1. Managed all phases of the project as a leader • Interacted with customers and managed project member • Managed detailed work breakdown structures (WBS) • Managed quality of project output 2. Penetration Testing of Automotive(ECU, In-vehicle infotainment System, etc.) • Developed Penetration Testing attack scenario through attack surface analysis. • Drew attack tree based on attack path • Performed reverse engineering ARM, AArch64, PPC(Power PC), Renesas, Infineon TriCore, intel, etc. • Analyzed Encryption(AES, ARIA, etc.) and Dgital signature(RSA) logic vulnerabilities (ARM TrustZone, HSM, etc.) • Analyzed firmware update procedure vulnerabilities(OTA (Over-The-Air), USB, and UDS(Unified Diagnostic Services) Reprogramming • Analyzed USB(Andorid Auto, Car Play, Mirror Link .etc) implementation logic vulnerabilities • Analyzed interface implementation logic vulnerabilities(WiFi, Bluetooth, DAB(Digital audio broadcasting), GPS, etc.) • Analyzed security functions (Secure Boot, Smack, etc.) • Performed hardware reverse engineering using JTAG and UART • Extracted firmware using Flash Memory Dump • Analyzed operating system security • Developed English resultant documentation, including security assessment report, penetration test report, and measures guide 3. Penetration Testing of Web application, APP, CS, IoT • Worked on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets • Communicated technical vulnerabilities and remediation steps to developers and management • Worked with application developers to validate, assess, understand root cause and mitigate vulnerabilities 4. Developed cyber security Consulting service • Analyzed Standard and Regulation(UNCE UNR.155, ISO 21434, SAE j3061, etc.) • Developed Checklist for CSMS(Cyber Security Management System) • Developed Cyber security Attack Scenarios for VTA(Vehicle Type Approval)

更多

• Performed Penetration Testing of IoT, ICS, WEB, Security SW • Developed Penetration Testing attack scenario through attack surface analysis • Performed reverse engineering ARM, MIPS, etc. • Analyzed firmware vulnerabilities • Drew attack tree based on threat modeling • Developed list of classifications of cyber attack technologies • Developed cyber security emergency response and recovery plan • Developed cyber security technology applicability evaluation method

更多

• Performed Penetration Testing of IoT • Developed Penetration Testing attack scenario through attack surface analysis • Performed reverse engineering ARM • Analyzed firmware vulnerabilities

更多