Reviews & Buzz
Giovanna Chädid
I just finished the "Masterclass: Hacking open source fuzzers for smarter bughunting" from @zerodaytraining @alisaesage As a Hacker and Vuln Re, I've been craving for practical insights in fuzzing, Alisa delivers just that. Her master hands-on approach coupled with a focus on real-world fuzzing techniques, sets this course apart. + What I loved: No Fluff. Alisa dives straight into the training material. No time wasted on just theory. Def not for beginner's 2. Fuzzer afl, WinAFL, libfuzzer you name it, she covers it. 3. Code Coverage. Alisa demystifies code coverage and shows how to wield it effectively. + In summary, Alisa's masterclass is like a turbo boost for the bug-hunting journey. Highly recommend training. Alisa's work can be explored further on https://t.co/PvYsa9ZyGP My fav part that I wish I could take at some point : https://t.co/oxKQbp52iV +
280652🌸
Great learning from @alisaesage and @zerodaytraining . "Masterclass: Hacking open source fuzzers for smarter bughunting" covers different fuzzers as well as explaing code coverage in a hands-on mannner. Thank you very much for your exceptionally high quality course, I learned a… https://t.co/5zGbz6m76W
random_user_2039
I had the chance to attend the "Masterclass: Hacking open source fuzzers for smarter bughunting" by @alisaesage An amazing class, giving different perspective and insights on fuzzing! As I have attended other fuzzing classes, getting a perspective from each person is for me the most valuable piece. Not only knowing how to use a tool, but also why, when and understanding the thought process @zerodaytraining is on its own an amazing resource as well, covering other aspects of binary analysis. The "0-day insights" are pure gold, research at the highest level. *** What a great way to start the year 🎉 Thrilled with almost completing the Hypervisor Vulnerability Research course by @zerodaytraining! Comprehensive content, engaging exercises, and expert insights by @alisaesage 💯 recommended!
Darren Clark
Had the pleasure of limited access to a course on Hacking open source fuzzers for smarter bug hunting by @alisaesage over the weekend, which is available for purchase on the @zerodaytraining website. 1/2 I would highly recommend looking around the available courses and bug write-ups on the @zerodaytraining website, it’s a goldmine of information. A personal favourite page is https://t.co/MvKkhdAipV which covers exploitation of simple bugs in Parallels 2/2
Rudy
Had the opportunity to learn from @alisaesage on “Hacking Open Source Fuzzers”. Since I’m a beginner to fuzzing, this course was really helpful to deep dive in modern fuzzing techniques. The course starts by give an intro to fuzzer components and then ramps up by looking under the hood of most commonly used fuzzer. I’d surely would like to revisit this course over time since it’s packed with information. In the future, I’d love to try https://t.co/wiq2B3D1HU @zerodaytraining
Seb
@alisaesage Really enjoyed the approach, the content and the way HVR course was design, looking forward to know how this new topic is addressed!
FraggleRock
I've done a lot of trainings in the last 3-5 years but today I was blown away by the content and instructions from @alisaesage. Would highly recommend signing up for her training. Keep your eyes on this site: https://t.co/U0N8E3wjkd
KG
@alisaesage I'm taking other classes of yours. I'd gotta say your approach is super methodical, and provides a unique perspective over other trainings I took. So I'd love to know how you approach fuzzing as well. Please count me in!
Korben Dallas Multi-pass 🌻
Taking the @alisaesage Hypervisor vuln class. Super awesome! Tons of great info. An hour or so in and we're already digging into code. 10/10 would def recommend.
Tyson Benson
Huge shout out to @alisaesage - hands down one of the best instructors in the cybersecurity world! Just took JavaScript Engines Internals and very technical subject matter broken into manageable pieces to allow a deep grasp of the subject matter. Truly appreciated the mix of… https://t.co/6nwlLPVxgb
scryh
Just finished the @zerodaytraining hypervisor vulnerability research offline course by @alisaesage. Impressive research bundled into very well structured lessons, which are communicated in a clear and comprehensible way. Learned a lot. Thank you very much! https://t.co/iW3UAGBtUq
Serenus Z317
I have been learning about vulnerability research from @zerodaytraining by @alisaesage, and it’s really good. The training instills the right mindset and sets you on the right path. The instructor shares her experience, methodology, and you’ll practice enough to progress after… https://t.co/JPYdAj5NHK *** I just finished the ‘Masterclass: Hacking Open Source Fuzzers for Smarter Bug Hunting’ from @zerodaytraining. Four hours very well spent. This is the second course I’ve taken, and once again, the instructor is exceptional. Thank you very much to @alisaesage. Highly recommended. *** @alisaesage I have already completed the Zero Day Vulnerability Research training. It was a really useful experience. Fuzzers might not be directly within my field, but I think it would be a valuable experience and perhaps an opportunity to reconsider my future career path. Thanks.
Alexandros Andreou
This was a very informative course on javascript engines and specifically v8 internals from @alisaesage. I would highly recommend it if you need to get up to speed quickly. Great instructor as well. https://t.co/y4zJPnJuen
Jacolon Walker
Big thanks to @alisaesage and @zerodaytraining for their top-notch training content! Just wrapped up a refreshing course with promising results - from bug discovery to exploitable vulnerability in just 9 days. Dive into my chronicle here: https://t.co/PCfqzCLs6B
Rich Surf
Just completed a 4-hour premium Fuzzing course (https://t.co/dxtWFYzbBL) with #ZeroDayEngineering by @AlisaEsage. The depth of knowledge and hands-on approach was unparalleled. Highly recommend to anyone looking to up their cybersecurity game.🚀 #CyberSecurity #Fuzzing *** Zero Day Engineering Uni course – it's an absolute game-changer🔥 I'm currently learning the course material, and I can't believe the insights I've gained already. This investment is easily one of the best decisions I've made for my VR career. @zerodaytraining @alisaesage
dplastico (pwn)
I finally had the time to go through the "Hypervisor Vulnerability Research" course from @zerodaytraining, which is impressive. What makes the course great is the insane knowledge from @alisaesage on the subject and the HQ exercises. IMO a great way to start with hypervisor vulns
Daniele D'Agnelli
@alisaesage The quality of your training is truly outstanding, I enjoyed every bit of it.
Mario (마리오) Romero
(1/3) The last few months I have been enjoying and learning about vulnerability research from one of the best trainings available today. The 4-day Zero Day Vulnerability Research course from @zerodaytraining by @alisaesage is not only exceptional on a technical level, (2/3) but it also teaches you a methodology to follow, and personally, what for me is most valuable and concentrates Alisa's years of experience and knowledge: it introduces you to the mindset necessary for your vulnerability research to be successful. (3/3) I am already applying the knowledge I have acquired and I am eager to continue learning from her. I'm sure I'll be taking some more of her courses. For now, I will enjoy the course for the second time. Don't miss the opportunity to do it: https://t.co/MrzAWf4z6x
H
Finally managed to find some time to commit to the Zero Day Vulnerability Research course! Loving the organized and systematic approach. Kudos to the impressive research and theoretical insights from @zerodaytraining .
soaphorn seuo
I just finished the "Masterclass: Hacking open source fuzzers for smarter bughunting" from @zerodaytraining by @alisaesage. I took around 4 hours to complete this course, unlike other courses which focus on basic fuzzing, this course is really comprehensive. It is not for beginners levels, it is for intermediate. The masterclass are focus on AFL and WinAFL since it is a gold standard for industry. Alisa explains about Old Fuzzing and New Schools Fuzzing (Coverage Guide Fuzzing) and Anatomy of Fuzzer. She summarizes a lot of things in this Masterclass. The most part of the video which I love is going through code reviews of each function in Fuzzer. I would like to recommend this course to anyone who is interested in fuzzing, especially who want to modify Open Source Fuzzer to work with their target software. She is a great talent hacker, who likes to break things and share knowledge with the community.
Ankit Pandey
Does not feel like a regular Saturday when you get a seat in @zerodaytraining’s Hypervisor Threat Research class. One of the best infosec Twitter days for me. Managed to find a seat in @alisaesage’s ‘Hypervisor Security Research 101’ training.
Josh Pitts
The JavaScript Engines for Hackers by @zerodaytraining was great. Shortened the time to get familiar with V8. Thx @alisaesage!
Luan de Mattos
I just finished the masterclass Hacking Open Source Fuzzers for Smarter Bug Hunting from @zerodaytraining and learned a lot. It was my first real contact with fuzzing and despite it was not a "Fuzzing 101" type training, I understood all the teachings, kudos to @alisaesage,… https://t.co/eMPL5yPvzq
Jon
@alisaesage thank you for setting up that mini-class! It was pretty great :)
M
@alisaesage created one of the best starting point for an offensive V8 journey @zerodaytraining https://t.co/E8C1ney6AT In few hours you acquire the right know-how to put your hands on V8
hackoflpf
@alisaesage @zerodaytraining The course is really nice and i have learned a lot,thanks a lot.https://t.co/sEuNEoO6aQ
Bjoern Kerler
@alisaesage 1) Although the hypervisor miniclass ended abruptly, I'd like to say thanks for the good basic overview and introduction into the hypervisor landscape. Some questions given were irritating/personal and not topic related, but Alisa handled them all professional. 2) I can highly recommend her training for starters into hypervisor vuln research. Thanks for the invitation, Alisa ;) Looking forward to more pwning from your side. If you have a chance, take her classes.
aleph0
@zerodaytraining Completely agree with this take. I took the sel-paced and currently Im doing a second run while saving for the hypervisor exploit dev training too :) *** I want to take this class, and encourage you to take it because as a former student for the "Hypervisors Vulnerability research" training I can tell Alisa is an expert delivering top technical content and I have no doubts this class will be of the same superior quality. https://t.co/IPitvJ1wpY
Almighty
I just wrapped up the 4-hour "Masterclass: Hacking Open Source Fuzzers for Smarter Bughunting" from @zerodaytraining. This course goes into AFL and WinAFL, exploring fuzzer anatomy, theory, and customization. You’ll learn how to pick the right fuzzer, tweak it for specific goals,… https://t.co/FRNrSXwkOB
Ophir Harpaz 🎗️
As a closing ceremony to @alisaesage's superb Hypervisor Exploitation training, I decided to watch this talk by @long123king & Shawn Denbow. I REALLY enjoyed it! (plus I understood ~95% of a talk about hypervisor fuzzing, am I cool or what? don't answer) https://t.co/DHYFeLieeR
Gal Z
What a blast! Just finished @alisaesage 3 days deep technical Hypervisor Vulnerability Research course. Incredible and well designed with high quality materials. Thanks for everything! Now, off to look at some VMM code \o/
Peleg Hadar
The Hypervisor Exploitation One training by @alisaesage was simply incredible. Alisa is a great teacher with a lot of experience in the Vuln research field. The Training contains practical exercises, it provides the knowledge you'll need for starting a Hypervisor vuln research!
jsnv
I just finished my first round of Zero Day Vulnerability Research training https://t.co/B2nAFXysp3 from @zerodaytraining. It is exceptional for its beginner-friendly approach, comprehensive and easy-to-digest structure, and practical application of concepts. It provides valuable insights into vulnerability research, foundational theory, and skills necessary for further specialization. From day one, the training sets a solid foundation by introducing abstract models, essential theories, and the mindset required to become an effective zero-day engineer. One of the key strengths of this course is its structure, which seamlessly integrates theoretical lessons with practical exercises. The inclusion of real-life case studies and security vulnerabilities discovered by the author adds immense value, making the learning experience engaging and informative. I plan on revisiting the training to absorb its comprehensive content more thoroughly.
MHZCyber
I just finished the "Masterclass: Hacking open source fuzzers for smarter bughunting" from @zerodaytraining by @alisaesage. The 4-hour training is an eye-opening to more advanced fuzzing and it's more oriented to learn how to customize the fuzzer for your own purpose ...🧵 and not to learn how to fuzz. The masterclass focuses on AFL and WinAFL since those are the most powerful frameworks for fuzzing and explains the anatomy of fuzzing and the differences between the old generation fuzzers methodology and the new ones. I don't think the masterclass is for beginners as much as for intermediate people or those with fuzzing experience. There are some interesting exercises to solve in the training and some nice dive in the source code of the fuzzers to understand its internals.
Urk3L
[HVR] Been there done that couple of weeks ago. Puts you on the right direction & gives you the right kick. Not only the content is GREAT, the teaching approach and follow up are remarkable! Definitely the place you want to look at if you are or want to get into smashing hypervisors💯 https://t.co/7NmaSqOm4y
Bug Digger
Just wrapped up @zerodaytraining 's self-paced course by the incredibly insightful @alisaesage. Coming from a software development and web security background, I found her dive into zero-day research both enlightening and engaging. The mix of topics, whether memory corruption… https://t.co/6aoab2O2PP
Robin Fassina-Moschini
@alisaesage Thank you again @alisaesage for the outstanding course, it was excellent! I can only recommend anybody who want to discover or to perfection their skills to look at @zerodaytraining courses!
Nero
The Vulnerability Research training from @zerodaytraining led by the incredibly insightful Alisa Esage was a game-changer for me. This four-day comprehensive education proved to be an incredible experience, combining more than a decade of research insights into vulnerability with hands-on practical applications of real-world case studies. Alisa's approach to teaching, emphasizing on the development of the right mindset and cognitive skills necessary for vulnerability research, truly sets this course apart. It’s not just about understanding a specific attack; it’s a deep dive into the essentials of vulnerability research, from memory corruption and logic bugs to navigating complex codebases and the nuances of modern software. What stood out to me was the practical tips from Alisa's own Pwn2Own experiences. The course doesn't just feed you the information; it challenges you to engage actively with the content, encouraging a researcher's mindset that's crucial for anyone serious about delving into VR. Whether you're coming from a software development background or other security related field, this course is invaluable. It not only provides a well-structured self-learning approach but also encourages for continuous improvement of key concepts in vulnerability research. Highly recommended for those interested in vulnerability research.
Jael Koh
@alisaesage I want to get into fuzzing for vulnerability research! Loved your ZDE VR course, I think your VR methodology is exceptional. Would love to learn how you approach fuzzing!
invisiblebyte
I was lucky enough to participate to "Hypervisor Vulnerability Research 101" mini class by @alisaesage. Her explanations are excellent, I think her courses on Hypervisor security are the best resource out there, I highly recommend her courses to everyone.
una selva obscura
The Zero Day Engineering vulnerability research course is an amazing intro to the mentality needed to be a successful 0d researcher. https://t.co/itsCZeWPG6
Samy G
Last night around 1 AM I finally finished "https://t.co/LcxeMtR1Nw" by @alisaesage of @zerodaytraining . Here's my review 1/4 1st, WOW! it's 4 hours of pure gold. Initially, she goes through the important core theories of fuzzing, and then she connects the dots by walking you through AFL's source code, which helps you deepen your understanding of how things work under the hood. 2/ The guided labs where you are given a quick task, and then shown the solution are awesome. Not only does it strengthen your understanding of the material, it also builds your confidence! 3/ The final part "Common Problems & Tips" will save you hours if not days of headaches with tips that can only come from extensive hands-on experience. I had two aha moments during that part. 4/ Overall, this is an easy 5-star. It's a great mini-class for both beginners and professionals. Thanks @alisaesage for generously offering this for free and giving back to the community! (also thanks for accommodating me)
Jay
@alisaesage Hey Alisa. Long time exploit dev here. Really want to purchase some of your other courses and I figured this masterclass would be a good way to test my knowledge and see the way you teach. I’m always looking to learn more. Thanks.
Maher Azzouzi
@alisaesage All your courses are great. Fuzzing is needed in my VR journey. Thank you!
Qingkai Ma
@alisaesage Always impressed by your work. Have read quite some posts on fuzzing but never really started. Seems this class will provide many tips on fuzzing that hopefully can help me get started on real fuzzing.
Ris3Above
@alisaesage I want to start with fuzzing, and i've read a couple of feedbacks👌 from people who took your classes which gives a hint that its a valuable in content☝️
Cristofaro Mune
I cannot join, unfortunately. But, I cannot recommend @alisaesage enough. Training is often confused with "conveying information", while "pushing boundaries" requires being enlightened and inspired. Alisa is among the few that knows the difference and can do it. Don't miss it. 🤟 https://t.co/KKGptm1qzL
rui
Alisa's training completely changed my mindset and the way I was looking at hypervisors. I highly recommend the Advanced Hypervisor Exploitation training. Actually, if you're interested in hypervisors it's mandatory.
ypyun
Last December, I had the honor of getting a free pass to take Alisa Esage's iBootcamp training. Here is my impression about it. First, I have to say, this training is different from any other technology trainings I know of. Most of other technology trainings involve packing a lot of content on a special topic in a fixed number of days. This one is about a special topic, iOS security research. However, it's more about using that as an example to teach how Alisa, an experienced security researcher approaches a new topic. I learned a lot from the discussion about research methodology and follow along in the initial reconnaissance activities. It's very helpful for someone who is new to security research, like me. To date, I'm still trying to apply what I learned to my workflow. The training ran for ten days. With a daily one-hour online video webinar where Alisa went over a special topic each day. After each webinar, Alisa would give out exercises to do before next (exercise would be on topic to be discussed in next webinar), and sometimes post notes related to things discussed in seminar. Doing the exercises and comparing my results with Alisa's was best for learning and for finding out areas for improvement. The class size is small and Alisa took time to make sure everyone's questions/concerns were fully addressed. Due to my full time work, I was not able to attend all the video sessions. However, I think to fully take advantage of the training, it's best to attend all the live video sessions and ask your questions. I did ask a few questions via email and got all my questions answered. Going over responses to other students' questions also proved to be very helpful. Overall, I am grateful for the opportunity. The training is very helpful to me and I think it would be for anyone who is new to security research or just started. Just FYI, I don't think Alisa has any plan to offer the same training in the near future, but the recorded version is available for sale.
W
A brief review of the Hypervisor Security Research 101 class by Zero Day Engineering Training with Alisa Esage Шевченко. I took the 4 hour Hypervisor Security Research 101 class in May while the course was still in its testing stage and think it’s an overall excellent starting point for Hypervisor research. It delivers on exactly what is promised in the description. It gives a great first intro into the world of hypervisors and what you need to consider while researching the topics. While the price may seem high at first, compared to other courses in other areas it is reasonably priced. Especially if you compare it to the main course offering, and having live access to an expert on the topic who can answer your questions directly. The course is present remotely over Zoom, and you are free to ask questions in the public chat or privately to Alisa directly. As mentioned on Twitter, it was nearly a 1-on-1 mentoring experience in a small group. The time of the class was well chosen to accommodate students from multiple timezones. After a brief introduction the course started and went over each topic mentioned in the description, with breaks for questions on both sides, as well as challenges. Towards the end we received a lot of resources we can then use to continue our journey. At the end it was clear to all the students that we want to continue taking courses from Alisa. I highly recommend the course and the trainer, and if you are able to attend for free, I would highly recommend jumping on that opportunity as soon as possible.
P.S. Old reviews page is here