혁신적인 연구개발을 선도하기 위해 끊임없이 새로운 지식을 탐구하고 발전시키고 있습니다.

티오리는 연구 중심적 그룹이라는 이름에 걸맞게 계속해서 새로운 기술을 분석하고 개발하고 있습니다. 이로써 누구보다 발빠르게 변화에 대응하고 이끌어갈 수 있도록 새로운 세상의 지식을 항상 마주하고 있습니다.

연구는 지속적인 혁신과 발전에 있어 빼놓을 수 없는 요소입니다. 티오리는 끝없는 탐구심과 압도적인 실력으로 사이버 보안이 향해야 하는 길을 개척하며 많은 사람들이 더욱 안전한 세상을 즐길 수 있도록 노력합니다.

우리가 쌓은 지식을 세상과 공유합니다.

티오리에서는 오펜시브 사이버보안 영역의 리더로서 끊임없이 관련 기술을 연구합니다.
이렇게 쌓은 지식은 모두에게 공유함으로써 더욱 큰 의미와 가치를 가진다고 생각합니다.
그래서, 정보 교류가 더 활발해지기를 꿈꾸며 티오리는 적극적으로 정보를 나눕니다.

Publications

논문 및 보고서

공신력 있는 학회를 통해 지속적으로 Top-Tier 급 논문과 연구보고서를 게재하고 있습니다.

Who Spent My EOS? On the (In)Security of Resource Management of EOS.IO

13th USENIX Workshop on Offensive Technologies (WOOT 2019)

Sangsup Lee, Daejun Kim (co-leading author), Dongkwan Kim, Sooel Son, and Yongdae Kim

Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations

In Proceedings of the ACM Conference on Computer and Communications Security

Hongil Kim, Dongkwan Kim, Minhee Kwon, Hyungseok Han, Yeongjin Jang, Dongsu Han, Taesoo Kim, and Yongdae Kim

IMF: Inferred Model-based Fuzzer

In Proceedings of the ACM Conference on Computer and Communications Security

HyungSeok Han, and Sang Kil Cha

CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines

In Proceedings of the Network and Distributed System Security Symposium

HyungSeok Han, DongHyeon Oh, and Sang Kil Cha

B2R2: Building an Efficient Front-End for Binary Analysis

In Proceedings of the NDSS WorkShop on Binary Analysis Research (Best Paper Award)

Minkyu Jung, Soomin Kim, HyungSeok Han, Jaeseung Choi, and Sang Kil Cha

The Art, Science, and Engineering of Fuzzing: A Survey

IEEE Transactions on Software Engineering

Valentin Jean Marie Manès, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, and Maverick Woo

Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer

In Proceedings of the USENIX Security Symposium

Suyoung Lee, HyungSeok Han, Sang Kil Cha, and Sooel Son

Platform-independent programs

In Proceedings of the ACM Conference on Computer and Communications Security

Sang Kil Cha, Brian Pak, David Brumley, Richard Jay Lipton

Presentations

발표

세미나, 컨퍼런스, 강연 등 다양한 발표를 통해 지식과 정보를 공유합니다.

Best Practices and Lessons Learned from Security Consulting

Patch Analysis on Google Chrome

Microsoft Patch Analysis and Exploit Development

H(ack)DMI: Pwning HDMI for Fun and Profit

Fuzzing Javascript Engines for Fun and Pwnage

How to make macOS exploit(from Browser to Kernel)

Femtocell Hacking: From Zero to Zero Day

Fuzzing Javascript Engines

Universal XSS

1-Day Browser and Kernel Exploitation

Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines

IMF: Inferred Model-based Fuzzer

A medley of modern web browser exploits

Vulnerability Disclosure

취약점 제보

안전한 디지털 세상을 위해 치명적인 보안 취약점을 찾고 제보합니다.

Storage Spaces Controller Elevation of Privilege Vulnerability

CVE-2021-26880

2021.03

Windows Win32k Elevation of Privilege Vulnerability

CVE-2021-26900

2021.03

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

CVE-2021-1685

2021.01

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2021-1695

2021.01

Windows InstallService Elevation of Privilege Vulnerability

CVE-2021-1697

2021.01

Windows Print Configuration Elevation of Privilege Vulnerability

CVE-2020-17041

2020.11

Remote Code Exeuction in Windows

CVE-2020-17042

2020.11

Apple macOS powerd Uninitialized Memory Information Disclosure Vulnerability

CVE-2020-10007

2020.12

Win32k Elevation of Privilege Vulnerability

CVE-2020-17010

2020.11

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2020-17014

2020.11

Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability

CVE-2020-17024

2020.11

Windows Print Configuration Elevation of Privilege Vulnerability

CVE-2020-17041

2020.11

Windows Print Spooler Remote Code Execution Vulnerability

CVE-2020-17042

2020.11

Google Chrome libANGLE Insufficient Policy Enforcement Vulnerability

CVE-2020-16005

2020.10

Windows Enterprise App Management Service Information Disclosure Vulnerability

CVE-2020-16919

2020.10

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2020-1030

2020.09

Parallels Desktop prl_hypervisor Incorrect Permission Assignment for Critical Resource Information Disclosure Vulnerability

CVE-2020-17402

2020.08

Chrome WebAudio Use After Free

CVE-2020-6545

2020.08

Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability

CVE-2020-1330

2020.07

Use after free in Google Chrome

CVE-2020-6434

2020.02