Pinned
Understand Assembly low-level programming in 22 minutes youtu.be/DWkImpawzhc
I remember how it clicked for me. This video shows what I saw, illustrated with examples from all the mainstream CPU architectures
Alisa Esage Шевченко
5,394 posts
Alisa Esage Шевченко
@alisaesage
Independent hacker and researcher, owner of Zero Day Engineering @zerodayalpha
- Official: I won Pwn2Own competition in the Virtualisation category. It’s an essential milestone in a professional hacker’s career, and a major goal personally. I am super hyped! And relieved Details of the exploit that I developed are now under embargo of responsible disclosure
- Just gave a new life to my 11-year old vintage MacBook Pro! Not many people realise that battery aging is no.1 reason of dying older laptops. And it’s easy to replace Thread with my tips
- Not bad for the first girl at Pwn2Own
- Releasing full 2+hr video of my browser exploitation workshop from VXCON 2024: youtube.com/live/b9OhamkAY… In which I show what goes inside the mind of a skilled hacker while exploiting a highly non-trivial vulnerability in v8, from zero to exploit concept. Especially this workflow
- It took 3 years but finally I feel ready to release my Pwn2Own 2021 exploit code. 💖 Video talk covers my full research workflow, from attack surface modeling and reverse engineering, to vulnerability discovery and systematic exploit engineering, enjoy! #Pwn2OwnRelease: VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021) zerodayengineering.com/research/pwn2o… A virtual machine escape exploit will typically require kernel privileges in the guest OS. In this exploit I chose to offload the reverse-engineered toolgate protocol
- While my Pwn2Own exploit is in the patching, I wanted to share a trivial *no-bug, by-design* full VM escape with persistence PoC for latest Parallels Desktop on Intel and M1. I hope it will wake up a person or two Writeup: zerodayengineering.com/blog/dont-shar… Code: github.com/badd1e/Proof-o…
- I’m thinking about it. “Zero Day Engineering for beginners” training
- Replying to @alisaesageRemote code execution vulnerability in most recent versions of the nginx web server. Pending responsible disclosure via Zero Day Initiative and the nginx team
- Slides: "Hypervisor Vulnerability Research: State of the Art" (with a deep focus on Hyper-V & ESXi) alisa.sh/slides/Hypervi…
- I invested two decades of life into reverse-engineering and hacking man-made systems down to bits. Today I can pwn anything that has software in it, in a predictable time. It’s not a challenge anymore… What if you apply those skills to the most fundamental of God-made systems?
- Nice little-known writeup on WhatsApp exploitation: awakened1712.github.io/hacking/hackin… < technically interesting for more than one reason
