NiNi

TingYu Chen, aka NiNi, major in Cyber Security, member of Balsn, love CTF and everything about computer science.

// Interests //

Reverse Engineering

Binary Exploitation

Fuzzer Development

Red Team

Cryptography

// Honors //

Contest

Pwn2Own Toronto 2022, Master of Pwn

Dec 9th, 2022

International CTF

Play in Balsn

DEFCON 32 CTF Finals, 7th place (if this works we'll get fewer for next year)	Online, Aug. 2024
DEFCON 31 CTF Finals, 3rd place (TWN48)	Las Vegas, Aug. 2023
DEFCON 30 CTF Finals, 9th place (Balsn.217@TSJ.tw)	Online, Aug. 2022
DEFCON 29 CTF Finals, 5th place (HITCON⚔Balsn)	Online, Aug. 2021
DEFCON 28 CTF Finals, 3rd place (HITCON⚔Balsn)	Online, Aug. 2020
DEFCON 27 CTF Finals, 2nd place (HITCON⚔BFKinesiS)	Las Vegas, USA, Aug. 2019
DEFCON 26 CTF Finals, 12th place (BFS)	Las Vegas, USA, Aug. 2018
...

Solo

Flare-on 8 Finisher #96 (#1 in Taiwan)	Online, 2021-11-29 11:21
Flare-on 7 Finisher #177 (#2 in Taiwan)	Online, 2020-10-21 10:16
Flare-on 6 Finisher #290 (#8 in Taiwan)	Online, 2019-09-27 06:05
Reversing.kr Finisher #26	Online, 2018-08-04 19:58

Play in DoubleSigma

DefCamp CTF Finals, 5th place	Bucharest, Romania, Nov. 2018
HITCON CTF Finals, 12th place	Taipei, Taiwan, Nov. 2017

Domestic CTF

AEGIS Finals, 6th place (Virtual Fox)	Nangang, Taiwan, Nov. 2020
金盾獎 Finals, 嶄露頭角獎 (ankleboy&banana)	Taipei, Taiwan, Nov. 2020
AEGIS Finals, 3rd place (DoubleSigma)	Taipei, Taiwan, Sep. 2019
金盾獎 Finals, 1st place (curl kaibro.tw \|sh)	Taipei, Taiwan, Nov. 2019
AIS3 EOF Finals, 1st place (DoubeSigma)	Taipei, Taiwan, Jan. 2019
金盾獎 Finals, 鋒芒畢露獎 (DoubleSigma)	Taipei, Taiwan, Oct. 2018
AEGIS Finals, 6th place	Taipei, Taiwan, Oct. 2018
AIS3 Finals, 3rd place	Taipei, Taiwan, Oct. 2018
AIS3 EOF Finals, 1st place (DoubleSigma_Ethereum)	Taipei, Taiwan, Feb. 2018
NTC/NCTU/NTUST 程式安全 Final CTF, 1st place	Online, Dec. 2017
金盾獎 Finals, 潛力無窮獎 (DoubleSigma)	Taipei, Taiwan, Dec. 2017
金盾獎 Finalist (AHQ)	Taipei, Taiwan, Nov. 2016

// Portfolio //

Vulnerability Reports (Global)

CVE-2025-2233	Samsung SmartThings Auth Bypass
CVE-2024-48958	Libarchive OOB Read
CVE-2024-48957	Libarchive OOB Read
ClickHouse BugCrowd (2/2)	private
ClickHouse BugCrowd (1/2)	private
CVE-2024-38165	Patch Bypassing of CVE-2024-26185
CVE-2024-26256	Libarchive Remote Code Execution
CVE-2024-26185	Windows Compressed Folder Tampering
CVE-2024-30370	WinRAR MotW bypass. Orange's work ,I actually do nothing
CVE-2023-32154	RCE, pre-auth WAN RCE of MikroTik RouterOS
CVE-2022-46308	BAC, able to update/remove all users
CVE-2022-46307	BAC, able to control door remotely
~~CVE-2021-3648~~ (duplicated QQ)	nm-new, CWE-835 Infinite Loop

Vulnerability Reports (Taiwan)

ZD-2023-00191	買動漫，可透過 Line 帳號惡意綁定他人帳號
ZD-2023-00190	買動漫 Open Redirect
ZD-2022-00909	陳寗嚴選購物網站除錯日誌外洩
ZD-2022-00471	Phison 公司網頁原始碼外洩
ZD-2021-00727	陽明交通大學資電亥客與安全碩士學位學程系所首頁原始碼外洩
ZD-2020-00737	中央大學學務處大一週會網頁已有後門
ZD-2020-00342	中央大學服務學習網 SQL injection

// Presentation //

DEVCORE CONF 2025 只需一次 API 呼叫的致命一擊：從硬體逆向到突破保護機制的精準攻擊	Mar. 15, 2025
SITCON 2025 獨自升級的駭客：自由之路從框架開始	Mar. 8, 2025
CCC 38C3 From Convenience to Contagion: The Libarchive Vulnerabilities Lurking in Windows 11	Dec. 30, 2024
HITCON 2024 全境擴散：從 Windows 11 到 libarchive 的深層威脅與全面影響	Aug. 23, 2023
Hexacon 2023: A Comprehensive Review on the Less-Traveled Road: 9 Years of Overlooked MikroTik Pre-Auth RCE	Oct. 13, 2023
RomHack 2023: A Comprehensive Review on the Less-Traveled Road: 9 Years of Overlooked MikroTik Pre-Auth RCE	Sep. 16, 2023
HITCON 2023: 入無人之徑：於 MikroTik 蟄伏九載的 Pre-Auth RCE	Aug. 18, 2023
DEFCON 2023: A Comprehensive Review on the Less-Traveled Road: 9 Years of Overlooked MikroTik Pre-Auth RCE	Aug. 11, 2023
AIS3 2023: 挖礦初學指南：從 Fuzzing 到被動收入的輕鬆入門，只剩你不知道	Jul. 26, 2023
AIS3 2023: 沒有 IDA 難道就無法逆向了嗎？IDA豈是如此不便之物！	Jul. 25, 2023
DEVCORE CONF 2023: Remote Door Execution	Mar. 11, 2023
AIS3 2019: Firmware security analysis	Jul. 30, 2019
ISIP Summer Camp: 逆向工程	Jul. 22, 2020
ISIP Summer Camp: 逆向工程	Jul. 16-17, 2019
ISIP Winter Camp: PWN-別pwn那裡	Dec. 16, 2018
ISIP Winter Camp: 逆向工程-逆逆！忍術！沒有F5之術	Dec. 15, 2018
臺灣好厲駭培訓課程: Attack&Defence 經驗分享	Aug. 25, 2018
ISIP Summer Camp: 逆向工程/PWN	Jul. 19, 2018
ISIP Summer Camp: 逆向工程	Jul. 18, 2018
ISIP Winter Camp: 從程式 debug+reverse 到 PWN 搶旗大賽	Jan. 31, 2018

// Certifications //

OffSec Exploitation Expert (OSEE)	Feb. 2025 - PRESENT
Amateur Radio Operator Class 2	Dec. 23, 2024 - PRESENT
Amateur Radio Operator Class 3	Oct. 28, 2024 - Dec. 23, 2024
Offensive Security Certified Professional (OSCP)	Feb. 2021 - PRESENT
JLPT N3	Mar. 2021 - PRESENT

OffSec Exploitation Expert (OSEE) Certificate

Offensive Security Certified Professional (OSCP) Certificate

// Educations //

M. S., Graduate Degree Program of Cyber Security, NYCU
Sep. 2019 - Jul. 2021
Bachelor of Science, in Computer Science, NCU
Sep. 2015 - Jun. 2019
National Wu-Ling Senior High School
Aug. 2012 - Jun. 2015

// Experience //

Security Researcher, DEVCORE
May. 2022 - PRESENT
Information Technology Intern, Mediatek
Jul. 2019 - Aug. 2019
Part-time MIS, Health Center, NCU
Jan. 2016 - Jun. 2019
Part-time MIS, Network Systems Division, Computer Center, NCU
Jan. 2016 - Jun. 2017

NiNi

// Interests //

Reverse Engineering

Binary Exploitation

Fuzzer Development

Red Team

Cryptography

// Honors //

Contest

International CTF

Play in Balsn

Solo

Play in DoubleSigma

Domestic CTF

// Portfolio //

Vulnerability Reports (Global)

Vulnerability Reports (Taiwan)

// Presentation //

// Certifications //

// Educations //

M. S., Graduate Degree Program of Cyber Security, NYCU

Bachelor of Science, in Computer Science, NCU

National Wu-Ling Senior High School

// Experience //

Security Researcher, DEVCORE

Information Technology Intern, Mediatek

Part-time MIS, Health Center, NCU

Part-time MIS, Network Systems Division, Computer Center, NCU