Got Citrix? Hack It! presented at ShmooCon 2008

by Shanit Gupta,

Tags: Security Development

Summary : Citrix is a widely used remote desktop application utilized in many major corporations around the world. In addition to offering the typical benefits of RDP and Microsoft terminal services, it is capable of sandboxing and restricting the applications that can be executed by the user. Unfortunately, often times the Citrix environment can introduce a false sense of security within organizations. There are several ways to circumvent security controls within the Citrix framework and many system administrators are not aware of these attacks. During this presentation, we’ll demonstrate ways in which to compromise the Citrix environment using multiple attack vectors. Then we’ll show you the corresponding remediation strategies.
Shanit Gupta is a Senior Consultant at Foundstone. At Foundstone, Shanit is responsible for creating and delivering the threat modeling and application security service lines. Shanit is also responsible for the design, development and release of free tools offered by Foundstone.