About me

Alisa Esage (Алиса Шевченко) is a zero-day vulnerability researcher, reverse engineer specialized on deep system internals, all-spectre hacker, and a business woman. Alisa has discovered or researched zero-day security bugs in a wide variety of modern software systems, worked with Security Bounty programs of major software vendors (Microsoft, Google, Mozilla, Oracle, Schneider Electric; ZDI), won an international hacking competition "Critical Infrastructure Attack" ("Hack the smart city"), spoke at several security conferences, and wrote a Phrack article dedicated to exploitation of a remote code execution vulnerability and undocumented internals of a Microsoft software component. Currently her research interests lie in the space of hypervisors, firmware, low-level hacking, and novel hardware architectures. Alisa was featured in Forbes Russia as a young self-made entrepreneur in December 2015, and appeared in the Grazia UK magazine (1, 2) in January 2017. Alisa publishes part of her technical Research Notes: re.alisa.sh. Contacts: e-mail (PGP key) - twitter - instagram - github.

Personal Notes

In December 2016 both of my companies, Esage Lab and ZOR Security, were sanctioned by the government of the United States alongside with the GRU and the FSB. The incident was covered in several prominent media outlets: Forbes - NY Times - The Guardian - Daily Mail - Defense One - The Daily Beast - among others. Majority of those articles were based on speculations and twisted by their publishers for their own promotion, and I strongly do not recommend reading them. *** Esage Lab vs. ZOR Security: not the same. Esage Lab was designed as my personal learning playground to experiment with various business models and service offers, both within Russia and internationally. It was never officially incorporated, and served its purpose well. We have successfully executed many typical information security projects: from penetration testing to code auditing, black-box auditing, incident response, forensics and cyber criminal investigations, and were trusted by major Russian-international businesses (MTS, Tinkoff, Kaspersky Lab, Parallels, Acronis - among others). A couple of non-commercial projects were raised out of Esage Lab and became successful: notably, the first hackerspace in Russia (Neuronspace, Moscow - still operational), and a technical e-zine on computer security (NO BUNKUM - currently closed due to lack of funding). As opposed to Esage Lab, ZOR Security was officially incorporated within the Russian legal framework, based on a clear business model, and designed with the purpose of servicing R&D contracts with major business players within Russia. The two companies were distinct from the beginning: they had different purposes, different staff and and different legal status. Both companies received investment and acquisition offers from Russian and international investors. Both companies were closed in 2014-2015, because I was disappointed in information security business, and decided to focus on single-person research projects as a top-tier independent security researcher. Both companies are currently closed. I have no connections with any of my former employees or partners. I am not involved with the Neuron hackerspace since 2013. *** I am creating iBootcamp, a training course for beginners in iOS security research. Read the details and sign up.