Also, I have completed some researching work on:
- Permutation Oriented Programming – a completely different and powerful approach to research and analyze vulnerabilities and which can be applied to both offensive and defensive approach.
- SQL Fingerprint powered by ENG++ Technology – a tool designed to perform version fingerprinting for Microsoft SQL Server 2000, 2005, 2008, 2008 R2 and 2012, as well as capable to describe the patch-level for them.
- T50: an Experimental Mixed Packet Injector – a tool designed to perform stress testing on a variety of infrastructure network devices, covering some regular protocols (ICMP, IGMP, TCP and UDP), some infrastructure specific protocols (GRE, IPSec and RSVP) and some routing protocols (RIP, EIGRP and OSPF).
- Inception: Client-side vulnerability under the microscope – a deep dive experience on a reverse engineering for a client-side vulnerability, showing a full process to start a vulnerability dissection, which resulted in a change of CVE-2008-4844.
As a sought-after speaker, I have presented to industry professionals at conferences, such as:
- IME Cryptology Week (2000/2001)
- CNASI (2000/2004/2005)
- Security Week (2002)
- Gartner (2002)
- CONIP (2004)
- SERPRO/TIC (2006)
- ITA SSI (2006)
- H2HC (2006/2009/2010/2011/2015)
- FEBRABAN CIAB Workshop (2009)
- PH-Neutral (2011)
- BSidesSaoPaulo (2012)
- Silver Bullet (2012)
- YSTS (2013)
- BSidesLatam (2016)