About
mak3bread
Penetration Tester | Bug Bounty Hunter | CTF Player · Republic of Korea
Profile
- Bug bounty outcomes including 100+ validated reports
- Active member of Friendly Maltese Citizens, DeadSec, and RubiyaLab
- Public vulnerability disclosures including 6 CVEs
- Offensive security certifications: OSCP/OSCP+, CRTO, CRTL
- NATO CCDCOE Locked Shields South Korea national team, Web Part, 2026 and 2024
Experience
Penetration Tester, Red IRIS
Financial Security Institute (FSI)Conducting penetration testing and red team engagements for financial institutions and related service environments.
Security Consultant, Security Assessment
Financial Security Institute (FSI)Conducted web, mobile, infrastructure, cryptocurrency exchange, and remediation validation assessments for financial services.
App Security Engineer, Service Security
Kakao EnterprisePerformed security reviews for web and mobile services, IaaS/SaaS service assessments, remediation checks, and internal workflow automation.
Bug Bounty
Platform
International
-
X / xAI Bug Bounty, 2025 -
Starbucks Bug Bounty, 2023 -
AWS - Amazon Vulnerability Research Program, 2021
Domestic
-
Find The Gap Bug Bounty Platform, XSS to Account Takeover, 2024
-
-
White Hat Together Bug Bounty competition, 3rd place, 2023
-
Ridibooks Bug Bounty, CSRF to Account Takeover, 2023
-
FSI Bug Bounty, 6 vulnerabilities, 2022 -
Kakao Bug Bounty, KVE-2021-0007 and KVE-2021-0904, 2021 -
CTF Results
DEF CON CTF Quals
#21 · Friendly Maltese Citizens · May 2026
hxp 39C3 CTF
#4 · Friendly Maltese Citizens · Dec 2025
ASIS CTF Finals 2025
#3 · RubiyaLab · Dec 2025
Infobahn CTF 2025
#4 · DeadSec · Nov 2025
QnQSec CTF 2025
#3 · DeadSec · Oct 2025
EnigmaXplore 3.0 CTF
#5 · RubiyaLab · Oct 2025
FIESTA 2025
#3 · 테더팔자보이즈 · Sep 2025
HITCON CTF
#2 · Friendly Maltese Citizens · Aug 2025
Brunner CTF
#1 · RubiyaLab · Aug 2025
World Wide CTF
#2 · RubiyaLab · Jul 2025
No Hack No CTF
#3 · RubiyaLab · Jul 2025
FIESTA 2023
#4 · 그치만 4등이라도 하지 않으면 부장님이 봐주지 않는걸 · Sep 2023
CVE
- CVE-2025-15067 Unrestricted File Upload and RCE in Innorix WP Dec 2025
- CVE-2025-15066 Arbitrary File Download through Path Traversal in Innorix WP Dec 2025
- CVE-2025-52059 Undisclosed 2025
- CVE-2024-57338 Arbitrary file upload in CROWNIX Report & ERS May 2025
- CVE-2024-57337 Arbitrary file upload in CROWNIX Report & ERS May 2025
- CVE-2024-57336 Admin Account Takeover in CROWNIX Report & ERS May 2025
Certifications
Training
NATO CCDCOE Locked Shields
South Korea Web Team participant for live-fire cyber defense exercises involving code audits, vulnerability assessments, patching, incident response, and technical reporting.
Best of the Best (BoB), Vulnerability Analysis Track
Completed vulnerability analysis training and built an Android APK analysis workflow using CodeQL.