Principal security researcher · Penetration tester
🇰🇷 South Korea · 🔍 Find vulnerabilities · 🛡️ Drive remediation · 🛠️ Build on the side
Principal researcher at a cybersecurity firm — penetration testing, vulnerability research, and source-code audits. Most of my work is reading code and chasing the parts that don't quite add up: deserialization chains, broken auth, race conditions, the side-channels people stop looking at.
My background runs across most of the security stack — never the deepest tier of any one area, but useful when a finding crosses domain boundaries. I've spent time teaching coding too, which helps me write up findings in ways non-security folks can act on.
On the side I build Home Assistant integrations for things that don't have public APIs — utility bills, real-time disaster alerts, transit, school meals — sourced from Korean government and public-data portals. Most of the side stuff is Python with authenticated session handling, on top of a self-hosted HA / SmartThings / Node-RED stack. When the wire format gets weird, I reverse-engineer it.
- 2025 · Korea Exchange (KRX) Chairman's Commendation for Information Security Merit
- 2014 · 9th Winter Hacking Camp CTF — 1st place, team
dog
Primary
- Web app security — auth bypass, IDOR, deserialization chains, request smuggling, SSRF
- Source-code audits — the bugs that don't surface in commit messages
- Reverse engineering — static analysis, patch diffing, fuzzing harness design
Working knowledge
- Mobile (iOS / Android) — runtime instrumentation, cert-pinning bypass, secure-storage flaws
- Cloud — IAM misconfig, container escapes, metadata abuse
- IoT / embedded — firmware extraction, protocol analysis
- Kernel & low-level — privilege escalation primitives, syscall surface
- Hardware — JTAG / UART entry points, side-channel basics
- AI / LLM red-team — prompt injection, context exfiltration, agent abuse
Languages
Security Toolkit
Source-code Audit & Fuzzing
Smart Home & Automation
Self-hosted Infra
kr_component_kit · Python · HACS
Home Assistant integration bundling 13 Korea-only public services as native entities — kepco, arisu, gasapp, safety_alert, disaster, kma_weather, airkorea, earthquake, pharmacy, fuel, school, transit, weather. Each ships with an LLM tool for natural-Korean voice queries. Authenticated scraping where APIs don't exist, idempotent config flow, multi-region support.
ha-app-dhlottery · Python · Docker
Korean DH Lottery 6/45 auto-buy & analysis Home Assistant Add-on. MQTT Discovery, REST API with Swagger UI, hot/cold statistical analysis, encrypted credential storage.
youtube_monitoring_addon · Python
Cookie-based YouTube watch-history tracker as a Home Assistant add-on.
smartthings-edge-driver · Lua
SmartThings Edge driver collection running on the SmartThings hub.
