Re: Owning Citrix & Terminal Services Clients

["Dave Korn" <dave.korn () artimi com>]

On 27 February 2008 18:18, DSquare Security wrote:

> There are at least two interesting ways to access client data
> 1) Spying his session to get passwords from a published application
> 2) Accessing his local drives if they are mapped in the session

  Not to mention the IPC$ share and all those pipes you can't get at (because
of RestrictAnonymous=1 these days) without being authenticated.


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave