Go Back

Portfolio

Detailed background, role, results and lessons behind each achievement.

IoT Smart Doorbell Vulnerability AnalysisAgentic AI-based ExploitAgent ResearchAutoHack 2025 Automotive Hacking Competition
01

IoT Smart Doorbell Vulnerability Analysis

Background

  • Despite the rapid proliferation of IoT devices, products with insufficient security verification were being distributed in the market.
  • Smart doorbells are devices directly related to home security, and vulnerabilities could lead to privacy invasion and physical security threats.

Role

Results & Impact

  • Discovered 18 CVEs, demonstrating the severity of IoT device security vulnerabilities.
  • Contributed to the IoT security research community by open-sourcing the analysis guide.

Lessons Learned

  • Realized that IoT device security requires not only software but hardware-level analysis, and a comprehensive approach covering both sides is essential.
  • Experienced that systematic vulnerability reporting processes (CVE registration) and publishing research results can contribute to the entire security ecosystem.
02

Agentic AI-based ExploitAgent Research

Background

  • Traditional vulnerability analysis was a manual, expert-dependent process that struggled to keep pace with increasing software complexity.
  • Advances in Agentic AI opened possibilities for implementing autonomous security analysis agents.

Role

Results & Impact

  • Academic value recognized through Best Paper Award at KSII Autumn Conference.
  • Evolved into the SCOUT project, initiating development of an automation system targeting real IoT firmware.

Lessons Learned

  • Learned that applying AI to security requires ensuring trustworthiness of agent decision-making processes beyond simple automation.
  • Realized that organizing and presenting research as academic papers plays an important role in improving research quality and receiving community feedback.
03

AutoHack 2025 Automotive Hacking Competition

Background

  • The importance of automotive cybersecurity has rapidly increased with advances in connected cars and autonomous driving technology.
  • AutoHack 2025 was a hacking and defense competition targeting real vehicle systems, providing an opportunity to validate practical capabilities.

Role

Results & Impact

  • Received the COSS Council Chair Award, recognizing capabilities in automotive security.

Lessons Learned

  • Experienced that automotive security has unique protocols and constraints different from IT security, and domain-specific knowledge is essential.
  • Learned the importance of role division and real-time communication in team-based CTF/hacking competitions.