You can use a misconfigured net scaler or perhaps an application vulnerability as a pivot point into a local host or server on the network. Xenapp technically runs locally through terminal services.
Sent from my iPhone
On Jun 28, 2012, at 10:46 AM, "!s3grim" <persephane (at) gmx (dot) eu [email concealed]> wrote:
> Hi guys,
>
> does anyone know any ressources about the security of citrix environments?
> Anything like the basic security model, like configuration places and usual
> 'misconfigurations'?
> Maybe there is also a hardening guide or something about config caveats?
>
> I'd appreciate any useful information.
>
> !s3grim
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
Sent from my iPhone
On Jun 28, 2012, at 10:46 AM, "!s3grim" <persephane (at) gmx (dot) eu [email concealed]> wrote:
> Hi guys,
>
> does anyone know any ressources about the security of citrix environments?
> Anything like the basic security model, like configuration places and usual
> 'misconfigurations'?
> Maybe there is also a hardening guide or something about config caveats?
>
> I'd appreciate any useful information.
>
> !s3grim
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]