Hacking Lab

We are building systems for security and studying security for systems!

If you are interested in hacking with us, feel free to fill this form!

News

  • [09/10/2024] RGFuzz is accepted to IEEE S&P ‘25!
  • [03/22/2024] Seunghyun won Pwn2Own 2024 by exploiting Google Chrome and Microsoft Edge ($145K)!
  • [01/25/2024] $10K Bug Bounty from Google v8CTF (V8/CVE-2023-6702).
  • [10/25/2023] We got 2nd place in cyber security challenge 2023!
  • [10/04/2023] $67K Bug Bounty from Google kernelCTF (Linux/CVE-2023-3390).
  • [07/17/2023] QSYM got a Frontiers of Science Award from ICSB!
  • [06/06/2023] BaseComp is accepted to Usenix Security'23!
  • [01/19/2023] $7K Bug Bounty from Google (V8/CVE-2023-0696).
  • [11/11/2022] QueryX is accepted to IEEE S&P'23!
  • [11/04/2022] ScaleTrust is accepted to ToN'22!

Recent Publications

Junyoung Park, Yunho Kim, Insu Yun (2025). RGFuzz: Rule-Guided Fuzzer for WebAssembly Runtimes (to appear). Proceedings of the 46th IEEE Symposium on Security and Privacy (Oakland).

Haein Lee, Insu Yun (2024). From the Vulnerability to the Victory: A Chrome Renderer 1-Day Exploit’s Journey to v8CTF Glory. TyphoonCon.

Code Slides

Dongok Kim, Seunghyun Lee, Insu Yun (2023). One shot, Triple kill: Pwning all three Google kernelCTF instances with a single 1-day Linux vulnerability. Proceedings of the 2023 Power of Community.

Slides

Eunsoo Kim, Min Woo Baek, CheolJun Park, Dongkwan Kim, Yongdae Kim, Insu Yun (2023). BaseComp: A Comparative Analysis for Integrity Protection in Cellular Baseband Software. Proceedings of the 32nd USENIX Security Symposium (Security).

Slides Paper

HyungSeok Han, JeongOh Kyea, Yonghwi Jin, Jinoh Kang, Brian Park, Insu Yun (2023). QueryX: Symbolic Query on Decompiled Code for Finding Bugs in COTS Binaries. Proceedings of the 44th IEEE Symposium on Security and Privacy (Oakland).

Slides Paper

See all publications

Contact