Harold Kim
Backend Developer • Security Researcher
github stypremail root@stypr.com  ‹PGP›   ctftime stypr






Computer Specialist, University of Toronto Sept. 2014 - PRESENT
2y 6 months
» Currently studying as an undergraduate, and is going to acquire a Bachelor’s degree.
(Currently on a leave, due to serveral reasons including military completion and job employment.)
International Baccalaureate Diploma Sept. 2012 - June 2014
1y 9 months
» Acquired International Baccalaureate Diploma for Secondary School.
» Studied in an Indian International school.
(Physics HL, Computer Science HL, Mathematics HL, English B HL, Korean A SL, Economics SL)


Full-time Security Researcher, SEWorks Inc. (website) June 2014 - Nov 2016
2y 4 months
» Focusing mainly on core server management and backend service development.
» Developed core products, including product maintanence. (Uses python, GoLang+Redis, PHP, Java, etc.)
» Frequently performs vulnerability checks and penetration tests on core products.
» Security/development researches for future developments.


2016 1st place on CTFTime! \o/
2016 2nd place, EKOPARTY CTF 2016 Latin America
2016 2nd place, Silk Road CTF 2016 Karamay, China
2016 1st place, ASIS CTF Finals Tehran, Iran
2016 1st place, C4CTF 2016 Riyadh, Saudi Arabia
2016 1st place, TU CTF 2016 Tulsa, OK
2016 1st place, Sharif University CTF Tehran, Iran
2016 2nd place, Internetwache CTF Berlin, Germany
2015 1st place, Hack Zone Tunisia 2015 Manouba, Tunisia
2015 1st place, Break In 2015 Hyderabad, India
2015 Finalist, CSAW CTF 15 Hacking Competition NA Finals Brooklyn, NY
2014 Finalist, CSAW CTF 14 Hacking Competition NA Finals Brooklyn, NY
2014 Finalist, DEFCON 22nd CTF Hacking Competition World Finals Las Vegas, NV
2014 2nd place. Olympic Sochi CTF 2015 (Acquired DEFCON Qualifier)
2015 1st place, 14th HUST Hacking Festival Seoul, South Korea
2015 1st place, 2015 Inc0gnito Hacking Competition Seoul, South Korea
» My team got #6(918pt) in 2015 (@dcua) and #5(820pt) in 2014 (@penthackon) on ctftime.
» Note that there are a lot of competitions that I've done so far. Some of them were archived in //github.com/stypr/ctf.


spwn — stypr's semi web fuzzing framework. TBD

» Includes automated sourcecode analysis, general-purpose crawler, sqli helper, etc.
» Works for latests trends of web developement (i.e. Usage of docker containers, Various agile developement, etc)
» Still under developmenet, however most of main features work.
» Found several critical vulnerabilties through this framework.
Web Fuzzer Development and its Utilization June 2014
Talked on WOWHACKER 2nd Seminar. Seoul, Korea

» a.k.a. Introduction to web fuzzer development.
» Demonstrated the process of web fuzzer development and its utilization, including the practical usage of fuzzers and its utilizations.
» Presentations available at //goo.gl/VabWPK
Stereotyped Challenges Oct. 2014 - PRESENT
2y 5 months

» Operating and developing a website that consists of extremely technical offensive security challenges.
» Sourcecode available at //github.com/stypr/chall.stypr.com


Language ASM (Mediocre), C (Mediocre), Go (Fluent), Java (Fluent), PHP (Native), Python (Native), SQL (Native), VB.NET (Native).
Korean (Native), English (Native), Mandarin (Poor)
Softwares IDA+Hex-rays, WireShark, Chrome/Firefox devtools, My own fuzzer), Ollydbg, NetCat,
HeidiSQL, HxD, Git, VMWare/qemu, etc. Fan of Debian (But.. this server's on Ubuntu!).