About Me

Alisa Esage (Alisa Shevchenko) is a computer security researcher, hacker, and an entrepreneur. As a technical expert, she is specialized on target-invariant zero-day vulnerability discovery and exploit development, reverse engineering, and low-level system internals. Alisa has discovered numerous zero-day security bugs in a wide variety of modern software systems; worked with Security Bounty programs of major software vendors (Microsoft, Google, Mozilla, Oracle, Schneider Electric); won an international hacking competition "Critical Infrastructure Attack" ("Hack the smart city"); presented her work at several international security conferences; and wrote a Phrack article dedicated to exploitation of a remote code execution vulnerability and undocumented internals of a Microsoft software component. Alisa's vulnerability research interests currently lie in the space of hypervisors, firmware, low-level hacking, and novel hardware architectures. (More pointers in the Twitter collection: My work). As an entrepreneur, Alisa has been experimenting with various business and non-profit ventures since 2009, and created the first hackerspace in Russia. She was featured in Forbes Russia as a young self-made entrepreneur in December 2015, and appeared in the Grazia UK magazine (1, 2) in January 2017. Alisa publishes some of her technical Research Notes: re.alisa.sh.

Personal Notes

In December 2016 both of my companies, Esage Lab and ZOR Security, were sanctioned by the government of the United States alongside with the GRU and the FSB. The incident was covered in several prominent media outlets: Forbes - NY Times - The Guardian - Daily Mail - Defense One - The Daily Beast - among others. Majority of those articles were based on speculations and twisted by their publishers for their own promotion, and I hesitate to validate any of their assertions. *** If you want to learn from me -- not just the technical information about systems internals, but my personal methodology of vulnerability discovery and insights from experience -- iBootcamp Stage 0 training recording will be the best option for any forseeable future. *** I am never bored and looking for some interesting new projects. In case that your business is in direct contact with a superintelligent alien civilization, or just has a very special idea, do not hesitate to get in touch.


December 12-21, 2019. Training: iBootcamp Stage 0: Reconnaissance. - Details - Location: Online December 25 - January 05, 2020. New Year & Xmas gifts on iBootcamp Stage 0: Reconnaissance training recording. - Details - Location: Online 👉 you are here February 13-15, 2020. Invited Technical Talk at OffensiveCon: "nginx njs exploitation". - Details - Location: Berlin, Germany February 17-19, 2020. Training Class: "Hypervisor Internals for Vulnerability Researchers" - Details and registration - Location: Berlin, Germany


e-mail (PGP key) - twitter - instagram - github. Mail list: club.alisa.sh.