Reviews & feedback

"I just finished the last section of the course material. Summing it up, I think the course is just awesome. The provided information is very recent (which is even more impressive taking into account the recordings are from last year). The course is structured very well and important aspects are accentuated and repeated in a very clear language. I learned a lot and will definitely consider to participate in another course from you in the future. Would it be possible to get a certificate of completion with my name on it? (I need this for my employer to refund me the course payment) Thanks for sharing this impressive research and offering such a comprehensive course!"

πŸ’› Stefan Schiller, Took the Self-paced "Hypervisor Vulnerability Research" training. Here is another review from Stefan.

"The course was great and inspiring. I really enjoyed it and could follow along with the walk throughs, very well given my background in embedded C programming. Thank you for this course. I work as a systems software engineer at a renown company and have had imposter syndrome when it comes to finding bugs. I'm great at finding bugs in our code, but they are never security exploitable bugs :). Alisa has inspired me and gave me the confidence that I can find security bugs with the same dedication and time I have put into studying computer science and having a hobby in cyber security starting at age 14 :)."

πŸ’› Cameron O’Neal, Systems Software Engineer V, Hewlett Packard Enterprise. Student of VULNDEV102 mini-classes.

"The class was the best I attended in a long time. After completing advanced courses by big institutions I was afraid that at a certain level of specialization there were no good trainings anymore, but I was wrong! It was easy to understand and very broad, so I can’t wait to start diving into vbox code and write a hyper-v fuzzer to apply my new knowledge."

πŸ’› Savino Jossi, Security Researcher. Attended "Hypervisor Security Nightly" mini-classes. Another review from Savino.

"I cannot recommend Alisa Esage enough. Training is often confused with "conveying information", while "pushing boundaries" requires being enlightened and inspired. Alisa is among the few that knows the difference and can do it. Don't miss it."

πŸ’› Cristofaro Mune, Founder at Raelize! Attended iBootcamp trainings.

"The Hypervisor Exploitation One training by Alisa Esage (ZDE note: synonym for "Hypervisor Vulnerability Research" training) was simply incredible. Alisa is a great teacher with a lot of experience in the Vuln research field. The Training contains practical exercises, it provides the knowledge you'll need for starting a Hypervisor vuln research!"

πŸ’› Peleg Hadar, Security Researcher, Forbes 30 under 30. Attended the "Hypervisor Vulnerability Research" training.

"What a blast! Just finished Alisa Esage 3 days deep technical Hypervisor Vulnerability Research course. Incredible and well designed with high quality materials. Thanks for everything! Now, off to look at some VMM code \o/"

πŸ’› Gal Z, Security Researcher. Attended the "Hypervisor Vulnerability Research" training.

"[The training] Puts you on the right direction & gives you the right kick. Not only the content is GREAT, the teaching approach and follow up are remarkable! Definitely the place you want to look at if you are or want to get into smashing hypervisors"

πŸ’› Urk3L, Security Researcher. Attended the "Hypervisor Vulnerability Research" training.

"Alisa's training completely changed my mindset and the way I was looking at hypervisors. I highly recommend the Advanced Hypervisor Exploitation training. Actually, if you're interested in hypervisors it's mandatory."

πŸ’› Rui Reis, Security Researcher. Attended the "Hypervisor Vulnerability Research" training, VULNDEV102 mini-classes and "Hypervisor Security Nightly" mini-classes.

Private anonimized feedback

"It was empowering. Not only did I feel like I learned an enormous amount, but by the end I felt confident I knew how to start looking for real vulnerabilities in virtualization systems."

"I had an amazing time in the training. I feel like a lot of the knowledge I had was clarified in the training and is now more organized. Of course I also learned a lot of new stuff and it was really interesting and useful."

"It is a well written training, both the materials/slides and exercises are all well designed. I also really appreciated the knowledge you showed in the training, it is clear you have a lot of experience in hypervisor research and it was great to learn from you."

"I feel like the fact that a big part of the training was to show how to research and explain your methodology was really good, it was useful to learn how to approach a problems/research objective when it comes to different attack vectors."

"I really like the more technical parts – e.g. different IO options, how hardware virtualization works, OS ABC, MMU virtualization, I found them more interesting than the specifics of a certain hypervisor. Also liked the part where you compare different vulnerability types, and how the type recent vulnerabilities indicate the kind of scrutiny a project has seen."

"[I learned that] finding bugs in virtualization systems is achievable. Before doing this course hypervisor exploitation seemed like an unknowable thing that was just "too hard". I don't have anyone in my professional network or friend groups that knows anything about it, and information online is scarce. Learning from your course, and especially performing the exercises, has given me the confidence to dive in and start looking for bugs."

"The processes and workflows that you demonstrated. Particularly during your walkthroughs of the exercises, it was incredibly valuable to see and hear your own methodology for completing each example. The exercises themselves where also a fantastic learning tool."

"Here is what I loved about the whole thing:
* Well organized content, with a good order of things.
* A decent balance of theory and hands-on (I'm probably biased to hands-on).
* Pomodoro, time boxing, neural net.. liked the meta-learning touch there.
* Discussions on threat models, vuln discovery strategies, potential fuzzing designs."

"Loved the 25 minutes exercises, really intense and gets you involved."

Shoutouts on Twitter