About Me
TingYu Chen, aka terrynini38514, major in Cyber Security, member of Balsn, love CTF and everything about computer science.
Interests
- Reverse Engineering
- Binary Exploitation
- Fuzzer Development
- Red Team
- Cryptography
Honors
Contest
| Pwn2Own Toronto 2022, Master of Pwn | Dec 9th, 2022 |
|---|
International CTF
Play in Balsn
| DEFCON 32 CTF Finals, 7th place (if this works we’ll get fewer for next year) | Online, Aug. 2024 |
|---|---|
| DEFCON 31 CTF Finals, 3rd place (TWN48) | Las Vegas, Aug. 2023 |
| DEFCON 30 CTF Finals, 9th place (Balsn.217@TSJ.tw) | Online, Aug. 2022 |
| DEFCON 29 CTF Finals, 5th place (HITCON⚔Balsn) | Online, Aug. 2021 |
| DEFCON 28 CTF Finals, 3rd place (HITCON⚔Balsn) | Online, Aug. 2020 |
| DEFCON 27 CTF Finals, 2nd place (HITCON⚔BFKinesiS) | Las Vegas, USA, Aug. 2019 |
| DEFCON 26 CTF Finals, 12th place (BFS) | Las Vegas, USA, Aug. 2018 |
| … |
Solo
| Flare-on 8 Finisher #96 (#1 in Taiwan) | Online, 2021-11-29 11:21 |
|---|---|
| Flare-on 7 Finisher #177 (#2 in Taiwan) | Online, 2020-10-21 10:16 |
| Flare-on 6 Finisher #290 (#8 in Taiwan) | Online, 2019-09-27 06:05 |
| Reversing.kr Finisher #26 | Online, 2018-08-04 19:58 |
Play in DoubleSigma
| DefCamp CTF Finals, 5th place | Bucharest, Romania, Nov. 2018 |
|---|---|
| HITCON CTF Finals, 12th place | Taipei, Taiwan, Nov. 2017 |
Domestic CTF
| AEGIS Finals, 6th place (Virtual Fox) | Nangang, Taiwan, Nov. 2020 |
|---|---|
| 金盾獎 Finals, 嶄露頭角獎 (ankleboy&banana) | Taipei, Taiwan, Nov. 2020 |
| AEGIS Finals, 3rd place (DoubleSigma) | Taipei, Taiwan, Sep. 2019 |
| 金盾獎 Finals, 1st place (curl kaibro.tw |sh) | Taipei, Taiwan, Nov. 2019 |
| AIS3 EOF Finals, 1st place (DoubeSigma) | Taipei, Taiwan, Jan. 2019 |
| 金盾獎 Finals, 鋒芒畢露獎 (DoubleSigma) | Taipei, Taiwan, Oct. 2018 |
| AEGIS Finals, 6th place | Taipei, Taiwan, Oct. 2018 |
| AIS3 Finals, 3rd place | Taipei, Taiwan, Oct. 2018 |
| AIS3 EOF Finals, 1st place (DoubleSigma_Ethereum) | Taipei, Taiwan, Feb. 2018 |
| NTC/NCTU/NTUST 程式安全 Final CTF, 1st place | Online, Dec. 2017 |
| 金盾獎 Finals, 潛力無窮獎 (DoubleSigma) | Taipei, Taiwan, Dec. 2017 |
| 金盾獎 Finalist (AHQ) | Taipei, Taiwan, Nov. 2016 |
Portfolio
Vulnerability Reports(Global)
| CVE-2024-48958 | - Libarchive OOB Read |
|---|---|
| CVE-2024-48957 | - Libarchive OOB Read |
| CVE-2024-38165 | - Patch Bypassing of CVE-2024-26185 |
| CVE-2024-26256 | - Libarchive Remote Code Execution |
| CVE-2024-26185 | - Windows Compressed Folder Tampering |
| CVE-2024-30370 | - WinRAR MotW bypass. Orange’s work ,I actually do nothing |
| CVE-2023-32154 | - RCE, pre-auth WAN RCE of MikroTik RouterOS |
| CVE-2022-46308 | - BAC, able to update/remove all users |
| CVE-2022-46307 | - BAC, able to control door remotely |
| - nm-new, CWE-835 Infinite Loop |
Vulnerability Reports(Taiwan)
| ZD-2023-00191 | - 買動漫,可透過 Line 帳號惡意綁定他人帳號 |
|---|---|
| ZD-2023-00190 | - 買動漫 Open Redirect |
| ZD-2022-00909 | - 陳寗嚴選購物網站除錯日誌外洩 |
| ZD-2022-00471 | - Phison 公司網頁原始碼外洩 |
| ZD-2021-00727 | - 陽明交通大學資電亥客與安全碩士學位學程系所首頁原始碼外洩 |
| ZD-2020-00737 | - 中央大學學務處大一週會網頁已有後門 |
| ZD-2020-00342 | - 中央大學服務學習網 SQL injection |
Contributions
| radareorg/radare2 | - Fix zignature mask from `zj` is differ from `z` (#17180) |
|---|---|
| AFLplusplus/AFLplusplus | - remove redundant unsetenv (#947) |
Certifications
| Offensive Security Certified Professional (OSCP) | Feb. 2021 - PRESENT |
|---|---|
| JLPT N3 | Mar. 2021 - PRESENT |
Presentation
| Hexacon 2023: A Comprehensive Review on the Less-Traveled Road: 9 Years of Overlooked MikroTik Pre-Auth RCE | Oct. 13, 2023 |
|---|---|
| RomHack 2023: A Comprehensive Review on the Less-Traveled Road: 9 Years of Overlooked MikroTik Pre-Auth RCE | Sep. 16, 2023 |
| HITCON 2023: 入無人之徑:於 MikroTik 蟄伏九載的 Pre-Auth RCE | Aug. 18, 2023 |
| DEFCON 2023: A Comprehensive Review on the Less-Traveled Road: 9 Years of Overlooked MikroTik Pre-Auth RCE | Aug. 11, 2023 |
| AIS3 2023: 挖礦初學指南:從 Fuzzing 到被動收入的輕鬆入門,只剩你不知道 | Jul. 26, 2023 |
| AIS3 2023: 沒有 IDA 難道就無法逆向了嗎?IDA豈是如此不便之物! | Jul. 25, 2023 |
| DEVCORE CONF 2023: Remote Door Execution | Mar. 11, 2023 |
| AIS3 2019: Firmware security analysis | Jul. 30, 2019 |
| ISIP Summer Camp: 逆向工程 | Jul. 22, 2020 |
| ISIP Summer Camp: 逆向工程 | Jul. 16-17, 2019 |
| ISIP Winter Camp: PWN-別pwn那裡 | Dec. 16, 2018 |
| ISIP Winter Camp: 逆向工程-逆逆!忍術!沒有F5之術 | Dec. 15, 2018 |
| 臺灣好厲駭培訓課程: Attack&Defence 經驗分享 | Aug. 25, 2018 |
| ISIP Summer Camp: 逆向工程/PWN | Jul. 19, 2018 |
| ISIP Summer Camp: 逆向工程 | Jul. 18, 2018 |
| ISIP Winter Camp: 從程式 debug+reverse 到 PWN 搶旗大賽 | Jan. 31, 2018 |
Educations
| M. S., Graduate Degree Program of Cyber Security, NYCU | Sep. 2019 - Jul. 2021 |
|---|---|
| Bachelor of Science, in Computer Science, NCU | Sep. 2015 - Jun. 2019 |
| National Wu-Ling Senior High School | Aug. 2012 - Jun. 2015 |
Experience
| Security Researcher, DEVCORE | May. 2022 - PRESENT |
|---|---|
| Information Technology Intern, Mediatek | Jul. 2019 - Aug. 2019 |
| Part-time MIS, Health Center, NCU | Jan. 2016 - Jun. 2019 |
| Part-time MIS, Network Systems Division, Computer Center, NCU | Jan. 2016 - Jun. 2017 |