아멘

About

Main Field: 0-Day Research in Web2.0, Android and Audit in Web3.0 (Solidity(EVM), Cairo(CVM/L2) and MyGoal: to become independent from corporate life
Web3.0 Blog, Web2.0 Blog, Diary, Email, @P0cas, X

Work Experience

Security Researcher, NSHC (RedAlert)

Apr, 2022 - Present
Security Consultant, ██ ████████

Nov, 2021 - Dec, 20212 months
Security Consultant, ██ ████████

Aug, 2021 - Sep, 20211 months

Experience

Activity

CTF Player, No team

Apr, 2020 - Present

Participate alone often, these days, only participate in Web3.0
Dreamhack Challenge Author
- ~~easyxss-v2 (XSS, SSRF, IDOR, URL Parser Confusing) at Dreamhack#451~~
- easyxss (XSS, Hostname Bypass) at Dreamhack#273
- Environment Pollution (Prototype Pollution, Strtoupper) at Dreamhack#205
URLParserCon

NPM Researching
- There are various flaws in many URL parsers. This flaw can lead to SSRF, XSS, and Open Redirect
- Have listed the various URL Parser modules of NPM. Found 0-Day in the parser and reported it.
- Earned $4,170 through this project

Bug Bounty

Web3 Audit Contests, Code4rena, Sherlock, Codehawks

Feb, 2025 - Present
Web2 Bug Bounty, In the world ($18,613)

Sep, 2021 - Present
- CVE-2021-3815, CVE-2021-3829, CVE-2021-3831 ~ CVE-2022-21649, CVE-2023-1117,CVE-2023-6013, CVE-2024-57711 (NN+/$15513.5)
- NBB-2081, NBB-2082, NBB-2083, NBB-2153, NBB-2256, NBB-2285, NBB-2286, NBB-2287, NBB-2292 ($1,000)
- KVE-2021-1229, KVE-2021-1276, KVE-2021-1416, KVE-2021-1417, KVE-2021-1456, KVE-2021-1462, KVE-2021-1464 (1,600)
- Leak all write ups via IDOR in dreamhack.io ($500)
- Just XSS Sanitizer flaw - VULN-064235
- 0-Day, Copy and Paste ReDos in github.com
- 4 XSS in Rakuten, [1], [2], [3], [4]

Jeongwon Jo (Pocas)

About

Work Experience

Activity

Bug Bounty