Penetration Testing mailing list archives
Re: (In)Secure Citrix Configs
From: Ryan Graves <rgraves22 () gmail com>
Date: Thu, 28 Jun 2012 21:54:55 -0700
You can use a misconfigured net scaler or perhaps an application vulnerability as a pivot point into a local host or server on the network. Xenapp technically runs locally through terminal services. Sent from my iPhone On Jun 28, 2012, at 10:46 AM, "!s3grim" <persephane () gmx eu> wrote:
Hi guys, does anyone know any ressources about the security of citrix environments? Anything like the basic security model, like configuration places and usual 'misconfigurations'? Maybe there is also a hardening guide or something about config caveats? I'd appreciate any useful information. !s3grim ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- (In)Secure Citrix Configs !s3grim (Jun 28)
- Re: (In)Secure Citrix Configs Ryan Graves (Jun 28)
- Re: (In)Secure Citrix Configs Ivan .Heca (Jun 28)
- Message not available
- AW: (In)Secure Citrix Configs !s3grim (Jun 29)
- Re: (In)Secure Citrix Configs Ryan Graves (Jun 28)