Research Timeline

Microsoft

Microsoft Quarterly Leaderboard 2024

Back2Zero Team listed in the MSRC leaderboard.

June / Rome / RomHack

Universal Advanced Threats Detection

45-Minute Briefings: None-Rule threat detection model.

Dec / London / Black Hat

New Exploit Technique In Java Deserialization Attack

50-Minute Briefings.

Nov / Russia / ZeroNights

JDBC URI to RCE

From JDBC URI to a new remote code execution attack surface.

Nov / Tokyo / PacSec

Java Deserialization Attacks

Sharing best practices with leading Japanese researchers.

Nov / Seoul / POC

A Whole New Perspective In SSRF

MAKE IT GREAT AGAIN: Ignore most of SSRF defense solutions.

June / Microsoft

CVE-2019-1040 (Critical)

Windows NTLM Tampering Vulnerability.

June / Seoul / TyphoonCon

NTLM Relay Risk Is Coming

45-Minute Briefings. Technical offensive security conference.

May / Moscow / PHDays

A black hole in Java

1-hour Briefings. Valuable contribution to PHDays9.

Apr / Dubai / OPCDE

NTLM Relay Is Dead? NO.

50-Minute Briefings.

Mar / Vancouver / CanSecWest

From SSRF to RCE

40-Minute Briefings.

Jan / Oracle

CVE-2019-2426 (Critical)

Vulnerability in Oracle Java SE (Networking).

Nov / Seoul / POC

FROM SSRF TO RCE

45-Minute Briefings at POC 2018.