Assistant Professor, School of Electrical Engineering, Korea Advanced Institute of Science and Technology (KAIST)

News
- [01/20/2021] BaseSpec is accepted to NDSS'21
- [09/28/2020] FFmalloc is accepted to Usenix Security '21
- [05/01/2020] Our Pwn2Own 2020 winning submission for Safari is accepted to Black Hat USA 2020!
- [03/18/2020] Our team won Pwn2Own 2020 by exploiting Apple Safari with a kernel privilege escalation ($70K)!
- [02/07/2020] DIE is accepted to Oakland'20!
- [12/18/2019] ArcHeap is accepted to Security'20!
- [08/12/2019] r00timentary got 8th place in DEFCON CTF.
- [07/23/2019] I finally made a full-chain exploit for Safari in mac OS 10.14.5.
Publication
1. Preventing Use-After-Free Attacks with Fast Forward Allocation (to appear) Brian Wickman, Hong Hu, Insu Yun, Daehee Jang, JungWon Lim, Sanidhya Kashyap, and Taesoo Kim Proceedings of the 30th USENIX Security Symposium (Security) August 2021 2. BaseSpec: Comparative Analysis of Baseband Software and Cellular Specifications for L3 Protocols [paper] [slides] [code] Eunsoo Kim*, Dongkwan Kim*, Cheoljun Park, Insu Yun, and Yongdae Kim (* co-first) Proceedings of the 2021 Annual Network and Distributed System Security Symposium (NDSS) February 2021 3. Concolic Execution Tailored for Hybrid Fuzzing [paper] [slides] Insu Yun Ph.D. thesis, Georgia Institute of Technology December 2020 4. Automatic Techniques to Systematically Discover New Heap Exploitation Primitives [paper] [slides] [code] Insu Yun, Dhaval Kapil, and Taesoo Kim Proceedings of the 29th USENIX Security Symposium (Security) August 2020 5. Compromising the macOS kernel through Safari by chaining six vulnerabilities [slides] [code] Yonghwi Jin, Jungwon Lim, Insu Yun, and Taesoo Kim Black Hat USA Briefings (Black Hat USA) August 2020 6. Fuzzing JavaScript Engines with Aspect-preserving Mutation [paper] [slides] Soyeon Park, Wen Xu, Insu Yun, Daehee Jang, and Taesoo Kim Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland) May 2020 7. REPT: Reverse Debugging of Failures in Deployed Software [paper] [slides] Weidong Cui, Xinyang Ge, Baris Kasikci, Ben Niu, Upamanyu Sharma, Ruoyu Wang, and Insu Yun (alphabetical) Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI) October 2018 * Jay Lepreau Best Paper Award 8. QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing [paper] [slides] [code] Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim Proceedings of the 27th USENIX Security Symposium (Security) August 2018 * Distinguished Paper Award 9. AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically [slides] [code] Jinho Jung, Chanil Jeon, Max Wolotsky, Insu Yun, and Taesoo Kim Black Hat USA Briefings (Black Hat USA) July 2017 10. CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems [paper] [slides] Su Yong Kim, Sangho Lee, Insu Yun, Wen Xu, Byoungyoung Lee, Youngtae Yun, and Taesoo Kim Proceedings of the 2017 USENIX Annual Technical Conference (ATC) July 2017 11. APISan: Sanitizing API Usages through Semantic Cross-checking [paper] [slides] [code] Insu Yun, Changwoo Min, Xujie Si, Yeongjin Jang, Taesoo Kim, and Mayur Naik Proceedings of the 25th USENIX Security Symposium (Security) August 2016 * Nominated as a finalist in CSAW Best Applied Research Paper Award 2016 12. HDFI: Hardware-Assisted Data-Fow Isolation [paper] [slides] [code] Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, and Yunheung Paek Proceedings of the 37th IEEE Symposium on Security and Privacy (Oakland) May 2016 13. Analyzing Security of Korean USIM-based PKI Certificate Service Shinjo Park, Suwan Park, Insu Yun, Dongkwan Kim, and Yongdae Kim Proceedings of the 15th International Workshop on Information Security Applications (WISA) August 2014 14. Kargus: A Highly-scalable Software-based Intrusion Detection System [paper] [slides] [web] Muhammad Jamshed, Jihyung Lee, Sangwoo Moon, Insu Yun, Deokjin Kim, Sungryoul Lee, Yung Yi, and KyoungSoo Park Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS) October 2012
Awards
- Pwn2Own 2020, Apple Safari with a kernel privilege escalation (SSLab_Gatech, $70K), Mar 2020
- DEFCON 27 CTF, 8th grade (r00timentary), Las Vegas, NV, Aug 2019
- DEFCON 26 CTF, 1st grade (DEFKOR00T), Las Vegas, NV, Aug 2018
- DEFCON 24 CTF, 3rd grade (DEFKOR), Las Vegas, NV, Aug 2016
- DARPA Cyber Grand Challenge (CGC), 7th grade (Disekt), Las Vegas, NV, Aug 2016
- Whitehat contest 2015, 1st place (SysSec), Seoul, Korea, Nov 2015
- DEFCON 23 CTF, 1st place (DEFKOR), Las Vegas, NV, Aug 2015
- DEFCON 22 CTF, 10th place (GoN), Las Vegas, NV, Aug 2014
- SECCON CTF 2014, 1st place(TOEFL Beginner), Tokyo, Japan, Feb 2014
- Codegate CTF 2012, 3rd place (GoN), Seoul, Korea, Apr 2012
- Secuinside CTF 2011, 3rd place (GoN), Seoul, Korea, Oct 2011
- ISEC CTF 2011, 1st place (GoN), Seoul, Korea, Sep 2011
- DEFCON 18 CTF, 3rd place (KAIST@Postech), Las Vegas, NV, Aug 2010
- Codegate CTF 2010, 5th place (GoN), Seoul, Korea, Apr 2010
- KISA HDCON 2009, 2nd place (GoN), Seoul, Korea, May 2009
- Codegate CTF 2009, 4th place (GoN), Seoul, Korea, Apr 2009