Alisa Esage
Alisa Esage | |
|---|---|
| Website | Homepage |
Alisa Shevchenko (Russian: Алиса Андреевна Шевченко), nke a maara dị ka Alisa Esage, bụ onye nyocha nchekwa kọmputa nke Russia mụrụ, onye ọchụnta ego na onye hacker nwere mgbọrọgwụ Ukraine.[1] A maara ya maka ịrụ ọrụ n'adabereghị ya na ụlọ ọrụ ngwanrọ na-achị dịka Google na Microsoft ịchọta na irigbu adịghị ike nchekwa na ngwaahịa ha; ịbụ nwanyị mbụ so na Pwn2Own, asọmpi hacking ọkachamara izizi n'ụwa nwere nnukwu ihe nrite ego; na ndị gọọmentị United States boro ya ebubo na ha wakporo ntuli aka onye isi ala na 2016.
Alisa Esage bụ onye nwe Zero Day Engineering, ụlọ ọrụ ọkachamara na-enye ọzụzụ pụrụ iche na ndụmọdụ na nyocha nke adịghị ike ngwanrọ.
Akụkọ ndụ
[dezie | dezie ebe o si]Onye kọwara onwe ya "onye nyocha nchekwa iwe," profaịlụ 2014 na Forbes na-ekwu maka Esage: "Ọ na-adọrọ mmasị na hacking karịa mmemme."[1] [2] Mgbe ọ kwụsịrị na mahadum ọ rụrụ ọrụ dị ka ọkachamara nyocha malware maka Kaspersky. Labs afọ ise. N'afọ 2009, ọ tọrọ ntọala ụlọ ọrụ Esage Labs, nke e mesịrị mara dị ka ZOR Security (acronym Russian na-anọchite anya Цифровое Оружие и Защита, "Digital Weapons and Defense.")
Edebere ụlọ ọrụ Esage ZOR Security na ndepụta nke ụlọ ọrụ US nyere iwu ka e boro ya ebubo na ọ "na-enyere Vladimir Putin aka ịgbanye ntuli aka [2016] maka Trump. Banyere ebubo ndị White House boro, Esage kwuru na ndị ọchịchị akọwahiere eziokwu ma ọ bụ ghọgbuo ya.[1] Ruo taa, ndị ọrụ US ekwubeghị ihe mere ha ji kwenye na Esage so ndị na-agba ọsọ GRU rụọ ọrụ, ma ọ bụ ihe o kwuru na o nyere ha.
Na mbido 2021, Esage kwupụtara ọrụ Zero Day Engineering, nke na-ahụ maka ọzụzụ ọkachamara, ọgụgụ isi nyocha, na ndụmọdụ na mpaghara nke nchebe kọmputa dị elu na nyocha nke adịghị ike.
Esage enwetala mmeri n'ọtụtụ asọmpi hacking dị elu nke mba ụwa, kwuo okwu n'ọtụtụ nzukọ nchekwa mba ụwa, ma bipụta isiokwu teknụzụ na magazin teknụzụ kachasị elu.
Mmezu
[dezie | dezie ebe o si]N'afọ 2014 Esage weere ọnọdụ mbụ na asọmpi PHDays IV "Critical Infrastructure Attack" (aha ọzọ: "Hack the Smart City"), na-eme nke ọma na obodo mara mma nke na-akwa emo na ịchọpụta ọtụtụ adịghị ike ụbọchị efu na Indusoft Web Studio 7.1 site na. Ụlọ ọrụ Schneider Electric.
N'afọ 2014-2018, a na-eto Esage maka ịchọpụta ọtụtụ nsogbu nchebe efu na ngwaahịa ngwanrọ a ma ama site na ndị dike teknụzụ dị ka Microsoft, [1] Firefox, [2] na Google. [3] Akụkụ nke adịghị ike ndị ahụ gosipụtara site na mmemme nchekwa Zero Day Initiative (ZDI), nke nnukwu ụlọ ọrụ teknụzụ US HP nwere n'oge gara aga, ma nye ya aha dị iche iche. [4][5]
Esage ewepụtala nyocha ya n'ọtụtụ ọgbakọ nchekwa mba ụwa: RECON, ụbọchị mbanye anataghị ikike dị mma, [1] Zero Nights, [2] POC x Zer0con, [3] Chaos Communications Congress.
E gosipụtara ọrụ ya na akwụkwọ dị iche iche nke ụlọ ọrụ nchekwa dịka Virus Bulletin, Secure List, na Phrack Magazine. [citation needed]
Pwn2Own
[dezie | dezie ebe o si]Na 8 Eprel 2021 Esage bụ nwanyị mbụ meriri na Pwn2Own, asọmpi hacking dị elu na-agba kemgbe 2007.[1] Dị ka akụkụ nke ntinye asọmpi ya na Pwn2Own Vancouver 2021 Esage ezubere iche maka Parallels Desktop maka ụdị Mac 16.1.3 na-erigbu ụbọchị efu nke onwe ya mepụtara, wee nwee ike gosipụta mgbanarị igwe ndị ọbịa na-anabata ndị ọbịa na mmebe koodu aka ike na MacOS, na sistemu nke etinyere nke ọma.[2] Asọmpi a kwuputara ntinye a ka ọ bụrụ mmeri n'akụkụ n'ihi na onye na-ere sọftụwia ezubere iche maara n'ime maka ahụhụ ụbọchị efu nke etinyere na nrigbu Esage.
Arụmụka
[dezie | dezie ebe o si]"Nkebi mmeri" nke Esage's Pwn2Own Vancouver 2021 exploit site n'aka ndị na-ahazi ya kpatara esemokwu n'etiti ndị na-ahụ maka nchekwa ozi zuru ụwa ọnụ, na ndị na-ekwu okwu na Twitter na-achọ ka a gbanwee iwu nke asọmpi ahụ ka e wee kwuo na mgbalị ahụ bụ mmeri zuru oke. [citation needed] Dị ka iwu Pwn2Own nke 2021, enwere ike iwepu ntinye asọmpi nke ọma ma ọ bụ belata ya na chaatị asọmpi ma ọ bụrụ na onye na-ere ngwanrọ a lekwasịrị anya maara n'ime ya banyere nsogbu ahụ (mgbe a ka na-edeghị ya) n'ụbọchị asọmpi ahụ.[6] Ntinye aka Esage dọtara uche n'akụkụ ahụ nke iwu, na ọtụtụ arụmụka nke ndị ama ama na ndị ọrụ nchekwa kọmputa tweeted iji kwado mgbanwe nke iwu.[7]
A na-enyo ọnọdụ Esage dị ka nwanyị mbụ na akụkọ ihe mere eme nke Pwn2Own enyo, ọ bụ ezie na ọ dị obere. Ọ bụ ezie na ndekọ ndekọ nke asọmpi ahụ doro anya na nke ahụ, na onye na-akọ akụkọ na-ekwu na 05:08 "Alisa bụ nwanyị mbụ anyị sonyere", na onye guzobere Pwn2Own na-akpọ na Twitter, tweet nke asọmpi gọọmentị bịara na ederede n'akụkụ: "nwaanyị mbụ sonyere dị ka onye ọ bụla". Nke a nwere ike ịbụ n'ihi na otu onye sonyere na Pwn2Own 2018 nke otu Ret2 Systems gbanwere aha ha na njirimara nwoke na nwanyị n'afọ ndị sochirinụ. [citation needed] Eziokwu, ndekọ ọha na eze nke asọmpi Pwn2Own na blọọgụ gọọmentị na ndekọ liveestream enweghị aha ụmụ nwanyị na-ekere òkè tupu Esage abanye na 2021.[8][9]
Mkpali na àgwà
[dezie | dezie ebe o si]Esage na-ehota nna ya dị ka isi ihe na-akpali akpali nye nhọrọ nke ọrụ na ọrụ ya: "Ọ kụziiri m ka m na-ere ahịa mgbe m dị afọ 5, echere m. N'ihi ya, amalitere m ịgụ akwụkwọ gbasara kọmputa na mmemme na ụlọ akwụkwọ mbụ ma kụziere onwe m ka m tinye koodu. na C++ na x86 asụsụ mgbakọ ozugbo m nwetara PC mgbe m dị afọ 15."
Banyere òkè ya na asọmpi Pwn2Own: "Ọ bụ ihe dị mkpa n'ọrụ onye ọkachamara na-egwu kọmputa, na nnukwu ihe mgbaru ọsọ n'onwe ya. A na-eme m ka m nwee obi ụtọ! Ma nwee obi ụtọ"
Akwụkwọ ya na ihe ndị ọ na-eme
[dezie | dezie ebe o si]- Esage (May 6, 2016). "Self-patching Microsoft XML with misalignments and factorials". Phrack Magazine 69 (10).
- Microsoft Windows Media Center CVE-2014-4060 Remote Code Execution Vulnerability. SecurityFocus (August 14, 2014).
- (0Day) Microsoft Word Line Formatting Denial of Service Vulnerability. Zero Day Initiative (February 27, 2015).
- "Rootkit evolution", Secure List.
- Case study: the Ibank trojan. Virus Bulletin.
- "Fusing ihe niile na 2014 maka ikpughe 0-day vulnerability". [Ihe e dere n'ala ala peeji]
- "Na nyocha cyber. Nnyocha ikpe: ohi usoro mbufe ego". [Ihe e dere n'ala ala peeji]
- Microsoft Security Bulletin MS14-067 - Critical (March 2023).
- Microsoft XML Core Services CVE-2014-4118 Remote Code Execution Vulnerability.
- GitHub.com/badd1e/" id="mwkA" rel="mw:ExtLink nofollow">badd1e na GitHub.
Edensibia
[dezie | dezie ebe o si]- ↑ Microsoft XML Core Services CVE-2014-4118 Remote Code Execution Vulnerability. www.securityfocus.com. Retrieved on 2021-03-05.
- ↑ 1443891 - (CVE-2018-5178) Integer overflow in nsScriptableUnicodeConverter::ConvertFromByteArray can cause a heap buffer overflow (en). bugzilla.mozilla.org. Retrieved on 2021-03-05.
- ↑ 825503 - chromium - An open-source project to help move the web forward. - Monorail. bugs.chromium.org. Retrieved on 2021-03-05.
- ↑ ZDI-15-052. zerodayinitiative.com. Retrieved on 2021-03-05.
- ↑ Zero Day Initiative — VirtualBox 3D Acceleration: An accelerated attack surface (en-US). Zero Day Initiative. Retrieved on 2021-03-05.
- ↑ Archived copy. www.zerodayinitiative.com. Archived from the original on 4 April 2021. Retrieved on 2021-04-17.
- ↑ Varghese. iTWire - Anger as woman researcher walks away empty-handed from hacking contest (en-gb). itwire.com. Retrieved on 2021-04-17.
- ↑ pwn2own site:zerodayinitiative.com - Google Search. www.google.com. Retrieved on 2021-04-17.
- ↑ Zero Day Initiative - YouTube. www.youtube.com. Retrieved on 2021-04-17.
Njikọ mpụga
[dezie | dezie ebe o si]- Twitter.com/alisaesage" id="mwAfc" rel="mw:ExtLink nofollow">Alisa Esage na Twitter
- Zero Day Injinia ọzụzụ site na Alisa Esage