Research

Zero Day Engineering

Alisa
October 14th, 2024
Abstract Modeling, Fuzzing

Discussion: Fuzzing from First Principles

On September 14, 2024, I had the pleasure of participating in the Off By One Security Podcast by SANS, discussing "Fuzzing from First Principles". In this follow-up article, I’ll tackle some interesting questions and comments from the livestream chat that didn’t make it into the live Q&A due to time constraints.


Read more
Alisa
March 20th, 2024
Vulnerability Modeling, Exploit Design

Architecting Exploits: The VM Escape That Split the Field

In April 2021, I participated in the Pwn2Own Vancouver competition as an independent solo entrant and successfully demonstrated a zero-day virtual machine escape against the Parallels hypervisor. This post documents the event, releases the exploit source code, and provides a full technical walkthrough video. But more importantly, it seals the historical record.

Read more
Alisa
December 25th, 2023
0-Day Insights

Google Chrome WebRTC 0-Day Vulnerability (CVE-2023-7024)

Quick analysis and research insights for the recently reported RCE vulnerability in Chromium WebRTC code and embedders.


Read more
Alisa
December 13th, 2023
0-Day Insights

Deep Dive: Qualcomm MSM & ARM Mali Kernel 0-day Exploit Attacks of October 2023

This deep technical note briefly covers five kernel vulnerabilities in Qualcomm chipsets & ARM Mali GPU, which landed on CISA Known Exploited Vulnerabilities Catalog between October and December 2023.


Read more
Alisa
November 30th, 2023
0-Day Insights

Google Chrome Skia Vulnerability Insights (CVE-2023-6345)

We analyzed the security patches of a recently disclosed Chrome 0-day attack to derive additional information about the vulnerability, and clarify practical threat impact.


Read more
Alisa
December 29, 2021
Exploit Design

JavaScript Engines Exploitation: a Jscript9 Case Study

A brief writeup for the exploit that I wrote for a JavaScript JIT Type Confusion vulnerability in Jscript9.dll (2017). In the exploit I show one classical technique of JavaScript engines exploitation with a fully dynamic ASLR bypass, plus state-of-the-art process continuation to avoid crash. Full exploit code is included.


Read more
Alisa
November 11, 2021
Vulnerability Modeling, Exploit Design

Advanced Exploitation of Simple Bugs: a Parallels Desktop Case Study (Pwn2Own 2021)

At Pwn2Own Vancouver 2021 I have demonstrated an 0day VM escape exploit for Parallels Desktop hypervisor. The exploit chain that I developed was based on logic issues. In this deep technical presentation I share the technical details of the exploit, as well as various preliminary and contextual knowledge related to it. (Slides)


Read more
Alisa
May 13, 2021
Vulnerability Modeling

From Binary Patch to Proof-of-concept: a VMware ESXi vmxnet3 Case Study

How to recover a complex vulnerability details from a binary security patch and create a proof of concept. A case study of VMware ESXi vmxnet3 Uninitialized Variable (CVE-2018-6981).


Read more
Alisa
April 23, 2021
Vulnerability Modeling

Don't Share Your $HOME with Untrusted Guests

A story of a trivial *no-bug, by-design* guest-to-host VM escape on latest Parallels Desktop for Mac with bonus persistence, as enabled by the software vendor's product design decisions and certain properties of the Unix interactive shells.


Read more
Alisa
February 15, 2021
Vulnerability Modeling

Microsoft Hyper-V Virtual Network Switch Out of Bounds Read

Deep technical analysis of a security bug in Microsoft Hyper-V root partition kernel component, discovered by me.


Read more
Alisa
May 14, 2020
Reverse Engineering

Hyper-V System Internals & Linux Integrations Services Drivers

This research note documents some core internals of Microsoft Hyper-V through the implementation perspective of the official Hyper-V paravirtualization drivers package for Linux virtual machines: the LIS.


Read more
1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 •