Building automated hacking systems

  • 515


Modern society becomes more closely related with software. As a result, security vulnerabilities have a more significant impact on physical safety,
national security, individual property, and privacy. The speed of software development in contemporary society surpasses human’s capabilities, and thus,
unresolved vulnerabilities pose significant threats to us.

To address these issues, in this talk, I will discuss our group’s efforts to create an automated hacking system.
In particular, I will share our group’s work on automatic vulnerability detection and automatic exploit generation that has been ongoing for several years.
I will also discuss open questions about this topic.


Insu Yun is an assistant professor at KAIST, currently leading Hacking Lab. He is interested in system security in general, especially, binary analysis, automatic vulnerability detection,
and automatic exploit generation. His work has been published to the major computer conferences such as IEEE Security & Privacy, USENIX Security, and USENIX OSDI.
Particularly, his research won the best paper award from USENIX Security and OSDI in 2018.

In addition to research, he has been participating in several hacking competitions as a hacking expert.
In particular, he won Pwn2Own 2020 by compromising Apple Safari and won DEFCON CTF in 2015 and 2018, which is the world hacking competition.

Prior to joining KAIST, he received his Ph.D. degree in Computer Science from Georgia Tech in 2020.