About

Hello! I’m David Lee, also known as hamustar – a nickname that I participate in bug bounties and capture the flag competitions.

I’m a cybersecurity enthusiast, web bug hunter, CTF player, and an undergraduate student pursuing a degree in cybersecurity.

I LOVE hunting bugs! It’s one of my biggest hobbies lol

Feel free to reach out to me at leetdave21@gmail.com for collaborations, inquiries, or just to say hello!

Experience

• Cybersecurity Research Aide, Cybersecurity and Trusted Foundations, Global Security Initiative
  – Conducting Phishing Research
• Verified Bug Hunter, Patchday
  – Ranked 7th most impactful ethical hacker

Education

• Korea University
  – 2022.03 ~ (current)
  – B.S. in Smart Security (Cybersecurity)
  – Korea University Excellence(B) Academic Achievement Scholarship (2023 Spring)
  – Korea University Excellence(A) Academic Achievement Full Scholarship (2023 Fall, 2024 Fall)
  – National Institute for International Education GKS Scholarship
  
  
• Arizona State University (Visiting University Student)
  – Attending in Fall 2024 Semester
  – Taking lectures in Computer Science, mainly on Cybersecurity courses.

Disclosed CVE

• CVE-2023-5757
  – https://nvd.nist.gov/vuln/detail/CVE-2023-5757
  – https://www.cve.org/CVERecord?id=CVE-2023-5757
  – https://hamustar.com/cve-2023-5757-how-i-found-stored-xss-from-100k-downloaded-plugin/
• CVE-2023-5911
  – https://nvd.nist.gov/vuln/detail/CVE-2023-5911
  – https://www.cve.org/CVERecord?id=CVE-2023-5911

Reported Vulnerabilities

• CVSS score 9.0 Critical Severity Vulnerability (1500$ bounty) in {REDACTED}
  – Received 2000000 KRW bounty, not allowed to disclose the details
  
  
• CVSS score 8.6 High Severity Vulnerability (1000$ bounty) in {REDACTED}
  – Received 1000000 KRW bounty, not allowed to disclose the details
  
  
• CVSS score 9.8 Critical Severity Vulnerability (200$ bounty) in {REDACTED}
  – Received 250000 KRW bounty, not allowed to disclose the details
  
  
• {REDACTED} Vulnerability in Tistory
  
  
• {REDACTED} Vulnerability in lacity.org
  
  
• Full Account Takeover in Korea University Laboratory Safety Website
  
  
• and other vulnerabilities that are not listed here…

CTF Competitions (a.k.a Ethical Hacking Competitions)

• WolvCTF (University of Michigan), 15th / 622 Teams. Mar. 2024
• Sandiego CTF (University of California, San Diego), 7th / 216 Teams. May. 2024
• HSpace Quals CTF, 1th Sep. 2024

Involvement

1.  Korea University Institute of Computer Security
   – CTF Player
   – Exploit Development in Linux Kernel
   – Speaker at S.K.S Security Conference.
   
   
2. ASU Hacking Club
   – CTF Player
   

last updated in 2024-10-22