🙋 About Me

• Security Researcher at ENKI WhiteHat (Vulnerability Research, Program Analysis, Fuzzing)
• Security Researcher with focus on Windows Kernel Security and Bug Discovery

📧 contact.sangjun@gmail.com

---

🎓 Education

• 2024.3 - 2026.02
  M.S. Information Security @KAIST SoftSec - Advised by Prof. Sang Kil Cha
• 2020.3 - 2024.02
  B.S. Computer Science @SSU

---

🗂 Blog Highlights

• [🔥 NEW] 2026.04.04 대학원 마무리와 새출발
• View all posts: https://hello.sangjun.xyz/blogs/

---

💼 Work Experience

• 2026.3 - Present
  Security Researcher @ENKI WhiteHat

---

🔬 Research Experience

• 2023.7 - 2024.3
  Windows Kernel Driver Research at Best of the Best 12th
  Windows Kernel Driver Fuzzing: Engineered a sophisticated fuzzing framework using Symbolic Execution to systematically uncover kernel-level vulnerabilities.

• 2023.8 - 2024.3
  Undergraduate Researcher at Soongsil University, Cyber Security Lab
  Embedded System Static Analysis: Extended a static analysis framework to support stripped binaries, enabling vulnerability discovery in embedded systems without debugging symbols.

• 2020.12 - 2022.6
  Undergraduate Research Assistant at Soongsil University
  Network Packet Analysis: Supported the development of network equipment by large-scale network traffic data with Etobil Soft.

---

🎤 Talks

• CodeBlue2024 Link Code Video (Selected R&D Support Fund, ¥500,000)
  S. Park, J. Kim, Y. Park. “1-Click-Fuzz: Systematically Fuzzing the Windows Kernel Driver with Symbolic Execution”

---

📚 Publications

• Jungwoo Lee, Haeun Lee, Sangjun Park, and Sang Kil Cha. On the Applicability of Benford’s Law to Detect Saturation in Fuzzing (Registered Report). In Proceedings of the 34th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA Companion ‘25), 2025.

• Sungjun Park, Sangjun Park, Chang-Bae Seo, Han-Eul Ryu, Byoungmo Cho, and Haehyun Cho. Detecting Vulnerabilities in Symbol-Deprived Embedded Systems with Data Flow Analysis. In Journal of the Korea Institute of Information Security & Cryptology, 2025

---

📝 Bug Reports

• 2024
  • CVE-2024-20653*, Local Privilege Escalation in Windows Common Log File System.
  • CVE-2024-21442, Local Privilege Escalation in Windows USB Print Driver.
  • CVE-2024-21445, Local Privilege Escalation in Windows USB Print Driver.
• 2023
  • 20+ CVEs*, Mitsubishi Electric and Jungo Kernel Driver Local Privilege Escalation
  • CVE-2023-31341, Out-of-bounds write in AMD μPROF
  • CVE-2023-46280, Out-of-bounds read in Siemens Simatic
  • Hall of Fame recognitions from Sophos, MSI, and eScan
• 2022
  • CVE-2022-2831*, Remote Code Execution in Blender

✱ indicates major contribution

---

🚩 CTF

• 2024 DEFCON CTF 2024 9th (Team, Cold Fusion)

• 2023 HITCON CTF 2023 4th (Team, 프로그램털모찌)

• 2022 Hacktheon 2022 1st (Team, ASC)

---

Copyright ⓒ Sangjun All rights reserved.