Jongseong Kim

I'm a Cybersecurity undergraduate at Ajou University, graduating in August 2025. I specialize in Windows offensive security and vulnerability research, focusing on discovering security vulnerabilities in Windows COM/RPC services, kernel drivers, and system internals using advanced techniques including static analysis and fuzzing.

I have been recognized as a Microsoft Security Response Center (MSRC) Most Valuable Researcher, ranking in the Global Top 100 across 7 quarters. My research has resulted in 60+ CVE disclosures.

highlights

Oct 2025

Listed on 🪟 MSRC's 2025 Q3 Most Valuable Researcher Leaderboard.

Aug 2025

🏆 Achieved 3rd place at DEF CON 33 CTF with team SuperDiceCode!

Jul 2025

Listed on 🪟 MSRC's 2025 Q2 Most Valuable Researcher Leaderboard.

Jun 2025

⭐ Listed on 🪟 MSRC's 2025 Annual Most Valuable Researcher Leaderboard.

May 2025

Spoke at Off-by-One 2025 in Singapore about Windows COM vulnerabilities.

Apr 2025

Listed on 🪟 MSRC's 2025 Q1 Most Valuable Researcher Leaderboard.

Jan 2025

Listed on 🪟 MSRC's 2024 Q4 Most Valuable Researcher Leaderboard.

Nov 2024

Spoke at CODE BLUE 2024 in Tokyo about msFuzz: systematically fuzzing Windows kernel drivers with symbolic execution.

Oct 2024

Listed on 🪟 MSRC's 2024 Q3 Most Valuable Researcher Leaderboard.

Jul 2024

Listed on 🪟 MSRC's 2024 Q2 Most Valuable Researcher Leaderboard.

Jan 2024

Listed on 🪟 MSRC's 2023 Q4 Most Valuable Researcher Leaderboard.

Experience

Offensive Security Researcher

Sep 2024 – Present

ENKI WhiteHat, Seoul

Focused on Windows offensive security research, analyzing kernel drivers, COM components, and system internals.

Offensive Security Researcher

Mar 2024 – Jul 2024

CW Research, Seoul

Researched Windows kernel security, focusing on fuzzing and vulnerability discovery in kernel drivers.

Best of The Best 12th (Best 10)

Jul 2023 – Mar 2024

KITRI, Vulnerability Analysis Track

Conducted Windows Kernel Driver 0-day research
Reported 100+ vulnerabilities across Windows built-in drivers and 3rd-party drivers

Signal Intelligence/Electronic Warfare Operations

Dec 2021 – Jun 2023

Republic of Korea Army

Served as a cybersecurity specialist in research division.

Conference & Publications

Off-By-One 2025

May 2025

Singapore

J. Kim, D. Kim. "COM-pletely Unplanned: A Windows Bug Hunter's Journey to LPE" [Link]

CODE BLUE 2024

Nov 2024

Tokyo, Japan

S. Park, J. Kim, Y. Park. "1-Click-Fuzz: Systematically Fuzzing the Windows Kernel Driver with Symbolic Execution" [Link]

Honors & Awards

DEF CON 33 CTF — 3rd Place

Aug 2025

Team SuperDiceCode

Achieved 3rd place in the most prestigious global CTF competition.

Financial Security Institute FIESTA 2020 — 3rd Place

Nov 2020

Financial Security Threat Analysis Competition

Vulnerability Disclosures

Research conducted through code auditing, fuzzing, and leveraging LLM-based agents. 60+ CVE disclosures across Microsoft, Apple, and other vendors.

CVE-2025-60717 Nov 2025

Windows Broadcast DVR User Service Vulnerability

CVE-2025-59515 Nov 2025

Windows Broadcast DVR User Service Vulnerability

CVE-2025-59210 Oct 2025

Windows ReFS Deduplication Service Vulnerability

CVE-2025-59198 Oct 2025

Windows Search Service Vulnerability

CVE-2025-59190 Oct 2025

Windows Search Service Vulnerability

view all CVEs →