Jeong Wook Oh
Jeong Wook Oh는 현재 구글의 Android Red Team에서 오펜시브 시큐리티 리서쳐로 근무하고 있습니다. 구글에서 일하기 전에는 Microsoft의 사이버 시큐리티팀에서 10여년간 시큐리티 리서쳐로서 일하였습니다. 디펜시브 시큐리티와 오펜시브 시큐리티를 오가는 노하우를 기반으로 현재 여러 컨텐츠들을 만들면서, 다양한 포맷의 지식 전달 방법들을 개발하고 있습니다.
전문 분야
Jeong Wook Oh는 다음과 같은 여러 분야에 대한 지식과 인사이트를 가지고 있습니다.
- 취약점 발견 및 익스플로잇 개발
- 취약점 연구
- 패치 분석
- APT 등의 복잡한 형태의 말웨어 분석
- 하드웨어 리버스 엔지니어링
다음은 여러 분야에 대한 퍼블리케이션 내역입니다. 링크가 없는 문서들은 링크들을 계속 추가할 예정입니다.
Vulnerability Research
| Name | Organization |
|---|---|
| Return of the kernel rootkit malware (on windows 10) | BlueHat v18 |
| Taking apart a double zero-day sample discovered in joint hunt with ESET | Microsoft |
| Hardening Windows 10 with zero-day exploit mitigations | Microsoft |
| Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005 | Microsoft |
| Recent Exploit Trend and Mitigation, detection Tactics | ZeroNights 2017 |
| Windows Defender ATP detects malicious process injection seen on recent ZINC Adobe Flash 1-day exploit (CVE-2018-4878) | Microsoft |
| THE ART OF REVERSE ENGINEERING FLASH EXPLOITS | BlackHat |
| Duqu 2.0 Win32k exploit analysis | Virus Bulletin |
| Understanding type confusion vulnerabilities: CVE-2015-0336 | Microsoft |
| SandWorm’s target: A patch history of Object Packager | HP Security Research |
| CVE-2014-6352 OLE packager vulnerability and a failed patch for SandWorm | HP Security Research |
| Technical analysis of the SandWorm Vulnerability (CVE-2014-4114) | HP Security Research |
| Playing with Adobe Flash Player Exploits and Byte Code | HP Security Research |
| Technical Analysis of CVE-2014-0515 Adobe Flash Player Exploit | HP Security Research |
| The mechanism behind Internet Explorer CVE-2014-1776 exploits | HP Security Research |
| Microsoft IE zero day and recent exploitation trends (CVE-2014-1776) | HP Security Research |
| Patch analysis of latest Microsoft Office vulnerability (CVE-2014-1761) | HP Security Research |
| Technical Analysis of CVE-2014-1761 RTF Vulnerability | HP Security Research |
| Updated data shows prevalence of Java malware in 2012 | Microsoft |
| A technical analysis of a new Java vulnerability (CVE-2013-0422) | Microsoft |
| A technical analysis on new Java vulnerability (CVE-2012-5076) | Microsoft |
| A technical analysis on CVE-2012-1535 Adobe Flash Player vulnerability: Part 2 | Microsoft |
| A technical analysis on CVE-2012-1535 Adobe Flash Player vulnerability: Part 1 | Microsoft |
| Protecting yourself from CVE-2012-4681 Java exploits | Microsoft |
| The rise of a new Java vulnerability - CVE-2012-1723 | Microsoft |
| How to protect yourself from Java-based malware | Microsoft |
| Recent Java Exploitation Trends and Malware | Microsoft |
| A technical analysis of Adobe Flash Player CVE-2012-0779 Vulnerability | Microsoft |
| Vulnerability analysis, practical data flow analysis and visualization | Microsoft |
| An interesting case of JRE sandbox breach (CVE-2012-0507) | Microsoft |
| Vulnerability analysis, practical data flow analysis and visualization - CanSecWest 2012 | Microsoft |
| AVM Inception: How we can use AVM inception in a beneficial way | ShmooCon 2012 |
| A Technical Analysis on the Exploit for CVE-2011-2110 Adobe Flash Player Vulnerability | Microsoft |
| A Technical Analysis on the CVE-2011-0609 Adobe Flash Player Vulnerability | Microsoft |
| My Sweet Valentine - the CIFS Browser Protocol Heap Corruption Vulnerability | Microsoft |
| Brief Analysis On Adobe Reader SING Table Parsing Vulnerability (CVE-2010-2883) | Microsoft |
| Technical Analysis on iPhone Jailbreaking | ForcePoint |
| Microsoft LNK Vulnerability Brief Technical Analysis(CVE-2010-2568) | ForcePoint |
| Having fun with Adobe 0-day exploits | ForcePoint |
Vulnerability Findings
| Name | Organization |
|---|---|
| CVE-2022-20582: LDFW | Google Android Security |
| CVE-2022-20583: LDFW | Google Android Security |
| CVE-2022-20584: TF-A | Google Android Security |
| CVE-2022-20585: LDFW | Google Android Security |
| CVE-2022-20586: LDFW | Google Android Security |
| CVE-2022-20587: LDFW | Google Android Security |
| CVE-2022-20588: LDFW | Google Android Security |
| CVE-2022-20589: LDFW | Google Android Security |
| CVE-2022-20590: LDFW | Google Android Security |
| CVE-2022-20591: LDFW | Google Android Security |
| CVE-2022-20592: LDFW | Google Android Security |
| CVE-2022-20597: LDFW | Google Android Security |
| CVE-2022-20598: LDFW | Google Android Security |
| CVE-2022-20599: Pixel firmware | Google Android Security |
| CVE-2022-42531: TF-A | Google Android Security |
| CVE-2022-42532: Pixel firmware | Google Android Security |
| CVE-2022-42534: TF-A | Google Android Security |
| CVE-2021-39727: Titan M2 | Google Android Security |
| CVE-2021-1045 : Titan-M | Google Android Security |
| APSB18-09: Adobe Reader Double Free Vulnerability | Adobe Security Bulletin |
| Microsoft Vulnerability Research Advisory MSVR12-004: JPEG 2000 Memory Overwrite Vulnerability in OpenJPEG Could Allow Arbitrary Code Execution | Microsoft |
| Microsoft Vulnerability Research Advisory MSVR12-001: Vulnerabilities in XnViewer Could Allow Remote Code Execution | Microsoft |
| Microsoft Vulnerability Research Advisory MSVR11-016: Vulnerability in NVIDIA Stereoscopic 3D Driver Could Allow Elevation of Privilege | Microsoft |
| Microsoft Vulnerability Research Advisory MSVR11-013: Vulnerability in Wireshark Could Allow Remote Code Execution | Microsoft |
| Workstation Service NetpManageIPCConnect Buffer Overflow | Microsoft |
| Microsoft Vulnerability Research Advisory MSVR11-011: Vulnerability in FFmpeg Matroska Format Decoder Could Allow Remote Code Execution | Microsoft |
| Microsoft Vulnerability Research Advisory MSVR11-012: Vulnerability in FFmpeg Could Allow Remote Code Execution | Microsoft |
Patch Analysis Research
| Name | Organization |
|---|---|
| DarunGrim - A Tool for Binary Diffing and Automatic Vulnerabilities Pattern Matching | EUSecWest 2010 |
| Fight against 1-day exploits: Diffing Binaries vs Anti-diffing Binaries | Black Hat USA 2009 |
| Diffing Binaries vs Anti-diffing binaries | XCON 2009 (Beijing) |
| Exploit Spotting Locating Vulnerabilities Out of Vendor Patches Automatically | Black Hat USA 2010/ DEFCON 18 |
APT & Malware Research
| Name | Organization |
|---|---|
| Exploring the crypt: Analysis of the WannaCrypt ransomware SMB exploit propagation | Microsoft |
| Reverse engineering DUBNIUM –Stage 2 payload analysis | Microsoft |
| Reverse-engineering DUBNIUM’s Flash-targeting exploit | Microsoft |
| Reverse-engineering DUBNIUM | Microsoft |
| Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign | Microsoft |
| Hunting down Dofoil with Windows Defender ATP | Microsoft |
| Poisoned peer-to-peer app kicked off Dofoil coin miner outbreak | Microsoft |
| An interesting case of Mac OSX malware | Microsft |
| Extracting Malicious Codes from the Process Memory: ZeuS Case | ForcePoint |
| Analyzing Malwares Using Microsoft Tools | ForcePoint |
| De-obfuscating the obfuscated binaries with visualization | ForcePoint |
| An evolution of BlackPOS malware | HP Security Research |
Hardware Reverse Engineering
| Name | Organization |
|---|---|
| Reverse Engineering Flash Memory for Fun and Benefit | BlackHat/ReCon 2014 |
| Reverse engineering NAND Flash Memory – POS device case study (part 3/3) | HP Security Research |
| Reverse engineering NAND Flash Memory – POS device case study (part 2/3) | HP Security Research |
| Reverse Engineering NAND Flash Memory – POS device case study (part 1/3) | HP Security Research |
| Hacking my smart TV - an old new thing | HP Security Research |
| Smart home appliance security and malware | Virus Bulletin |
| Hacking POS Terminal for Fun and Non-profit | HP Security Research |
| Reverse engineering NAND Flash for fun and profit | HP Security Research |
| How I learned to hack my TV (and started worrying about the future) | HP Security Research |
Financial Crime & Malware Investigations
| Name | Organization |
|---|---|
| HP Security Research Threat Intelligence Briefing episode 12 - The evolution of credit card crime |