A leader in
offensive cybersecurity.

Offensive security is a proactive approach to protecting computer systems,
networks and individuals from attacks.

The security and stability of services and products are tested from an attacker perspective,
so that they can be fixed before malicious attacks occur.

Unmatched
performance

Theori consists of elite hackers who have won many international competitions. The team continues to make top-class achievements.

Continuous
advancement

Innovative research and development is at the core of Theori. We are always challenge-hungry, and never settle for the status quo.

Growth
as a team

Team work enables us to solve seemingly impossible challenges. We support each other and grow together as one team.

We make the world a safer place with continuous research
and technology-driven approaches.

Publications

Continuous top-tier conference publications.

QueryX: Symbolic Query on Decompiled Code for Finding Bugs in COTS Binaries

2023 IEEE Symposium on Security and Privacy (SP)

HyungSeok Han, JeongOh Kyea, Yonghwi Jin, Jinoh Kang, Brian Pak, Insu Yun

Who Spent My EOS? On the (In)Security of Resource Management of EOS.IO

13th USENIX Workshop on Offensive Technologies (WOOT 2019)

Sangsup Lee, Daejun Kim (co-leading author), Dongkwan Kim, Sooel Son, and Yongdae Kim

Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations

In Proceedings of the ACM Conference on Computer and Communications Security

Hongil Kim, Dongkwan Kim, Minhee Kwon, Hyungseok Han, Yeongjin Jang, Dongsu Han, Taesoo Kim, and Yongdae Kim

IMF: Inferred Model-based Fuzzer

In Proceedings of the ACM Conference on Computer and Communications Security

HyungSeok Han, and Sang Kil Cha

CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines

In Proceedings of the Network and Distributed System Security Symposium

HyungSeok Han, DongHyeon Oh, and Sang Kil Cha

B2R2: Building an Efficient Front-End for Binary Analysis

In Proceedings of the NDSS WorkShop on Binary Analysis Research (Best Paper Award)

Minkyu Jung, Soomin Kim, HyungSeok Han, Jaeseung Choi, and Sang Kil Cha

The Art, Science, and Engineering of Fuzzing: A Survey

IEEE Transactions on Software Engineering

Valentin Jean Marie Manès, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, and Maverick Woo

Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer

In Proceedings of the USENIX Security Symposium

Suyoung Lee, HyungSeok Han, Sang Kil Cha, and Sooel Son

Platform-independent programs

In Proceedings of the ACM Conference on Computer and Communications Security

Sang Kil Cha, Brian Pak, David Brumley, Richard Jay Lipton

Presentations

Sharing our knowledge with the world.

Cyber Resilience Strategies

소프트킬 능력 확보를 위한 사이버 전력

Security in Django: ReBAC 구조 설계하기

BROWSER HACKING WITH ANGLE

WACON 2022 보안성 강화 토론회

Best Practices and Lessons Learned from Security Consulting

Patch Analysis on Google Chrome

Microsoft Patch Analysis and Exploit Development

H(ack)DMI: Pwning HDMI for Fun and Profit

Fuzzing Javascript Engines for Fun and Pwnage

How to make macOS exploit(from Browser to Kernel)

Femtocell Hacking: From Zero to Zero Day

Fuzzing Javascript Engines

Universal XSS

1-Day Browser and Kernel Exploitation

Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines

IMF: Inferred Model-based Fuzzer

A medley of modern web browser exploits

Vulnerability Disclosure

Responsible disclosure to make the digital space safer.

Google Chrome SwiftShader Out-of-bounds Write Vulnerability

CVE-2023-2929

2023.05

Linux kernel Use-After-Free

CVE-2023-32269

2023.05

Linux Kernel QFQ Scheduler OOB Read/Write Local Privlige Escalation

CVE-2023-31436

2023.05

Windows AFD Elevation of Privilege

CVE-2023-28218

2023.04

Apple ColorSync Arbitrary File Read

CVE-2023-27955

2023.03

Ubuntu Desktop Elevation of Privilege

ZDI-CAN-20717(Pwn2Own)

2023.03

Linux kernel nftables Null Pointer Dereference

CVE-2023-1095

2023.02

Google Chrome SwiftShader Use-After-Free Vulnerability

CVE-2023-1213

2023.01

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2023-21760

2023.01

Windows Installer Elevation of Privilege Vulnerability

CVE-2023-21542

2023.01

Google Chrome Profile Use-After-Free Vulnerability

CVE-2022-4191

2022.11

Linux kernel Use-After-Free

CVE-2022-45919

2023.11

Connected User Experiences and Telemetry Elevation of Privilege Vulnerability

CVE-2022-38021

2023.10

Linux Kernel IPv4 FIB Out-Of-Bounds Read Information Disclosure Vulnerability

CVE-2022-3435

2022.09

Apple WebKit WebGL2 drawRangeElements Out-Of-Bounds Read Information Disclosure Vulnerability

CVE-2022-32912

2022.09

Linux Kernel nftables Uninitialized Variable Information Disclosure Vulnerability

CVE-2022-42432

2022.09

Linux kernel nftables Null Pointer Dereference

CVE-2022-39190

2022.09

Attackers can elevate the privilege from users to SYSTEM by the flaw in Cloud File Mini Filter Driver

CVE-2022-35757

2022.08

Linux Kernel SFB flow scheduler Use-After-Free Information Disclosure Vulnerability

CVE-2022-3586

2022.07

Attackers can elevate the privilege from users to SYSTEM by the flaw in Spooler Service

CVE-2022-22041

2022.07

Define the new standard
of cybersecurity.