Eunkyu Lee

Eunkyu Lee

Ph.D @ KAIST | Security Researcher

Publications

  1. Takedown: How It’s Done in Modern Coding Agent Exploits
    • Eunkyu Lee*, Donghyeon Kim*, Wonyoung Kim, Insu Yun (Arxiv)
  2. RTCON: Context-Adaptive Function-Level Fuzzing for RTOS Kernels
    • Eunkyu Lee, Junyoung Park, Insu Yun (NDSS ‘26)
  3. DoLTEst: In-depth Downlink Negative Testing Framework for LTE Devices
    • CheolJun Park, Sangwook Bae, BeomSeok Oh, Jiho Lee, Eunkyu Lee, Insu Yun, and Yongdae Kim (USENIX Security ‘22)
  4. Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane
    • Hongil Kim, Jiho Lee, Eunkyu Lee, and Yongdae Kim (IEEE S&P ‘19)
  5. Pay As You Want: Bypassing Charging System in Operational Cellular Networks
    • Hyunwook Hong, Hongil Kim, Byeongdo Hong, Dongkwan Kim, Hyunwoo Choi, Eunkyu Lee and Yongdae Kim (WISA ‘16)

Invited Talks

  1. Function-Level Fuzzing for RTOS Kernels with RTCon (ICST 2026 Tutorial)

Education

  • KAIST, Ph.D. of Electrical Engineering, Advisor: Insu Yun (Aug 2023 -)
  • KAIST, Master of Electrical Engineering, Advisor: Yongdae Kim (March 2017 - Feb 2019)
  • KAIST, Bachelor of Electrical Engineering, Advisor: Yongdae Kim (March 2013 - Feb 2017)

Experience

  • Security Researcher, Ministry of National Defense, Republic of Korea (Feb 2019 - Aug 2023)

Skills

  • Embedded System Security: Vulnerability detection in various embedded systems and firmwares. Analyzing RTOS kernels based on static and dynamic analysis (skilled in rehosting/emulation using QEMU).
  • LLM Security: Vulnerability detection using an autonomous agentic system. Interested in building an agentic system.
  • Mobile Network Security: Finding vulnerabilities in cellular modems. Implementing an automated LTE protocol testing tool with SDR.

Reported Bugs

RTOS

  • Zephyr project (CVE-2024-5931, CVE-2024-6135, CVE-2024-6137, CVE-2024-8798, CVE-2024-6442, CVE-2024-6258, CVE-2024-6444, CVE-2024-6259, CVE-2024-6443)
  • RIOT project (CVE-2024-51569, CVE-2024-52802)
  • ThreadX project (CVE-2025-55087, CVE-2025-55085, CVE-2025-55086)

Mobile

  • Qualcomm Bug Bounty $15,000 (CVE-2019-2289)

Awards

  • Conference on Information Security and Cryptography-Winter 2025 Excellence Prize
  • Cyber Threat Scenario Contest 2025 Excellence Prize (₩ 3,000,000)
  • Cyber Security Paper Contest 2025 Excellence Prize (₩ 2,000,000)
  • Best Teaching Assistant Award 2024
  • Conference on Information Security and Cryptography-Winter 2018 Excellence Prize

Patents

  • Insu Yun, Eunkyu Lee, Junyoung Park. Fuzzing-Based Vulnerability Detection Method. KR 10-2025-016972
  • Yongdae Kim, Hongil Kim, Jiho Lee, and Eunkyu Lee. Dynamic Security Analysis Method for Control Plane and System Therefore. US16716055.
  • Yongdae Kim, Hongil Kim, Jiho Lee, and Eunkyu Lee. Dynamic Security Analysis Method for Control Plane and System Therefore. KR 10-2215706-0000.