Iβm Jihwan Yoon (blackcon), a solo offensive security researcher based in South Korea π°π·. I work across exploit development, reversing, and vulnerability research β with a focus on AI / LLM infrastructure, hypervisors, and the trust boundaries software relies on.
Background: BoB 3rd (Best of the Best) Β· Naver Cloud / NBP β see the full career timeline.
Focus areas
- AI / LLM security β LLM proxies, agents, and the Model Context Protocol (MCP)
- Virtualization β Hyper-V and VMware internals, hypercall fuzzing
- Exploitation & reversing β memory-corruption primitives, firmware, hardware
Selected research & disclosures
-
Claude Codeμ trust prompt μ°ν 3μ’
β HackerOne μ 보μ "intended behavior" μ’
κ²°
Three independent ways to bypass Claude Code's trust prompt for silent shell execution from a cloned repo β and why Anthropic closed all three as intended behavior.
-
LiteLLMμμ λ°κ²¬ν Jinja2 SSTI μ·¨μ½μ β Pwn2Own 2026 μΆμ μλμ silent fix λΆμ
A single unauthenticated request reached uid=0 on the LiteLLM proxy via Jinja2 SSTI β a critical RCE silently patched days before a planned Pwn2Own Berlin 2026 entry.
-
MCP 보μ μ·¨μ½μ , Advanced-Tool-Poison-Attack
Advanced Tool Poisoning hides malicious instructions in MCP tool outputs rather than descriptions, defeating defenses that only inspect tool metadata.
-
MCP 보μ μ·¨μ½μ , Tool-Poison-Attack
How Tool Poisoning hides malicious instructions inside MCP tool descriptions to manipulate the LLM that consumes them.
-
HVFUZZ
A Hyper-V hypercall fuzzer built on hAFL2 for hunting bugs in the Microsoft virtualization stack.
This list is generated automatically from posts tagged disclosure. More
projects and PoCs are on the Projects page.
Contact
- Email β 131ackcon@gmail.com
- GitHub β github.com/blackcon
- LinkedIn β in/blackcon
- X / Twitter β @jh_blank