Insu Yun (윤인수)

Assistant Professor,
School of Electrical Engineering,
Korea Advanced Institute of Science and Technology (KAIST)

News

[01/20/2021] BaseSpec is accepted to NDSS'21
[09/28/2020] FFmalloc is accepted to Usenix Security '21
[05/01/2020] Our Pwn2Own 2020 winning submission for Safari is accepted to Black Hat USA 2020!
[03/18/2020] Our team won Pwn2Own 2020 by exploiting Apple Safari with a kernel privilege escalation ($70K)!
[02/07/2020] DIE is accepted to Oakland'20!
[12/18/2019] ArcHeap is accepted to Security'20!
[08/12/2019] r00timentary got 8th place in DEFCON CTF.
[07/23/2019] I finally made a full-chain exploit for Safari in mac OS 10.14.5.

Publication

1. Preventing Use-After-Free Attacks with Fast Forward Allocation (to appear) 
    Brian Wickman, Hong Hu, Insu Yun, Daehee Jang, JungWon Lim, Sanidhya Kashyap, and Taesoo Kim
    Proceedings of the 30th USENIX Security Symposium (Security)
    August 2021
2. BaseSpec: Comparative Analysis of Baseband Software and Cellular Specifications for L3 Protocols [paper] [slides] [code]
    Eunsoo Kim*, Dongkwan Kim*, Cheoljun Park, Insu Yun, and Yongdae Kim (* co-first)
    Proceedings of the 2021  Annual Network and Distributed System Security Symposium (NDSS)
    February 2021
3. Concolic Execution Tailored for Hybrid Fuzzing [paper] [slides]
    Insu Yun
    Ph.D. thesis, Georgia Institute of Technology
    December 2020
4. Automatic Techniques to Systematically Discover New Heap Exploitation Primitives [paper] [slides] [code]
    Insu Yun, Dhaval Kapil, and Taesoo Kim
    Proceedings of the 29th USENIX Security Symposium (Security)
    August 2020
5. Compromising the macOS kernel through Safari by chaining six vulnerabilities [slides] [code]
    Yonghwi Jin, Jungwon Lim, Insu Yun, and Taesoo Kim
    Black Hat USA Briefings (Black Hat USA)
    August 2020
6. Fuzzing JavaScript Engines with Aspect-preserving Mutation [paper] [slides]
    Soyeon Park, Wen Xu, Insu Yun, Daehee Jang, and Taesoo Kim
    Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland)
    May 2020
7. REPT: Reverse Debugging of Failures in Deployed Software [paper] [slides]
    Weidong Cui, Xinyang Ge, Baris Kasikci, Ben Niu, Upamanyu Sharma, Ruoyu Wang, and Insu Yun (alphabetical)
    Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI)
    October 2018
     * Jay Lepreau Best Paper Award 
8. QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing [paper] [slides] [code]
    Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim
    Proceedings of the 27th USENIX Security Symposium (Security)
    August 2018
     * Distinguished Paper Award 
9. AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically [slides] [code]
    Jinho Jung, Chanil Jeon, Max Wolotsky, Insu Yun, and Taesoo Kim
    Black Hat USA Briefings (Black Hat USA)
    July 2017
10. CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems [paper] [slides]
    Su Yong Kim, Sangho Lee, Insu Yun, Wen Xu, Byoungyoung Lee, Youngtae Yun, and Taesoo Kim
    Proceedings of the 2017 USENIX Annual Technical Conference (ATC)
    July 2017
11. APISan: Sanitizing API Usages through Semantic Cross-checking [paper] [slides] [code]
    Insu Yun, Changwoo Min, Xujie Si, Yeongjin Jang, Taesoo Kim, and Mayur Naik
    Proceedings of the 25th USENIX Security Symposium (Security)
    August 2016
     * Nominated as a finalist in CSAW Best Applied Research Paper Award 2016 
12. HDFI: Hardware-Assisted Data-Fow Isolation [paper] [slides] [code]
    Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, and Yunheung Paek
    Proceedings of the 37th IEEE Symposium on Security and Privacy (Oakland)
    May 2016
13. Analyzing Security of Korean USIM-based PKI Certificate Service 
    Shinjo Park, Suwan Park, Insu Yun, Dongkwan Kim, and Yongdae Kim
    Proceedings of the 15th International Workshop on Information Security Applications (WISA)
    August 2014
14. Kargus: A Highly-scalable Software-based Intrusion Detection System [paper] [slides] [web]
    Muhammad Jamshed, Jihyung Lee, Sangwoo Moon, Insu Yun, Deokjin Kim, Sungryoul Lee, Yung Yi, and KyoungSoo Park
    Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS)
    October 2012

Awards

Pwn2Own 2020, Apple Safari with a kernel privilege escalation (SSLab_Gatech, $70K), Mar 2020
DEFCON 27 CTF, 8th grade (r00timentary), Las Vegas, NV, Aug 2019
DEFCON 26 CTF, 1st grade (DEFKOR00T), Las Vegas, NV, Aug 2018
DEFCON 24 CTF, 3rd grade (DEFKOR), Las Vegas, NV, Aug 2016
DARPA Cyber Grand Challenge (CGC), 7th grade (Disekt), Las Vegas, NV, Aug 2016
Whitehat contest 2015, 1st place (SysSec), Seoul, Korea, Nov 2015
DEFCON 23 CTF, 1st place (DEFKOR), Las Vegas, NV, Aug 2015
DEFCON 22 CTF, 10th place (GoN), Las Vegas, NV, Aug 2014
SECCON CTF 2014, 1st place(TOEFL Beginner), Tokyo, Japan, Feb 2014
Codegate CTF 2012, 3rd place (GoN), Seoul, Korea, Apr 2012
Secuinside CTF 2011, 3rd place (GoN), Seoul, Korea, Oct 2011
ISEC CTF 2011, 1st place (GoN), Seoul, Korea, Sep 2011
DEFCON 18 CTF, 3rd place (KAIST@Postech), Las Vegas, NV, Aug 2010
Codegate CTF 2010, 5th place (GoN), Seoul, Korea, Apr 2010
KISA HDCON 2009, 2nd place (GoN), Seoul, Korea, May 2009
Codegate CTF 2009, 4th place (GoN), Seoul, Korea, Apr 2009