Daejin Lee (이대진)

Security Researcher Work at S2W Inc.   starlight0x0 at protonmail.com   [PGP Key]

Research Interest

Software Security, fuzzing, binary analysis and exploit development.

Education

• Sep. 2019 - Aug. 2021, M.S. in Graduate School of Information Security, KAIST SoftSec (Advisor : Sang Kil Cha)
• Mar. 2015 - Feb. 2019, B.S. in Cyber Defense, Department of Cyber Defense, Korea University (Advisor: Hee Han)

Professional Experience

• Sep. 2021 - Present, Senior Researcher at S2W, R&D Team
• Dec. 2017 - Apr. 2019, Research Intern at Theori, R&D Team
• Feb. 2014 - July 2014, Research Intern at GrayHash, WhiteHash Program

Awards

• DEF CON CTF 26 Final, 1st place as Team DEFKOR00t, Las Vegas, USA, 2018
• Korea University Research Scholarship, 2018
• DEF CON CTF 25 Final, 4th place as Team DEFKOR, Las Vegas, USA, 2017
• Korea University Research Scholarship, 2017
• Belluminar WCTF, 2nd place as Team CyKor ($30,000 award), Beijing, China, 2016
• DEF CON CTF 24 Final, 3rd place as Team DEFKOR, Las Vegas, USA, 2016
• DEF CON CTF 23 Final, 1st place as Team DEFKOR, Las Vegas, USA, 2015
• MSIT Minister Prize in Information Security Education Program (₩20,000,000 award), KITRI BoB, 2015
• Google Security Hall of Fame, 2012
• Facebook Security Hall of Fame, 2011-2012

Publications

[2]	Protecting against Data-Reuse Attacks Daejin Lee, Junoh Lee, and Sang Kil Cha. Conference on Information Security and Cryptography-Summer(Best Paper Award), 2021 [LINK]
[1]	NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis Jaeseung Choi, Kangsu Kim, Daejin Lee, and Sang Kil Cha. IEEE Symposium on Security and Privacy (S&P, Oakland), 2021 [PDF] [GitHub]

Vulnerability Reports

• CVE-2022-24548, Denial of Service in Windows Defender, 2022 [LINK]
• N/A, Remote Code Execution in Blizzard Games(Reported to Hackerone), 2022
• N/A, Remote Code Execution in Riot Games(Reported to Hackerone), 2022
• CVE-2020-1053, Local Privilege Escalation in Windows Kernel, 2020
• CVE-2020-1246, Local Privilege Escalation in Windows Kernel, 2020
• CVE-2020-17004, Local Privilege Escalation in Windows Kernel, 2020
• CVE-2020-7335, Local Privilege Escalation in McAfee Antivirus(Reported to ZDI, ZDI-20-1388), 2020
• NBB-1025, Local Privilege Escalation in Naver Antivirus(Reported to Naver bug bounty), 2020
• N/A, Memory Corruptions in Mruby Interpreter(Reported to Hackerone, $20,000 award), 2017
• N/A, Remote Code Execution in Blizzard Games(Reported to Hackerone), 2017
• CVE-2015-5685, Denial of Service in uTorrent/BitTorrent Bootstrap Server(Reported to ZDI, ZDI-15-366), 2015
• CVE-2015-5685, Denial of Service in uTorrent/BitTorrent Bootstrap Server(Reported to ZDI, ZDI-15-367), 2015
• CVE-2014-8509, Denial of Service in uTorrent/BitTorrent Bootstrap Server(Reported to ZDI, ZDI-14-370), 2014
• N/A, Stored Cross-Site Scripting in Facebook(Reported to Facebook bug bounty), 2012
• N/A, Stored Cross-Site Scripting in Google(Reported to Google bug bounty), 2012
• N/A, Windows Application Vulnerabilities (Reported to KISA bug bounty):
  CMS, Active X, Antivirus, etc.