Go Back

Portfolio

Detailed background, role, results and lessons behind each achievement.

01

IoT Smart Doorbell Vulnerability Analysis

Background

  • Despite the rapid proliferation of IoT devices, products with insufficient security verification were being distributed in the market.
  • Smart doorbells are devices directly related to home security, and vulnerabilities could lead to privacy invasion and physical security threats.

Role

Results & Impact

  • Discovered 18 CVEs, demonstrating the severity of IoT device security vulnerabilities.
  • Contributed to the IoT security research community by open-sourcing the analysis guide.

Lessons Learned

  • Realized that IoT device security requires not only software but hardware-level analysis, and a comprehensive approach covering both sides is essential.
  • Experienced that systematic vulnerability reporting processes (CVE registration) and publishing research results can contribute to the entire security ecosystem.
02

Agentic AI-based ExploitAgent Research

Background

  • Traditional vulnerability analysis was a manual, expert-dependent process that struggled to keep pace with increasing software complexity.
  • Advances in Agentic AI opened possibilities for implementing autonomous security analysis agents.

Role

Results & Impact

  • Academic value recognized through Best Paper Award at KSII Autumn Conference.
  • Evolved into the SCOUT project, initiating development of an automation system targeting real IoT firmware.

Lessons Learned

  • Learned that applying AI to security requires ensuring trustworthiness of agent decision-making processes beyond simple automation.
  • Realized that organizing and presenting research as academic papers plays an important role in improving research quality and receiving community feedback.
03

MuCamp2 - Validated Cyber Campaign Variant Generation

Background

  • APT group attribution and CTI analysis face limited real campaign data, so augmenting TTP sequences required validation that preserves tactic structure and operational plausibility.
  • Using LLMs as free-form generators can produce plausible but unverified campaign variants, requiring a design that combines constrained candidate pools with independent validation.

Role

Results & Impact

  • The MuCamp2 paper was published in IEEE Access 2026, with paper and code artifacts released through IEEE Xplore and GitHub.
  • Reported a 0% tactic violation rate and L3 pass-rate improvements of +5.5 pp for Lazarus and +3.0 pp for MenuPass.
  • Established a security research pattern where the LLM is a constrained selection/refinement module rather than a trusted actor, and outputs are gated by independent validators.

Lessons Learned

  • Confirmed that security data augmentation is less about generation volume and more about publishing structural integrity, validation criteria, and coverage limits together.
  • Learned that LLM-based security automation is not justified by model capability alone; trust boundaries, constraints, and reproducible evaluation pipelines must be designed together.
04

SCOUT - AEG-First Firmware-to-Exploit Evidence Engine

Background

  • IoT firmware vulnerability analysis often separates filesystem, ELF binaries, shell scripts, SBOM, CVE matching, and dynamic validation results, making it difficult to build reproducible evidence chains that analysts can immediately follow.
  • To apply Agentic AI-based AEG at real firmware scale, a deterministic evidence structure anchored by hashes, offsets, file paths, and stage artifacts was required before relying on LLM reasoning.

Role

Results & Impact

  • Achieved a 98.8% success rate (1110/1123) when validating against 1,123 firmware images from the FirmAE dataset.
  • Extended SCOUT into the v3.0.0-rc1 Hybrid Analysis Engine pre-release and recorded 99.3% LLM Tribunal-based false-positive reduction.
  • Processed 1,334 shell scripts in TP-Link ER605 validation and manually reviewed the top 20 script findings, reducing the blind spots of a binary-only scanner.
  • Recorded vulnerable-gate-pass and patched/control dynamic fail-closed evidence on a real Netgear R7000 CVE-2017-5521 known-vulnerable/patched pair.
  • Stabilized the large-scale firmware analysis pipeline into a regression-testable state through 1,136+ tests, release gates, and documentation consistency checks.
  • Executed most of the project's core work end-to-end, including architecture design, core development, debugging, benchmarking, testing, documentation, and presentation.

Lessons Learned

  • Learned that security automation is not about models producing plausible answers, but about making every judgment traceable back to original bytes and reproducible evidence.
  • Experienced that applying Agentic AI to real vulnerability analysis requires designing automation, validation, reporting, and team operations as one integrated system.
05

AutoHack 2025 Automotive Hacking Competition

Background

  • The importance of automotive cybersecurity has rapidly increased with advances in connected cars and autonomous driving technology.
  • AutoHack 2025 was a hacking and defense competition targeting real vehicle systems, providing an opportunity to validate practical capabilities.

Role

Results & Impact

  • Received the COSS Council Chair Award, recognizing capabilities in automotive security.

Lessons Learned

  • Experienced that automotive security has unique protocols and constraints different from IT security, and domain-specific knowledge is essential.
  • Learned the importance of role division and real-time communication in team-based CTF/hacking competitions.