Penetration Testing mailing list archives

Re: (In)Secure Citrix Configs

From: "Ivan .Heca" <ivanhec () gmail com>
Date: Fri, 29 Jun 2012 14:57:52 +1000

Citrix molestation starts here
http://synjunkie.blogspot.com.au/2009/03/abusing-citrix-part-1.html

cheers
Ivan

On Fri, Jun 29, 2012 at 2:54 PM, Ryan Graves <rgraves22 () gmail com> wrote:

You can use a misconfigured net scaler or perhaps an application vulnerability as a pivot point into a local host or 
server on the network. Xenapp technically runs locally through terminal services.

Sent from my iPhone

On Jun 28, 2012, at 10:46 AM, "!s3grim" <persephane () gmx eu> wrote:

Hi guys,

does anyone know any ressources about the security of citrix environments?
Anything like the basic security model, like configuration places and usual
'misconfigurations'?
Maybe there is also a hardening guide or something about config caveats?

I'd appreciate any useful information.

!s3grim


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

(In)Secure Citrix Configs !s3grim (Jun 28)
- Re: (In)Secure Citrix Configs Ryan Graves (Jun 28)
  - Re: (In)Secure Citrix Configs Ivan .Heca (Jun 28)
- Message not available
  - AW: (In)Secure Citrix Configs !s3grim (Jun 29)