Penetration Testing
(In)Secure Citrix Configs Jun 28 2012 05:46PM
!s3grim (persephane gmx eu) (1 replies)
Re: (In)Secure Citrix Configs Jun 29 2012 04:54AM
Ryan Graves (rgraves22 gmail com) (1 replies)
Re: (In)Secure Citrix Configs Jun 29 2012 04:57AM
Ivan .Heca (ivanhec gmail com)
Citrix molestation starts here
http://synjunkie.blogspot.com.au/2009/03/abusing-citrix-part-1.html

cheers
Ivan

On Fri, Jun 29, 2012 at 2:54 PM, Ryan Graves <rgraves22 (at) gmail (dot) com [email concealed]> wrote:
> You can use a misconfigured net scaler or perhaps an application vulnerability as a pivot point into a local host or server on the network. Xenapp technically runs locally through terminal services.
>
> Sent from my iPhone
>
> On Jun 28, 2012, at 10:46 AM, "!s3grim" <persephane (at) gmx (dot) eu [email concealed]> wrote:
>
>> Hi guys,
>>
>> does anyone know any ressources about the security of citrix environments?
>> Anything like the basic security model, like configuration places and usual
>> 'misconfigurations'?
>> Maybe there is also a hardening guide or something about config caveats?
>>
>> I'd appreciate any useful information.
>>
>> !s3grim
>>
>>
>> ------------------------------------------------------------------------

>> This list is sponsored by: Information Assurance Certification Review Board
>>
>> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>>
>> http://www.iacertification.org
>> ------------------------------------------------------------------------

>>
>
> ------------------------------------------------------------------------

> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

>

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus