New training: Zero Day Engineering https://t.co/aG9uVSf2Lb The world’s only full stack training course on low-level aspects of computer security, offensive research and exploitation, created by a competitions-winning hacker with 20+ years of experience

Black Hat published my talk on reverse engineering Qualcomm Hexagon hardware debugging magic, with an introduction by @bunniestudios: https://t.co/1ar8dJff5Z @blackhatevents Apple uses Snapdragon chips for cellular modem in 16-17 (again), I'm an iPhone baseband security

“As usual, Alisa Esage's methodological, unorthodox and rational approach to vulnerability research shines through here, and I'm looking forward to completing this course and tackling hypervisors one day.” — Jael Koh, Security Research https://t.co/S39cXbWYXn

"The knowledge and skills I gained reshaped my identity as a researcher. They apply across systems and disciplines. Techniques refined my approach, while methodology and models changed how I operate at the root." – M. Giovanni Sagioro, Security Researcher https://t.co/ag9ZQLnV10

"Zero day engineering is 10% tools, 30% creative technical research of the unknowns, and 60% mindset: strategic analysis, advanced cognitive skills, and being extremely agile. … It’s a continuous call of the evolution“ — @alisaesage

My cutting edge research notes would be commercially available to vetted orgs & governments. If you’re interested, email @zerodaytraining directly; I don’t work with middlemen

Our Zero Day Vulnerability Research course is full of deep insights useful for beginners that may surprise an experienced hacker:

Did you know? GDB has a built in graphic interface, called TUI. Commands: - Turn on: `tui enable` - Cycle through windows: `layout next` - Redirect target stdio/stderr to a log file to prevent curses UI breakage (or `refresh`) (Showing @alisaesage's screen)

I've been taking the Browser Exploitation Training from @alisaesage and @zerodaytraining, and I can honestly say this is one of the most comprehensive and high-signal courses I’ve taken in the offensive security space. What the training covers: This isn’t a “click through some

It is really impressive. Thank you @alisaesage.

All of my private zero day research notes in here

Our Browser Exploit Design course is massive on Use-after-free issues, and comprehensively covers Chrome system internals. It also has a practical walkthrough of a relevant bug in Chrome browser process attack surface, from patch to PoC exploit:

🐞Bug Spotlight: CVE-2025-10200 – Use-after-Free in Chrome Service Worker [bounty $43000] One-shot renderer RCE to sandbox escape with a deep iterator invalidation Issue: 🔒440454442 (currently private) Reported by Looben Yang Reverse engineering & PoC exploit by @alisaesage

Alisa's zero day vulnerability research training has been very beneficial to me, she is an excellent instructor and her way of teaching is very practical and inspiring. I would personally be recommend her trainings to anyone interested in vulnerability research:) @alisaesage

The "Critical" Chrome GPU bug (CVE-2025-9478) is suspicious. Background: Google Big Sleep recently patched a bunch of high/critical issues in privileged Chrome GPU (their new AI fuzzer). I looked at the code. All the issues require such an uncommon platform functionality, it's

Did you know? You can estimate the size of an UAF object from the crash log. Just count the purple bytes in the addressed sequence, and multiply by 8

"Another aspect I really enjoyed was that Alisa teaches not only practical and theoretical technical knowledge but also how to build your own methodology and mentally prepare for a career in vulnerability research." – Kinga F, Senior Security Researcher https://t.co/ag9ZQLosQy

“I'm taking the self-paced Zero Day Engineering course and it's one of the best investments I've ever made. I'm on Day 3 and I've already had several Insights and the certainty that I'm building a solid, long-term foundation. There's still the Binary Hacking part that I love most

What I found interesting about the recent WhatsApp x iOS zero day attack, is the alleged links to crypto drains. Crypto community is in panic. There is no clarity in official news – only Twitter rumors. As an exploit specialist, the IOKit part may look unimpressive. It's just a

I call them Mythic Bugs. Simple patterns. Rare. One-off. Yet they recur across decades and codebases. They don’t fit the stats. They shouldn’t exist. But they do. Examples: – My Pwn2Own 2021 Parallels bug — rare class seen in hypervisors since 2010, exposed through my training

@alisaesage Browser Exploit Design course covers Chrome Mojo - including Ipcz. It also covers logic bugs for browser sandbox escape. For in-course exploit practice, @alisaesage walks through a full exploit workflow of Chrome Mojo memory corruption, patch to exploit. https://t.co/AOkbheuyjK