Portfolio

Detailed background, role, results and lessons behind each achievement.

IoT Smart Doorbell Vulnerability Analysis

Despite the rapid proliferation of IoT devices, products with insufficient security verification were being distributed in the market.
Smart doorbells are devices directly related to home security, and vulnerabilities could lead to privacy invasion and physical security threats.

Discovered 18 CVEs, demonstrating the severity of IoT device security vulnerabilities.
Contributed to the IoT security research community by open-sourcing the analysis guide.

Realized that IoT device security requires not only software but hardware-level analysis, and a comprehensive approach covering both sides is essential.
Experienced that systematic vulnerability reporting processes (CVE registration) and publishing research results can contribute to the entire security ecosystem.

Traditional vulnerability analysis was a manual, expert-dependent process that struggled to keep pace with increasing software complexity.
Advances in Agentic AI opened possibilities for implementing autonomous security analysis agents.

Academic value recognized through Best Paper Award at KSII Autumn Conference.
Evolved into the SCOUT project, initiating development of an automation system targeting real IoT firmware.

Learned that applying AI to security requires ensuring trustworthiness of agent decision-making processes beyond simple automation.
Realized that organizing and presenting research as academic papers plays an important role in improving research quality and receiving community feedback.

IoT firmware vulnerability analysis often separates filesystem, binary, SBOM, CVE matching, and dynamic validation results, making it difficult to build reproducible evidence chains that analysts can immediately follow.
To apply Agentic AI-based analysis at real firmware scale, a deterministic evidence structure anchored by hashes, offsets, file paths, and stage artifacts was required before relying on LLM reasoning.

Achieved a 98.8% success rate (1110/1123) when validating against 1,123 firmware images from the FirmAE dataset.
Achieved 99.3% LLM-adjudicated FPR and completed SCOUT v2.7.2 as an evidence-driven vulnerability candidate generation system.
Stabilized the large-scale firmware analysis pipeline into a regression-testable state through 1,136+ tests, release gates, and documentation consistency checks.
Executed most of the project's core work end-to-end, including architecture design, core development, debugging, benchmarking, testing, documentation, and presentation.

Learned that security automation is not about models producing plausible answers, but about making every judgment traceable back to original bytes and reproducible evidence.
Experienced that applying Agentic AI to real vulnerability analysis requires designing automation, validation, reporting, and team operations as one integrated system.

The importance of automotive cybersecurity has rapidly increased with advances in connected cars and autonomous driving technology.
AutoHack 2025 was a hacking and defense competition targeting real vehicle systems, providing an opportunity to validate practical capabilities.

Received the COSS Council Chair Award, recognizing capabilities in automotive security.

Experienced that automotive security has unique protocols and constraints different from IT security, and domain-specific knowledge is essential.
Learned the importance of role division and real-time communication in team-based CTF/hacking competitions.