2024-3400 seems awfully similar to a bug I found in a domestic networking/IoT device vendor lol... they just never stop using unsanitized attacker-controlled session ids to create filenames haha
0
1
17
Yet another GoN Qual chals seen later in public CTFs: Fimbulvetr, which I rate myself as one of the best web chal I have made so far :)
0
1
17
Happened to come across this bug recently as it still exist on LTS versions.
Interestingly a new refcount overflow bug seem to be accidentally introduced as a bugfix?
However on latest LTS (6.1.x) neither of the bugs can actually be triggered... (1/2)
Security: ChromeOS: Local privilege escalation due to use-after-free in u32 classifier
0
1
12
1
3
15
Ranked 1st @ 2020 Christmas CTF from with
@mathboy770
,
@stereotype32
,
@RBTree_
.
Solved address_book (only solver 😎), show me the pcap & the "guessy parts" of XP 😉
1
2
15
Was initially writing a chal exploiting CVE-2022-31144 for 2022 GoN Open Qual CTF, but found out this bug and couldn't resist making a 0-day chal 😅
The two bugs exhibit the same exploit primitives, so technically no change in chal difficulty.. probably 😏
[RELEASE: Redis 7.0.5 is out!
Upgrade urgency is SECURITY due to CVE-2022-35951.
Mailing list discussion:
0
8
28
0
3
14
Author's writeup for F, G, H, I, J:
2022 Fall GoN Open Qual CTF has finally concluded after a week-long run. Congratulations to all the top rankers and GG to all the participants for the great work!
I authored F ~ J: Heliodor (Web), Emerald Tablet (Web), Reconquista (Pwn), Redis-made (Pwn), NPU (Pwn). (1/2)
3
1
12
0
2
14
KAIST GoN에서 주최하는 내부 CTF 대회가 Dreamhack 플랫폼에서 최초로 공개되어 진행됩니다.
CTF는 3월 15일부터 7일간 진행되며 쉬운 문제부터 화끈한 문제까지 총 20문제 가량 준비되어 있습니다.
소정의 상품도 준비가 되어있으니 많은 참여 부탁드립니다!
0
2
13
2022 Spring GoN Open Qual CTF에 참가해주신 여러분 모두 수고 많으셨습니다!
저는 NullNull, Unconventional, Trino 시리즈, Showdown 총 7문제를 출제했습니다.
한달도 안된 따끈따끈한 CVE, 유사 0-day도 있는 출제진의 writeup을 아래에서 확인하실 수 있습니다.
1
3
13
"최소" 웹문제 츄라이츄라이~
3
1
13
2022 Fall GoN Open Qual CTF has finally concluded after a week-long run. Congratulations to all the top rankers and GG to all the participants for the great work!
I authored F ~ J: Heliodor (Web), Emerald Tablet (Web), Reconquista (Pwn), Redis-made (Pwn), NPU (Pwn). (1/2)
3
1
12
This is my writeup for the winsanity chal of CODEGATE 2020 CTF Finals. For those interested in trying out the challenge without knowing the solution, keep away from "exploit_writeup" and "prob_src" folder :)
#codegatectf
#codegate2020
0
5
11
PoC & RCA:
vm2 sandbox escape on versions up to 3.9.15 (and yes, this is different from the async exception vuln)
1
15
61
0
1
11
In case anyone's interested, here are some (pwn/rev oriented) of the challenge binaries + my solutions for 2020 Cyber Operations Challenge Qual & Finals.
0
4
11
Thank you for playing 2022 Spring GoN Open Qual CTF!
I wrote a total of 7 challenges: NullNull, Unconventional, Trino series and Showdown.
You can check out authors' writeup below, which even contain a 20-day old CVE and a pseudo 0-day.
0
3
11
CVE-2021-32687 reported as duplicate😂, found CVE-2021-32672 in the way but didn't bother🤔
There's more to come😉
0
3
11
Oh no just seen a commit fixing a bug that I immediately recognize, why did I not analyze this one step further 🥲
1
0
9
2021 대한민국 화이트햇 콘테스트 (전 사이버작전경연대회)의 팀원을 구하고 있습니다.
현재 대한민국 국군 (육/해/공/해병/국직 전부 포함) 소속, CTF 참여 경험이 있으며 수상을 목표로 같이 참여를 원하시는 분이라면
@pr0cf51
또는
@0x10n
에게 DM주시면 됩니다.
2021년 사이버작전경연대회에 함께 나갈 분의 DM을 기다리고 있습니다.
조건:
- 대한민국 국군(육해공, 국직)에서 근무
- CTF참여경험이 있으며 수상을 목표로 하시는분
* 저희는 현재 3명이 모인상태이며, 마지막 한명을 기다리는 중입니다.
1
4
10
1
4
8
For 2022 Spring GoN Open Qual CTF, the first (experimental) public CTF held by KAIST GoN, I authored a challenge that require players to exploit this bug to obtain RCE!
Visit
@dreamhack_io
to check out the chal "Showdown" ⬇️
1
0
7
Creating random ctf chals and solving them is my hobby these days since I can't participate CTFs in real time 😂
3
0
7
Had a brief participation in KipodAfterFree 2020 CTF as KAIST GoN. Solved yet another Windows pwnable chal, APT41. The solving process felt like 80% forensics oriented reversing + 20% pwnable...
0
1
6
Halfway through, 5 chals (3 pwn, 1 web, 1 crypto) still waiting for their first blood!
🚩 2022 Fall 𝙂𝙤𝙉 Open Qual 현재 랭킹
8개 문제를 해결하신 G0RiyA님께서 1위를,
as3617님, imssm99님께서 차례로 2, 3위를 지키고 계십니다!
➤ 442명 참여 중
➤ 풀리지 않은 문제 5개!
➤ 포렌식 문제 추가 예정
8월 29일까지 계속되니 모두 파이팅이에요 👊
🔗
0
2
3
0
0
6
I took part in CODEGATE 2020 CTF Finals event as the challenge author of winsanity. It was my second authored chal (first one being winterpreter chal of Quals). There were 0 solvers, so I'll publish a detailed writeup soon.
#codegatectf
#codegate2020
0
3
6
Wonder why PwnKit seem so awfully familiar? The root cause is same with that of one-gadgets crashing on Busybox...
I bet I've seen this multiple times on CTFs, just to name one that I made: "Format Sniper" on
@dreamhack_io
featuring the bug as a "fun gimmick" 😏
1
0
5
* 2022 Fall GoN Open Qual CTF Upcoming *
2022 Fall GoN Qual CTF is held once again!
Period: 8.22 22:00 ~ 8.29 21:00 (UTC+9)
URL:
This CTF is sponsored by KAIST GSIS & CSRC, and various prizes* are prepared so enjoy!
* Delivered only locally (to Korea).
0
1
5
@RBTree_
"So to me seems like a notorious coincidence" 🤡
Coincidence can happen, but it just highlights the lack of proper research into previous studies (or in this case, related chals)
I really don't get it, why would anyone copy a chal on a public, competitive, properly sponsored CTF?
0
0
4
... all with great teammates. Many of the above chals were just me finding vulns and throwing my teammates PoCs since writing exploits and debugging takes forever on a smartphone keyboard :(
I wrote the solvers for redis-lite and chirashi-sushi, others by teammates. (2/2)
0
0
4
CCE2020 babyshell, easyransom, keyboord, lost_treasure, simple_{cmdshell, pwn, rop, uaf} 풀었습니다... 중간에 실험 관련 준비로 어디 갔다온거 아니면 socks도 걸어볼 만한 솔브각인데 아쉽네요
1
1
4
@5aelo
Does the "Exploit requires JIT compilation" mean that it's exploitable in jitless mode, or simply that the bug/exploit does not directly involve a bug within JIT compilation? AFAIK jitless disables WASM, so I assume most of the WASM-related bugs would still require JIT?
1
0
3
...with the remaining 0.99 chals being eebpf, got AAR/W but had no firepower nor time left to do the remaining works 😭
Blind Shot was certainly a interesting chal, both because of the exploitation technique and because I've made an almost exactly same challenge...
(2/n)
1
0
3
4 days since CTF start, 3 pwnables still waiting for their First Blood!
Try it out at
CTF held internally by KAIST GoN is first being held open to all players on
@dreamhack_io
platform.
The competition takes place in March 15 22:00 ~ March 22 21:00 (UTC+9). We've prepared about 20 chals ranging from baby to spicy, so enjoy!
2
1
2
1
1
3
Working on renovating a server from Windows Server + VMWare Workstation to Proxmox VE. Quite easy to use as well as being super flexible 👍
0
1
3
~31.5hrs left!
Still no solvers for Trino: Rendezvous, Trino: Mirai, Showdown 🧐
0
0
3
...which was going to be released in GoN internal CTF, but now since it's been released once again I might have to modify some parts 😏
TL;DR writeup:
Vi deteriorated: C++ exception handling + elegant heap shaping
Blind Shot: One-shot double-staged FSB (argv-flipping)
(3/n)
1
0
3