What is the target?

me.jpg

UNIST CSE master's student

Detailed CV


Hello, My name is Wonil Jang. My advisor is Prof. Hyungon Moon. My research interests focus on finding vulnerabilities in both closed and open-source software.
Especially, I am interested in fuzzing and hacking moving devices (e.g., cars, drones, ships, etc.). My motto is “No Pain, No Gain.” Happy hacking!










ADVISOR HISTORY


  • 2025.03.03 ~ now: Joined CSSL and working with Prof. Hyungon Moon at UNIST.
  • 2024.02.26 ~ 2025.03.02: Joined S2Lab at UNIST. Prof. Yuseok Jeon moved to Korea University at the end of 2024.


PUBLICATIONS


  • 2025 CMASan: Custom Memory Allocator-aware Address Sanitizer
    Junwha Hong, Wonil Jang, Mijung Kim, Lei Yu, Yonghwi Kwon, and Yuseok Jeon
    In IEEE Symposium on Security and Privacy (S&P), 2025.


AWARDS


  • 2024 Grand Prize Winner (General Division) of the Ulsan Hacking CTF Competition - Ulsan Police Agency
  • 2023 Grand Prize in the Buulgyeong Cybersecurity Hackathon - Graduate School of Convergence Security, PNU
  • 2023 Best of the Best 11th WhiteHat10 Award - KITRI
  • 2022 Outstanding Paper Award at the Korea Internet of Things Association - KIOT
  • 2021 Link Industry Cooperation Best Artificial Intelligence Advanced Course Award - LINC Industry Cooperation, UOU
  • 2021 23rd Hacking Camp SINCERE Hacker Award - HackingCamp
  • 2019 Excellence Award in the Training Course on Analysis and Response of Cyber Infringement Accidents - UIPA
  • 2019 Network Forensics Practical Training Course Excellence Award - UIPA


SPECIAL ACTIVITIES


  • 2024 Attended CCS Conference
  • 2022~2023 Completed the Best of the Best 11th
  • 2021 Attended the 23rd Hacking Camp
  • 2020 Attended the K-Security competition on using artificial intelligence to identify malware
  • 2019 Attended the 22nd Hacking Camp


CTF


  • 2024 Ulsan Hacking competition CTF 4th / 23th ( Team: yummyshell, General Division Winner )
  • 2024 M0lECON CTF ( Team: yummyshell )
  • 2024 UNIST CSE web security CTF 1st / 27th ( Individual )
  • 2023 Dreamhack Christmas CTF 8th / 147th ( Team: yummyshell, i.e., the former name OASIS, 3 people )
  • 2021 Hacking Camp CTF 4th ( Team, 4 people )


FOUND VULNS


  • CVE-2023-7152, CVE-2023-7158, CVE-2024-8946, CVE-2024-8947, CVE-2024-8948 in MicroPython
  • CVE-2023-7104 in SQLite3
  • CVE-2023-46256: Heap Buffer Overflow in Open Source PX4 Drone
  • KVE-2022-1969: IoT RCE by webshell with root permission
  • KVE-2022-2162: BLE Replay Attack
  • KVE-2022-2328: IoT DoS Attack By BOF
  • KVE-2022-2329: IoT DoS Attack By BOF

*CVE = Common Vulnerabilites and Exposures
*KVE = Korean Vulnerabilites and Exposures ( The company name and device inforamation cannot be specified )