Research Index

Zero Day Engineering

Alisa
April 10th, 2025
Reverse Engineering, Firmware & Baseband

Slides: Black Hat Asia 2021 - Unveiling the Mysteries of Hexagon QDSP6 ISDB JTAG

On April 3rd, 2025, I had presented my work on reverse-engineering the hardware internals of Qualcomm Hexagon ISDB JTAG at Black Hat Asia 2025, Singapore. Hexagon is a tightly restricted proprietary architecture which doesn't permit low-level debugging – a challenge which I was tasked to conquer under a private commercial R&D contract.

Read more
Alisa
November 15th, 2024
Exploit Design, Browsers & JavaScript

Slides: VXCON2024 - Attacking v8 Zero to Exploit

On November 15th, 2024, I gave a workshop on browser exploitation at VXCON 2024 conference, Hong Kong. In this workshop I taught my full process of exploiting a non-trivial vulnerability in Google Chrome's v8 JavaScript engine, from zero-knowledge patch to novel exploit concept. The slide deck holds the skeleton of my methodology.

Read more
Alisa
November 16th, 2024
Leadership, AI Security

Keynote: Vulnerability Research in the Age of AI

On November 16th, 2024, I gave a keynote at VXCON 2024 conference, Hong Kong. I offered my insights on how AI is changing the art of vulnerability research.

Read more
Alisa
October 14th, 2024
Theoretical Research, Fuzzing

Discussion: Fuzzing from First Principles

On September 14, 2024, I had participated in the Off By One Security Podcast by SANS. I presented my Probabilistic Theory of Fuzzing there for the first time – and explained how practical low-level fuzzing works through it. In this follow-up article I release the slides of my podcast - while tackling selected questions and comments from the livestream chat that didn’t make it into the live Q&A.

Read more
Alisa
March 20th, 2024
Zero Day Engineering, Hypervisors & Virtualization

Pwn2Own 2021 Vancouver: My Solo Hypervisor Escape Breakthrough

In April 2021 I had participated in the Pwn2Own Vancouver competition as an independent solo entrant - and a female first. I successfully demonstrated a zero-day virtual machine escape against the Parallels hypervisor. This post documents the event, releases the exploit source code, and provides a full technical walkthrough video. But more importantly, it seals the historical record.

Read more
Alisa
December 25th, 2023
0-Day Insights, Browsers & JavaScript Engines

Google Chrome WebRTC 0-Day Vulnerability (CVE-2023-7024)

Quick analysis and research insights for the recently reported RCE vulnerability in Chromium WebRTC code and embedders.

Read more
Alisa
December 13th, 2023
0-Day Insights, Kernel

Deep Dive: Qualcomm MSM & ARM Mali Kernel 0-day Exploit Attacks of October 2023

I reverse engineered a bunch of recent zero-day bugs targeting Qualcomm Linux kernel & ARM Mali GPU. This technical deep-dive walks through the bugs after providing a background information on the target systems.

Read more
Alisa
November 30th, 2023
0-Day Insights, Browsers & JavaScript

Google Chrome Skia Vulnerability Insights (CVE-2023-6345)

I analyzed the security patches of a recently disclosed Chrome 0-day attack to derive additional information about the vulnerability, and clarify practical threat impact.

Read more
Alisa
December 29, 2021
Exploit Design, Browsers & JavaScript Engines

JavaScript Engines Exploitation: a Jscript9 Case Study

I wrote an exploit for a JavaScript JIT Type Confusion vulnerability in Jscript9.dll. This writeup covers my technique and releases the source code. The exploit technique that I show here is universal, and it continues to be popular in the browser exploitation field. My specific implementation includes a fully dynamic ASLR bypass, plus state-of-the-art process continuation to avoid crash.

Read more
Alisa
November 11, 2021
Zero Day Engineering, Hypervisors & Virtualization

Slides: Advanced Exploitation of Simple Bugs: a Parallels Desktop Case Study (Pwn2Own 2021)

At Pwn2Own Vancouver 2021 I have demonstrated an 0day VM escape exploit for Parallels Desktop hypervisor ($40,000 cash bounty). The exploit chain that I developed was based on logic issues. In this deep technical presentation I share the technical details of the exploit, as well as various preliminary and contextual knowledge related to it.

Read more
Alisa
May 13, 2021
Exploit Design, Hypervisors & Virtualization

From Binary Patch to Proof-of-concept: a VMware ESXi vmxnet3 Case Study (CVE-2018-6981)

I reverse engineered a complex binary patch for a bug in VMware ESXi. In this article I outline my methodology, which is universal and can be applied beyond hypervisors.

Read more
Alisa
April 23, 2021
Vulnerability Discovery, Hypervisors & Virtualization

Don't Share Your $HOME with Untrusted Guests

A story of a trivial *no-bug, by-design* guest-to-host VM escape on latest Parallels Desktop for Mac with bonus persistence, as enabled by the software vendor's product design decisions and certain properties of the Unix interactive shells.

Read more
Alisa
February 15, 2021
Vulnerability Discovery, Hypervisors & Virtualization

Microsoft Hyper-V Virtual Network Switch Out of Bounds Read

I found a security bug in Microsoft Hyper-V root partition kernel component ($15,000 cash bounty). This article analyzes the vulnerability.

Read more
Alisa
May 14, 2020
Reverse Engineering, Hypervisors & Virtualization

Hyper-V System Internals & Linux Integrations Services Drivers

I reverse engineered the core system internals of Microsoft Hyper-V hypercall interface by using the Linux Integration Services kernel drivers (LIS). This technical note documents my research output.

Read more
1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 • 0 • 1 •