leesh3288 - Overview (original) (raw)

Skip to content

Navigation Menu

• Pricing

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sign up

Appearance settings

Seunghyun Lee leesh3288

• Carnegie Mellon University
• Pittsburgh, PA
• X @0x10n

Organizations

Block or report leesh3288

Seunghyun Lee (a.k.a. "Xion")

Interests

• System Security
• Binary Analysis
• Computer Architecture
• Vulnerability Research & Exploitation

Affiliation

• Ph.D. Student @ Carnegie Mellon University, Computer Science Department (2024.08. -)
• B.S. @ KAIST (2018.02. - 2024.02.), CS&EE double major
• Member of Plaid Parliament of Pwning (2024.08. -)
• Member of KAIST GoN (2018.03. -)
  • Former leader of KAIST GoN (2020.03. - 2021.02.)
• Member of zer0pts (2022.03. -)
• KAIST CERT Student Senior Member (2018.08. - 2021.02.)

Vulnerability Disclosures & Rewards

🧑‍💻

• CVE-2025-13230: Type confusion in V8 / Google Chrome, exploited on v8CTF
• CVE-2025-13229: Type confusion in V8 / Google Chrome, exploited on v8CTF
• CVE-2025-13228: Type confusion in V8 / Google Chrome, exploited on v8CTF
• CVE-2025-13227: Type confusion in V8 / Google Chrome, exploited on v8CTF
• CVE-2025-13226: Type confusion in V8 / Google Chrome, exploited on v8CTF
• crbug/443377612 (1-day): Google Chrome v8CTF exploit
• CVE-2025-9132 (1-day): Google Chrome v8CTF exploit (renderer + v8sbx)
• CVE-2025-8880: Race in V8 / Google Chrome, exploited on v8CTF (renderer + v8sbx)
• CVE-2025-5959: Type confusion in V8 / Google Chrome (TyphoonPWN 2025)
• CVE-2025-0999: Heap buffer overflow in V8 / Google Chrome
• CVE-2024-12692: Type confusion in V8 / Google Chrome
• CVE-2024-54479: Type confusion in WebKit / Apple Safari
• CVE-2024-12381: Type confusion in V8 / Google Chrome
• CVE-2024-10231: Type confusion in V8 / Google Chrome, exploited on v8CTF
• CVE-2024-10230: Type confusion in V8 / Google Chrome, exploited on v8CTF
• CVE-2024-9602: Type confusion in V8 / Google Chrome, exploited on v8CTF
• CVE-2024-9122: Type confusion in V8 / Google Chrome, exploited on v8CTF
• CVE-2024-8194: Type confusion in V8 / Google Chrome, exploited on v8CTF
• CVE-2024-8385: Type confusion in Mozilla Firefox
• CVE-2024-6779: Out of bounds memory access in V8 / Google Chrome
• CVE-2024-9859 (1-day): Google Chrome v8CTF exploit
• CVE-2024-6100: Type confusion in V8 / Google Chrome (TyphoonPWN 2024)
• CVE-2024-40789: Out of bounds memory access in WebKit / Apple Safari
• CVE-2024-3914: Use after free in V8 / Google Chrome (Pwn2Own Vancouver 2024)
• CVE-2024-2886: Use after free in WebCodecs / Google Chrome (Pwn2Own Vancouver 2024)
• CVE-2023-3390 (1-day): Google kernelCTF exploit in all LTS/COS/Mitigation instances, with Dongok Kim
• CVE-2024-27934: Use after free in Deno to ACE
• CVE-2024-27933: Permission prompt bypass in Deno to ACE
• CVE-2023-29199, 30547, 37466, 37903: Sandbox escape in vm2
  • CVE-2023-35926, GHSA-22rr-f3p8-5gf8: Directus, Backstage affected by vm2 sandbox escape
• CVE-2022-35951: Heap overflow in Redis XAUTOCLAIM to RCE
• CVE-2022-35977: OOM DoS in Redis via single-parameter-controlled SETRANGE / SORT(_RO)

Awards and Honors

🏅

• Acknowledgements
  • 2025 🥇Top#0 Chrome VRP Researcher
  • 2024 🥇Top#0 Chrome VRP Researcher
• Security Competition / CTFs
  • 2025
    * 1st Place, DEFCON 33 CTF as MMM
  • 2024
    * 1st Place, DEFCON 32 CTF as MMM
    * Awarded Black Badge
    * Winner of TyphoonPWN 2024
    * Winner of Pwn2Own Vancouver 2024
  • 2023
    * Challenge author of zer0pts CTF 2023
    * 1st Place, CODEGATE CTF 2023 University Div. as KAIST GoN
    * 1st Place, Cyber Conflict Exercise 2023 (Overall Championship) as The Goose
    * 1st Place, DEFCON 31 CTF as MMM
  • 2022
    * Organized 2022 Spring / Fall GoN Open Qual CTF
    * 2nd Place, Cyber Conflict Exercise 2022 General Div. as The Goose
    * 1st Place, WACON 2022 as The Goose
    * 2nd Place, zer0pts CTF 2022 as Super HexaGoN
  • 2021
    * 1st Place, Whitehat Contest Korea 2021 Military Div. as ㅡㅡㅡ본선진출커트라인ㅡㅡㅡ
    * 2nd Place, LINE CTF 2021 as KimchiSushi
    * 2nd Place, zer0pts CTF 2021 as K-Students
  • 2020
    * Challenge author of CODEGATE CTF 2020
    * 1st Place, Cyber Operations Challenge 2020 General Div. as KAIST GoN
    * 1st Place, SECCON 2020 OnlineCTF as HangulSarang
    * 1st Place, TokyoWesterns CTF 6th 2020 as D0G$
  • 2019
    * Finalist, DEFCON 27 CTF as KaisHack GoN
    * 2nd Place, Cyber Operations Challenge 2019 as GoN
    * 3rd Place, CODEGATE CTF 2019 University Div. as KAIST GoN
  • 2018
    * Participation Award, 2018 National Cryptography Contest II-A Div.
• Academic Awards / Scholarship
  • Doctoral Research Fellowship, KFAS (Fall 2024 -)
  • KAIST Presidential Fellowship, KAIST (Spring 2020 - Fall 2023)
  • Presidential Science Scholarship, KOSAF (Spring 2020 - Fall 2023)
  • Department Honors Scholarship, School of Computing, KAIST (Spring 2020)
  • Honor Student Program, KAIST (Spring 2020)
  • National Scholarship for Science and Engineering, KOSAF (Spring 2018 - Fall 2019)
  • Dean's List
    * Spring 2023, Fall 2020, Spring 2020, Fall 2019, College of Engineering, KAIST
    * Fall 2018, Spring 2018, School of Freshman, KAIST

Invited Talks

🗣️

• WebAssembly Is All You Need: Exploiting Chrome and the V8 Sandbox 10+ times with WASM (POC2024, CODE BLUE 2024)
• One shot, Triple kill: Pwning all three Google kernelCTF instances with a single 1-day Linux vulnerability (POC2023)
  • Dongok Kim, Seunghyun Lee, Insu Yun
• How (Not) to Sandbox Node.js: A vm2 Postmortem (OpenTRS 2023)

Popular repositories Loading

1. Windows Pwnable Study
   Python 424 44
2. PoC for CVE-2023-4911
   C 392 57
3. PoC & Exploit for CVE-2025-32023 / PlaidCTF 2025 "Zerodeo"
   Python 213 40
4. CTF CTF Public
   Repo for storing CTF related stuff (Writeups, etc.)
   JavaScript 50 8
5. Repo for talk slides & materials
   21