Arang.dev

유재욱 (arang)

Security Researcher & CTF Player

💼 Career

  • 금융보안원 RED IRIS실 RED IRIS2팀 수석 (2019 ~ )
  • KITRI Best of the Best & Whitehat School Mentor (2023 ~ )
  • Goormton Training Information Security Course Mentor (2023 ~ 2024)
  • Financial Security Institute Professional Lecturer & Internal Lecturer (2023 ~ )
  • Gachon University Smart Security Department Advisory Committee Member (2022 ~ )
  • CTF Player with Team Defenit, Codered, SuperGuesser (2019 ~ )
  • Full-time Researcher at Raon White Hat Project Team (2018.04. ~ 2019.08.)
  • Established Gachon University Information Security Club Pay1oad

🏆 Awards & Publications

  • 2025.09. Commendation from the Chairman of the Education Committee of the National Assembly Standing Committee
  • 2025.03. Publication of Authentication Bypass Vulnerability Profiling from an Attacker's Perspective: Insight Report (Campaign Poltergeist)
  • 2023.11. Commendation from the Chairman of the Financial Services Commission
  • 2019.09. Patent Registration - "Code Obfuscation Using Double Packing" (Patent No. 10-2018960)
  • 2018.12. Excellent Paper Award at the Korea Institute of Information Security and Cryptology Winter Conference
  • 2018.08. [KCI Registered] Submission to the Journal of the Korea Institute of Information Security and Cryptology
  • 2018.04. KITRI BoB 6th Best 10 (Minister of Science and ICT Award)
  • 2018.04. Selected as KITRI BoB 6th Grand Prix Team (Team. JGG)
  • 2017.12. Financial Security Institute Security Vulnerability Report Certificate
  • 2017.12. Stealien Security Vulnerability Detection Certificate
  • 2017.12. LG Uplus Security Vulnerability Detection Special Award
  • 2017.04. Codegate 2017 Hacking Demonstration Video Contest Special Award

🐛 Bug Bounty & CVE

  • CVE-2025-11221 - GTONE ChangeFlow RCE (Path Traversal + File Upload) CVSS 9.4
  • CVE-2025-11182 - GTONE ChangeFlow Path Traversal CVSS 7.1
  • CVE-2025-11020 - MarkAny SafePC SQL Injection + File Upload CVSS 8.8
  • Numerous reports of S/W vulnerabilities to Korea Internet & Security Agency (KISA)
  • Numerous reports of web vulnerabilities to Naver (NHN) Bug Bounty

CTF Records

  • 2025 DEF CON CTF Qualification Round 2nd Place, Finals 3rd Place
  • 2025 ACDC (AI Cyber Security Defense Contest) Qualified for the finals and participated
  • 2025 NATO CCDCOE Locked Shields Exercise Participated as Application Field Lead for the Korean National Team
  • 2024 DEF CON CTF Qualification Round 2nd Place, Finals 3rd Place
  • 2024 HITCON CTF Qualification Round 6th Place, Finals 6th Place
  • 2024 Participated in National Intelligence Service APEX training as part of the Korean National Team
  • 2024 NATO CCDCOE Locked Shields Exercise Participated as part of the Korean National Team
  • 2023 HITCON CTF Qualification Round 6th Place, Finals 4th Place
  • 2023 WACON CTF Qualification Round 1st Place
  • 2021 SECCON CTF 4th Place (Team. KOREAN)
  • 2021 Pwn2Win CTF 2nd Place (Team. uuunderflow)
  • 2020 TokyoWesterns CTF 1st Place Winner (Team. D0G$)
  • 2020 HITCON CTF 8th Place (Team. G0D)
  • 2020 DEF CON CTF Finals 12th Place (Team. koreanbadass)
  • 2020 Financial Security Institute FIESTA Financial Security Institute 1st Place Winner (Team. pgb5)

🔐 Interests

Web SecurityCTF(Capture the Flag)Penetration TestingFinancial SecurityBug BountyAI Security

📬 Contact

GitHub📧 Personal💼 Business🌐 arang.kr
$ echo "Happy Hacking!" 🏴‍☠️
Happy Hacking! 🏴‍☠️
About | Arang