What is the target?

me.jpg

UNIST CSE master's student

Detailed CV


Hi, My name is Wonil Jang. My research interests focus on finding vulnerabilities in both closed and open-source software.
Especially, I am interested in fuzzing and hacking moving devices (e.g., cars, drones, ships, etc.). My motto is “No Pain, No Gain.” Happy hacking!










ADVISOR HISTORY

  • 2025.03.03 ~ now: Joined CSSL and working with Prof. Hyungon Moon at UNIST.
  • 2024.02.26 ~ 2025.03.02: Joined S2Lab at UNIST. Prof. Yuseok Jeon moved to Korea University at the end of 2024.


PUBLICATIONS

  • 2025 CMASan: Custom Memory Allocator-aware Address Sanitizer
    Junwha Hong, Wonil Jang, Mijung Kim, Lei Yu, Yonghwi Kwon, and Yuseok Jeon
    In IEEE Symposium on Security and Privacy (S&P), 2025.


AWARDS

  • 2024 Grand Prize Winner (General Division) of the Ulsan Hacking CTF Competition - Ulsan Police Agency
  • 2023 Grand Prize in the Buulgyeong Cybersecurity Hackathon - Graduate School of Convergence Security, PNU
  • 2023 Best of the Best 11th WhiteHat10 Award - KITRI
  • 2022 Outstanding Paper Award at the Korea Internet of Things Association - KIOT
  • 2021 Link Industry Cooperation Best Artificial Intelligence Advanced Course Award - LINC Industry Cooperation, UOU
  • 2021 23rd Hacking Camp SINCERE Hacker Award - HackingCamp
  • 2019 Excellence Award in the Training Course on Analysis and Response of Cyber Infringement Accidents - UIPA
  • 2019 Network Forensics Practical Training Course Excellence Award - UIPA


SPECIAL ACTIVITIES

  • 2024 Attended CCS Conference
  • 2022~2023 Completed the Best of the Best 11th
  • 2021 Attended the 23rd Hacking Camp
  • 2020 Attended the K-Security competition on using artificial intelligence to identify malware
  • 2019 Attended the 22nd Hacking Camp


CTF

  • 2024 Ulsan Hacking competition CTF 4th / 23th ( Team: yummyshell, General Division Winner )
  • 2024 M0lECON CTF ( Team: yummyshell )
  • 2024 UNIST CSE web security CTF 1st / 27th ( Individual )
  • 2023 Dreamhack Christmas CTF 8th / 147th ( Team: yummyshell, i.e., the former name OASIS, 3 people )
  • 2021 Hacking Camp CTF 4th ( Team, 4 people )


FOUND VULNS

  • CVE-2023-7152, CVE-2023-7158, CVE-2024-8946, CVE-2024-8947, CVE-2024-8948 in MicroPython
  • CVE-2023-7104 in SQLite3
  • CVE-2023-46256: Heap Buffer Overflow in Open Source PX4 Drone
  • KVE-2022-1969: IoT RCE by webshell with root permission
  • KVE-2022-2162: BLE Replay Attack
  • KVE-2022-2328: IoT DoS Attack By BOF
  • KVE-2022-2329: IoT DoS Attack By BOF

*CVE = Common Vulnerabilites and Exposures
*KVE = Korean Vulnerabilites and Exposures ( The company name and device inforamation cannot be specified )