Hello,
|
Hacker Zer0Luck.

thumbnail

Timestamps

2016.08 ~ 2016.11
Nurilab Digital Forensics Intern 
2021.07 ~ 2022.04
Best of the Best 10th Vulnerability Analysis Track 
2022.05 ~
SCVSoft Blockchain Researcher 

Projects

Vulnerability analysis of commercial metaverse-based virtual office platform  
/static/ef0c45b61ed8315754a27e8f43889322/BOB_MVP.png
Photon
webGL
web3
ElectronJS
Unity
Javascript
[Application Portal feature (Portal to another space) SandBox Escape RCE] <br /> [Exposing API Sensitive Data via Redux Trick and Manipulating During Rendering] [Vulnerability of XSS attack-based unsafe token theft and elevated authority] <br /> [Iframe plugin XSS vulnerability] <br /> [Picket Static Object XSS Vulnerability] <br /> [CSRF-token bypass CSRF attack using apiCall.] <br /> [[Android][ENG] Forced exploitation of Pro (Use Speech Captions, Host Settings) based on Pro Feature Bypass[High]] <br /> [[Android][ENG] Forced exploitation of HostSettings(Mute,unMute,remove,respwan..) based on Client Owner bypass[High]] <br /> [[Android][ENG] Application Level DOS attack based on Pro Feature(Congregate Around Actor, Respawn)[High]] <br /> [[Android][ENG] Vulnerability of forcibly tampering and deleting contents based on room contents save function / Contents Object Version Null Exception DOS attack[High]] <br /> [[Android][ENG] Exposing 3D face modeling data External stored in Android storage[Low]] <br /> [[Android][ENG] Task Hijacking attack based on unsafe task management.[Medium]]
onthelook GraphQL Injection Code Execution  
react-native
graphql
nodejs
express
onthelook GraphQL Injection Code Execution
Development of window GUI binary fuzzing using the dump fuzzing theory.  
/static/11b0973c52b4a1db5dee5094314f7265/project_fuzz_fuzz.png
python
PyQt4
fuzz
win-driver
kernel
Exploit progress using Windows GUI binary fuzzing