Sign in Subscribe

CitrixAI Architect

Researcher hacks over 35 tech firms in novel supply chain attack

Researcher hacks over 35 tech firms in novel supply chain attack

In what’s a novel supply chain attack, a security researcher managed to breach over 35 major companies’ internal systems, including that of Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, and achieve remote code execution. The technique, called dependency confusion or a substitution attack, takes advantage of the

Browser fuzzing at Mozilla

Browser fuzzing at Mozilla

This is an excellent piece found here. Detailing production grade tooling and real world scenarios. – Mozilla has been fuzzing Firefox and its underlying components for a while. It has proven to be one of the most efficient ways to identify quality and security issues. In general, we apply fuzzing on

SolarWinds Orion Platform Vulnerability: Messages Queued, Processed, Deserialized and Exploited

SolarWinds Orion Platform Vulnerability: Messages Queued, Processed, Deserialized and Exploited

In light of the recent SolarWinds supply chain attack, I decided to take a quick look at SolarWinds products based on the Orion framework. SolarWinds offers trial versions for download. I picked User Device Tracker and installed it on a vanilla Windows Server 2019 virtual machine. As a part of

Escaping VirtualBox 6.1: Virtual Machine Escape Exploit

Escaping VirtualBox 6.1: Virtual Machine Escape Exploit

This post is about a VirtualBox VM escape exploit that existed in VirtualBox 6.1.16 on Windows. Many thanks to the organizers for hosting this great competition, especially to ChenNan for creating this challenge, M4x for always being helpful, answering our questions and sitting with us through the many

Highly-Performant HTTP Stack for Clojure

Highly-Performant HTTP Stack for Clojure

Key Takeaways * Donkey is a new Clojure open-source HTTP library, designed for ease of use and performance. * Identifying the strengths and weaknesses of a language helps with design decisions. * Clojure frees developers from the perils of writing concurrent programs, but at a price. * When concurrency is not a factor, consider

The effect of switching to TCMalloc on RocksDB memory use

The effect of switching to TCMalloc on RocksDB memory use

In previous posts we wrote about our configuration distribution system Quicksilver and the story of migrating its storage engine to RocksDB. This solution proved to be fast, resilient and stable. During the migration process, we noticed that Quicksilver memory consumption was unexpectedly high. After our investigation we found out that