A leader in
offensive cybersecurity.

Offensive security is a proactive approach to protecting computer systems,
networks and individuals from attacks.

The security and stability of services and products are tested from an attacker perspective,
so that they can be fixed before malicious attacks occur.

Unmatched
performance

Theori consists of elite hackers who have won many international competitions. The team continues to make top-class achievements.

Continuous
advancement

Innovative research and development is at the core of Theori. We are always challenge-hungry, and never settle for the status quo.

Growth
as a team

Team work enables us to solve seemingly impossible challenges. We support each other and grow together as one team.

We make the world a safer place with continuous research
and technology-driven approaches.

Publications

Continuous top-tier conference publications.

Who Spent My EOS? On the (In)Security of Resource Management of EOS.IO

13th USENIX Workshop on Offensive Technologies (WOOT 2019)

Sangsup Lee, Daejun Kim (co-leading author), Dongkwan Kim, Sooel Son, and Yongdae Kim

Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations

In Proceedings of the ACM Conference on Computer and Communications Security

Hongil Kim, Dongkwan Kim, Minhee Kwon, Hyungseok Han, Yeongjin Jang, Dongsu Han, Taesoo Kim, and Yongdae Kim

IMF: Inferred Model-based Fuzzer

In Proceedings of the ACM Conference on Computer and Communications Security

HyungSeok Han, and Sang Kil Cha

CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines

In Proceedings of the Network and Distributed System Security Symposium

HyungSeok Han, DongHyeon Oh, and Sang Kil Cha

B2R2: Building an Efficient Front-End for Binary Analysis

In Proceedings of the NDSS WorkShop on Binary Analysis Research (Best Paper Award)

Minkyu Jung, Soomin Kim, HyungSeok Han, Jaeseung Choi, and Sang Kil Cha

The Art, Science, and Engineering of Fuzzing: A Survey

IEEE Transactions on Software Engineering

Valentin Jean Marie Manès, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, and Maverick Woo

Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer

In Proceedings of the USENIX Security Symposium

Suyoung Lee, HyungSeok Han, Sang Kil Cha, and Sooel Son

Platform-independent programs

In Proceedings of the ACM Conference on Computer and Communications Security

Sang Kil Cha, Brian Pak, David Brumley, Richard Jay Lipton

Presentations

Sharing our knowledge with the world.

BROWSER HACKING WITH ANGLE

WACON 2022 보안성 강화 토론회

Best Practices and Lessons Learned from Security Consulting

Patch Analysis on Google Chrome

Microsoft Patch Analysis and Exploit Development

H(ack)DMI: Pwning HDMI for Fun and Profit

Fuzzing Javascript Engines for Fun and Pwnage

How to make macOS exploit(from Browser to Kernel)

Femtocell Hacking: From Zero to Zero Day

Fuzzing Javascript Engines

Universal XSS

1-Day Browser and Kernel Exploitation

Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines

IMF: Inferred Model-based Fuzzer

A medley of modern web browser exploits

Vulnerability Disclosure

Responsible disclosure to make the digital space safer.

Storage Spaces Controller Elevation of Privilege Vulnerability

CVE-2021-26880

2021.03

Windows Win32k Elevation of Privilege Vulnerability

CVE-2021-26900

2021.03

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

CVE-2021-1685

2021.01

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2021-1695

2021.01

Windows InstallService Elevation of Privilege Vulnerability

CVE-2021-1697

2021.01

Windows Print Configuration Elevation of Privilege Vulnerability

CVE-2020-17041

2020.11

Remote Code Exeuction in Windows

CVE-2020-17042

2020.11

Apple macOS powerd Uninitialized Memory Information Disclosure Vulnerability

CVE-2020-10007

2020.12

Win32k Elevation of Privilege Vulnerability

CVE-2020-17010

2020.11

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2020-17014

2020.11

Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability

CVE-2020-17024

2020.11

Windows Print Configuration Elevation of Privilege Vulnerability

CVE-2020-17041

2020.11

Windows Print Spooler Remote Code Execution Vulnerability

CVE-2020-17042

2020.11

Google Chrome libANGLE Insufficient Policy Enforcement Vulnerability

CVE-2020-16005

2020.10

Windows Enterprise App Management Service Information Disclosure Vulnerability

CVE-2020-16919

2020.10

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2020-1030

2020.09

Parallels Desktop prl_hypervisor Incorrect Permission Assignment for Critical Resource Information Disclosure Vulnerability

CVE-2020-17402

2020.08

Chrome WebAudio Use After Free

CVE-2020-6545

2020.08

Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability

CVE-2020-1330

2020.07

Use after free in Google Chrome

CVE-2020-6434

2020.02

Define the new standard
of cybersecurity.