ch4n3-yoon

Follow

Seokchan Yoon ch4n3-yoon

Follow

Security Researcher @ Zellic.io | Majoring CSE @ KyungHee University | Security Contributor of GitHub, Python, Django, Airflow, Ruby, Ruby-on-Rails, Java Spring

119 followers · 96 following

Zellic.io
Seoul, Korea
12:14 (UTC +09:00)
https://ch4n3.kr/
@_seokchan_yoon
https://new-blog.ch4n3.kr/

Achievements

Achievements

Highlights

Pro

Organizations

ch4n3-yoon/README.md

Profile

Seokchan Yoon (@ch4n3.yoon)
Security Researcher & CTF Player 🇰🇷
[email protected]

Work Experiences

Security Researcher @ Zellic.io (2025.04. - now)
[REDACTED] Researcher @ [REDACTED] Research Institute under Ministry of National Defense, Korea (2023.09. - 2025.03.)
Web Security Researcher @ STEALIEN (2020.07. - 2023.06.)

Achievements/Awards

2025

2025 DEF CON CTF 33 Finalist (team: Cold Fusion)

2024

2024 White Hat Contest Soldier Division
(화이트햇 콘테스트) 1st Place, hosted by the Ministry of National Defense, Korea
Awarded the Minister of National Defense Award (국방부 장관상)

2023

2023 CODEGATE University Division
Finalist, hosted by the Ministry of Science and ICT, Korea

2022

2022 CODEGATE University Division
Finalist, hosted by the Ministry of Science and ICT, Korea
2022 Cyber Conflict Exercise (CCE) Public Institution Sector Division
(사이버공격방어대회) 2nd Place, hosted by the National Intelligence Service, Korea
Awarded the Director of National Security Research Institute Award (국가보안연구소장상)
2022 HACKTHEON SEJONG National University Cybersecurity Competition
6th Place, hosted by Sejong Special Self-Governing City, Korea
Awarded the Director of National Security Research Institute Award (국가보안연구소장상)

2021

2021 Cyber Conflict Exercise (CCE) Public Institution Sector Division
(사이버공격방어대회) 2nd Place, hosted by the National Intelligence Service, Korea Awarded the Director of National Security Research Institute Award (국가보안연구소장상)

2019

2019 Cyber Operations Challenge Student Division
(사이버작전경연대회) 2nd Place, hosted by the Ministry of National Defense, Korea
Awarded the Cyber Operations Commander Award (사이버작전사령관상)

2018

2018 Cybersecurity Competition Individual Preliminary Round
(정보보안경진대회) 1st Place, hosted by the Ministry of Education, Korea
Awarded the President of Seoul Women's University Award (서울여자대학교 총장상)
2018 Cybersecurity Competition Team Finals
(정보보안경진대회) 1st Place, hosted by the Ministry of Education, Korea
Awarded the Minister of Education Award (교육부 장관상)

2017

2017 Cybersecurity Competition Team Finals
(정보보안경진대회) 1st Place, hosted by the Korea Education and Research Information Service
Awarded the Director of Korea Education and Research Information Service Award (한국교육학술정보원장상)

Disclosed Vulnerabilities

NAVER

NBB-1126, Stored XSS
NBB-1143, SQL Injection
NBB-1260, Stored XSS
NBB-2315, Reflected XSS
NBB-2316, Reflected XSS
NBB-2314, Reflected XSS

Python

CVE-2024-7592: Quadratic complexity parsing cookies with backslashes

Django

CVE-2023-36053: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator
CVE-2024-24680: Potential denial-of-service in intcomma template filter
CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words()
CVE-2024-21520: Cross-Site Scripting (XSS) in browserable API of django-rest-framework
CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget
CVE-2024-53908 : Potential SQL injection in HasKey(lhs, rhs) on Oracle

Apache Airflow

CVE-2024-39877: Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler
CVE-2024-39863: Apache Airflow: Potential XSS Vulnerability
CVE-2024-45034: Apache Airflow: Authenticated DAG authors could execute code on scheduler nodes

Ruby

CVE-2024-41123: DoS vulnerabilities in REXML

Ruby on Rails

CVE-2024-47887: Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
CVE-2024-41128: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch

Java Spring

CVE-2024-38809: Spring Framework DoS via conditional HTTP request

Media / Presentations

2020

KBS <청년일자리프로젝트 사장님이 美쳤어요> 사내 최연소 연구원으로 출연
- https://vod.kbs.co.kr/index.html?source=episode&sname=vod&stype=vod&program_code=T2016-0639&program_id=PS-2020170106-01-000&section_code=05&broadcast_complete_yn=&local_station_code=00

2021

사람인 기업스토리 <스틸리언> 편 출연
- https://www.saramin.co.kr/zf_user/guide/movie/fun-view?page=7&keyword=&category=&sort=&seq=433&count=10
유튜브 ‘인싸담당자’ 채널 <스틸리언> 편 출연
- https://www.youtube.com/watch?v=ueslFj2Dbgc

2022

<모던 웹 서비스에서의 버그케이스와 시큐어코딩> (@STEALIEN Security Semiar; 3S)
- For English Reader, <Bug Cases and Secure Coding Techniques, in Modern Web Services>
- Related Press Releases (Kor): https://www.boannews.com/media/view.asp?idx=107983&kind=
- Replay: https://www.youtube.com/watch?v=6YgSTZ9i7Vk

2023

<Django 1-day Vulnerability Analysis> (@HackingCamp 26th 🇰🇷)
- I analyzed and shared disclosed vulnerabilities with high severity to Django Project, 2022
- Reference: http://hackingcamp.org/
<Django Framework N-day Vulnerability Analysis & Secure Coding Guide> (@CODEGATE 2023 🇰🇷)
- I issued some insecure usages in django with analyzing 1-day vulnerabilities and gave secure coding guide
- Reference: https://codegate.org/sub/conference

2024

<해커의 관점에서 바라본 Django Framework> (@PyCon KR 10th)
- https://2024.pycon.kr/

Pinned Loading

encode/django-rest-framework encode/django-rest-framework Public

Web APIs for Django. 🎸

Python 29.1k 6.9k
rails/rails-html-sanitizer rails/rails-html-sanitizer Public

Ruby 319 85
ruby/rexml ruby/rexml Public

REXML is an XML toolkit for Ruby

Ruby 150 76
dimigo-Couple-Searching dimigo-Couple-Searching Public

디미고 커플 탐지 프로그램

Python 42 4
write-ups write-ups Public

해킹대회 및 워게임 문제 풀이

Python 5 1
Chrome-Dino-with-Body-Language Chrome-Dino-with-Body-Language Public

2020-1H 경희대학교 웹파이선프로그래밍 텀프로젝트

HTML 4