Английская Википедия:Alisa Esage

Шаблон:Short description Шаблон:Multiple issues Шаблон:Use dmy dates Шаблон:Infobox person Alisa Shevchenko (Шаблон:Lang-ru), professionally known as Alisa Esage, is a Russian-born computer security researcher, entrepreneur and hacker with Ukrainian roots.^[1] She is known for working independently with dominant software corporations such as Google and Microsoft to find and exploit security weaknesses in their products; being the first female participant in Pwn2Own, the world's premiere professional hacking competition with significant cash prizes; and being accused by the government of the United States of hacking the presidential elections in 2016.

Alisa Esage is the owner of Zero Day Engineering, an expert firm offering specialized training and consulting in software vulnerability research.

Biography

A self-described "offensive security researcher," a 2014 profile in Forbes says of Esage: "she was more drawn to hacking than programming."^[2][3] After dropping out of university she worked as a malware analysis expert for Kaspersky Labs for five years. In 2009, she founded the company Esage Labs, later known as ZOR Security (the Russian acronym stands for Цифровое Оружие и Защита, "Digital Weapons and Defense.")

Esage's company ZOR Security was placed on a list of US sanctioned entities after being accused of "helping Vladimir Putin bid to swing the [2016] election for Trump". Regarding White House accusations, Esage stated that authorities either misinterpreted facts or were deceived.^[4] To this day, U.S. officials have not said why they believe Esage worked with the GRU's hackers, or what she allegedly gave them.^[5]

In early 2021, Esage announced^[6] the Zero Day Engineering project, specialized on professional training, research intelligence, and consulting in the area of advanced computer security and vulnerability research.

Esage has won several international advanced hacking competitions, spoke at multiple international security conferences, and published technical articles in top-tier technical magazines.

Achievements

In 2014 Esage took the first place in the PHDays IV "Critical Infrastructure Attack" contest (alternative name: "Hack the Smart City"), successfully hacking a mock-up smart city and detecting several zero-day vulnerabilities in Indusoft Web Studio 7.1 by Schneider Electric.^[7][8]

In 2014-2018 Esage was credited for discovering of multiple zero-day security vulnerabilities in popular software products from tech giants such as Microsoft,^[9] Firefox,^[10] and Google.^[11] Part of those vulnerabilities were responsively disclosed via the Zero Day Initiative (ZDI) security bounty program,^[12] previously owned by U.S. tech giant HP, and credited under various pseudonyms.^[13]

Esage has presented her research at multiple international security conferences: RECON, Positive Hack Days,^[14] Zero Nights,^[15] POC x Zer0con,^[16] Chaos Communications Congress.^[17]

Her work has been featured in various professional security industry publications such as Virus Bulletin, Secure List, and Phrack Magazine.Шаблон:Cn

Pwn2Own

On 8 April 2021 Esage was the first woman to win in the Pwn2Own, the advanced hacking competition running since 2007.^[18] As part of her competition entry at Pwn2Own Vancouver 2021 Esage targeted Parallels Desktop for Mac version 16.1.3 with a zero day exploit developed by herself, and was able to demonstrate a guest-to-host virtual machine escape with arbitrary code execution on MacOS, on a fully patched system.^[19] The entry was declared a partial win by the contest due to the fact that the targeted software vendor knew internally about the zero day bug that was leveraged in Esage's exploit.

Controversy

The "partial win" naming of Esage's Pwn2Own Vancouver 2021 exploit by the organizers raised controversy in the global information security community, with commenters on Twitter demanding that the rules of the competition be changed so that the attempt could be declared a complete win.^[20]Шаблон:Cn According to Pwn2Own rules of 2021,^[21] a successful contest entry may be disqualified or downgraded in the competition charts if the targeted software vendor was internally aware of the respective vulnerability (while still unpatched) on the day of the contest. Esage's participation attracted attention to that point of the rules, with numerous arguments tweeted by prominent figures of the computer security community to support a change of rules.^[22]

Esage's status as the first woman in Pwn2Own history was also questioned, although to a lesser extent. While the competition livestream recording^[23] is clear on that point, with the narrator saying at 05:08 "Alisa is our first ever female participant", and the Pwn2Own founder chiming in on Twitter,^[24] the official contest tweet came with a side note: "the first female participating as an individual". This is likely because a team participant in Pwn2Own 2018 of the Ret2 Systems team^[25] changed their name and gender identity in the later years.Шаблон:Cn Fact-wise, public record of Pwn2Own competitions in the official blog posts^[26] and livestream recordings^[27] holds no mentions of female participation prior to Esage's 2021 entry.

Motivation and personality

Esage quotes her father as being the main inspiration to her choice of occupation and career: "He taught me to solder when I was 5 years old, I think. So I started reading books about computers and programming in early school and taught myself to code in C++ and x86 assembly language as soon as I got a PC at age 15."^[28]

On her participation in the Pwn2Own competition: "It’s an essential milestone in a professional hacker’s career, and a major goal personally. I am super hyped! And relieved"^[29]

Publications and exploits

• Шаблон:Cite journal
• Шаблон:Cite web
• Шаблон:Cite web
• Шаблон:Cite news
• Шаблон:Cite web
• "Fuzzing everything in 2014 for 0-day vulnerability disclosure". Virus Bulletin, 2014.
• "On cyber investigations. Case study: a money transfer system robbery". Virus Bulletin, 2014.
• Шаблон:Cite web
• Шаблон:Cite web
• badd1e on GitHub.

References

Шаблон:Reflist

Шаблон:Authority control

External links

• Alisa Esage on Twitter
• Zero Day Engineering training by Alisa Esage

Партнерские ресурсы
Криптовалюты	Обмен криптовалют - www.bestchange.ru Криптовалютная биржа CoinEx Криптовалютная биржа Binance HIVE OS - операционная система для майнинга e4pool - Мультивалютный пул для майнинга.
Магазины	AliExpress — глобальная виртуальная (в Интернете) торговая площадка, предоставляющая возможность покупать товары производителей из КНР; computeruniverse.net - Интернет-магазин компьютеров(Промо код 5 Евро на первую покупку:FWWC3ZKQ);
Хостинг	DigitalOcean - американский провайдер облачных инфраструктур, с главным офисом в Нью-Йорке и с центрами обработки данных по всему миру;
Разное	Викиум - Онлайн-тренажер для мозга Like Центр - Центр поддержки и развития предпринимательства. Gamersbay - лучший магазин по бустингу для World of Warcraft. Ноотропы OmniMind N°1 - Усиливает мозговую активность. Повышает мотивацию. Улучшает память. Санкт-Петербургская школа телевидения - это федеральная сеть образовательных центров, которая имеет филиалы в 37 городах России. Lingualeo.com — интерактивный онлайн-сервис для изучения и практики английского языка в увлекательной игровой форме. Junyschool (Джунискул) – международная школа программирования и дизайна для детей и подростков от 5 до 17 лет, где ученики осваивают компьютерную грамотность, развивают алгоритмическое и креативное мышление, изучают основы программирования и компьютерной графики, создают собственные проекты: игры, сайты, программы, приложения, анимации, 3D-модели, монтируют видео. Умназия - Интерактивные онлайн-курсы и тренажеры для развития мышления детей 6-13 лет SkillBox - это один из лидеров российского рынка онлайн-образования. Среди партнеров Skillbox ведущий разработчик сервисного дизайна AIC, медиа-компания Yoola, первое и самое крупное русскоязычное аналитическое агентство Tagline, онлайн-школа дизайна и иллюстрации Bang! Bang! Education, оператор PR-рынка PACO, студия рисования Draw&Go, агентство performance-маркетинга Ingate, scrum-студия Sibirix, имидж-лаборатория Персона. «Нетология» — это университет по подготовке и дополнительному обучению специалистов в области интернет-маркетинга, управления проектами и продуктами, дизайна, Data Science и разработки. В рамках Нетологии студенты получают ценные теоретические знания от лучших экспертов Рунета, выполняют практические задания на отработку полученных навыков, общаются с экспертами и единомышленниками. Познакомиться со всеми продуктами подробнее можно на сайте https://netology.ru, линейка курсов и профессий постоянно обновляется. StudyBay Brazil – это онлайн биржа для португалоговорящих студентов и авторов! Студент получает уникальную работу любого уровня сложности и больше свободного времени, в то время как у автора появляется дополнительный заработок и бесценный опыт. Автор24 — самая большая в России площадка по написанию учебных работ: контрольные и курсовые работы, дипломы, рефераты, решение задач, отчеты по практике, а так же любой другой вид работы. Сервис сотрудничает с более 70 000 авторов. Более 1 000 000 работ уже выполнено. StudyBay – это онлайн биржа для англоязычных студентов и авторов! Студент получает уникальную работу любого уровня сложности и больше свободного времени, в то время как у автора появляется дополнительный заработок и бесценный опыт.