Seokchan Yoon

Seokchan Yoon

This is Seokchan Yoon speakings.

XSS Exception Bypass using Hoisting 🧙‍♂️

XSS Exception Bypass using Hoisting 🧙‍♂️

Recently, I stumbled upon some intriguing XSS tricks on Twitter and couldn't resist sharing my solutions. Let's dive into a fascinating XSS challenge and explore how we can outsmart it with JavaScript's hoisting mechanism. Somebody asked me recently if you can exploit an XSS

CVE-2023-36053: Potential ReDoS in EmailValidator/URLValidator

CVE-2023-36053: Potential ReDoS in EmailValidator/URLValidator

Hi! This is Seokchan Yoon studying Offensive Security in Korea. 🇰🇷 __ 1. Introduction On July 3rd, 2023, my first CVE was published! * https://www.djangoproject.com/weblog/2023/jul/03/security-releases/ * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36053 You can briefly check the details of the vulnerability that I

Scanning ReDoS in Python Automatically

Scanning ReDoS in Python Automatically

Hi, this is Seokchan Yoon. I'm currently taking a compiler course at KyungHee University this semester. Despite the short duration, I've had the pleasure of delving into intriguing topics, ranging from Lexing and Parsing algorithms to Abstract Syntax Trees (AST), Intermediate Representations (IR), and basic compiler

팀플은 좀 더 공격적일 필요가 있다.

팀플은 좀 더 공격적일 필요가 있다.

재학하는 4년 동안, 그리고 실무를 맡으면서 경험했었던 수많은 팀플들에서 굉장히 공통적인 특성을 발견했는데 바로 "사린다는 것". 상대방이 공격당한다고 느낄 것만 같아서, 그리고 그와 동시에 나에게도 그 공격이 돌아올까봐 겁나서 자신의 의견을 못 내고 쭈뼛쭈뼛 굴고야 마는것이다. 이게 뭐가 문제인지는 다들 한 번 쯤 경험해 봤을 것이다.회의 딱

Kyung Hee University's SW Security Competition: From Concept to Reality

Kyung Hee University's SW Security Competition: From Concept to Reality

Introduction Hi, I'm Seokchan Yoon. It's been a long time that I'm posting an article on my new blog 😅 Last year, in 2022, I had the honor of organizing a security competition for the students at my university, Kyung Hee University in Korea. It

CVE-2023-23969: Potential denial-of-service via Accept-Language headers

CVE-2023-23969: Potential denial-of-service via Accept-Language headers

Overview Hi guys, this is Seokchan Yoon. The Django security vulnerability has released on February 1, 2023. Because I have big interest in Django, so I analyze this issue just in time. To see the detail for this issue, click the link below. Django security releases issued: 4.1.6,

Project: Chrome Dino Game with Body Gesture

Project: Chrome Dino Game with Body Gesture

Overview Hi guys. This is Seokchan Yoon. Have you ever played Dino Game which can play on your Chrome browser when you are off-line? This game is so popular for its simplicity and enjoyment. I remember that I played this a lot with my friends when I was in high