d3lu0.

CV

avatar
mailMailgithubGitHub

d3lu00@gmail.com

D3LU0

d3lu0 · Vulnerability Researcher

Vulnerability Researcher

Korean security researcher (d3lu0) focused on memory-corruption vulnerabilities, fuzzing, exploit dev.

Education

  • Sangmyung University

    B.S. Information Security Engineering

    GPA 4.45 / 4.5 · CodeCure Club Member

    2022.03 –

Experience & Activities

  • Best of the Best 14th — Vulnerability Analysis Track

    Trainee · PM, r0s4ngeles team, Whitehat 10(Top 20) · KITRI/KISA

    Layer-by-layer ROS 2 / DDS analysis with a 6-person team. 20 bugs, 11 CVE / GHSA issued, first public RCE-primitive demonstration on a real robot (TurtleBot3).

    2025.07 – 2026.01

  • B4C System Bug Hunting Track 1st cohort

    Elite 3

    2025.03 – 2025.06

  • B4C System Hacking Track 10th cohort

    Completed

    2024.08 – 2024.11

  • ROK Ground Operations Command — CERT

    Information Security Soldier

    2023.02 – 2024.08

Selected Projects

BoB 14 — r0s4ngeles · ROS 2 / DDS

PM, 6-person team · 2025.07 – 2026.01

Layer-by-layer analysis of the ROS 2 stack — Application (Nav2, Autoware), Client (RCL/RCLCPP), Middleware (RMW), DDS (Fast-DDS, CycloneDDS). 20 bugs, 11 CVE / GHSA issued, first public OOB-Read primitive on Fast-DDS Discovery Server (libc-base leak → ASLR bypass), and a TurtleBot3 remote DoS reproduced over Wi-Fi. Accepted to ROSCon KR 2026.

25–26

1-day Dumb Fuzzer

Solo · 2025.05

Targeted dumb fuzzer reproducing CVE-2024-3024. Open-source auditing → fuzzing-point selection → seed generation hitting the vulnerable function → field-scoped pcap mutation → ASAN crash logging. Crashing seeds are persisted by exit code for triage.

2025

CodeCure — IT THON & PWN mentoring

Problem-setter · Mentor · 2024.11 –

Authored 5 PWN challenges (easy_bof, lottery_flag, canary, -1, Thunder echo) and gave the PWN intro lecture for IT THON 2024 (Sangmyung Univ., 2024.11). PWN mentor for the CodeCure club (2025.02 – ) running weekly assignments and a 6-week winter study.

24–

Presentations

  • ROSCon Korea 2026

    r0s4ngeles · ROS 2 / DDS vulnerability research

    2026

Awards

  • [CTF] Sejong Hacktheon Advanced - Finalist

    2026

  • [EDU] Best of the Best 14th — Whitehat 10(Top 20)

    2026

  • [CTF] Chungcheong Regional Cyber Security Competition - Finalist

    2025

Public CVE / GHSA

  • Fast-DDS

    OOM · Heap BOF · OOB Read · OOB Read primitive (libc-base leak / ASLR bypass)

    CVE-2026-22591CVE-2026-22590CVE-2025-65016CVE-2025-64438CVE-2025-64098CVE-2025-62799CVE-2025-62603CVE-2025-62602CVE-2025-62601CVE-2025-62600

  • CycloneDDS

    OOB Write / Heap BOF

    GHSA-j236-gff3-qm5r

  • Autoware

    OOM, OOB Read (+1 in coordination)

    CVE-2026-26506

Certifications

  • CCNA

    Cisco Certified Network Associate

    2022.07 – 2025.07

Mentoring

  • CodeCure (Sangmyung Univ.) — PWN Mentor

    Weekly assignment + presentation format. Ran a 6-week winter PWN study (2025.01 – 02).

    2025.02 –

  • IT THON 2024 (Sangmyung Univ.)

    PWN problem-setter & lecturer

    Authored 5 PWN challenges (easy_bof, lottery_flag, canary, -1, Thunder echo) and gave the PWN intro lecture for non-major participants.

    2024.11

  • INCOGNITO Team Project

    Mentor

    2026.03 – 04

Skills

  • Vulnerability Analysis
  • Fuzzing
  • V8 Internals
  • Browser Exploitation
  • ROS 2 / DDS
  • RTPS
  • CodeQL Taint
  • Reverse Engineering
  • Binary Exploitation
  • Root Cause Analysis
  • Python
  • C / C++