Excel (and Office apps) Kills the Citrix (or Terminal Services) Star presented at TROOPERS 2012

by Chema Alonso, Juan Garrido,

Summary : Microsoft Office (and Excel) are common applications in big companies and in a big amount of cases they are published through Terminal Services or Citrix. However, securing that environment against malicious users is very complicated. In this talk youll see a lot of demos hacking Citrix and Terminal Services using Excel and maybe youll be scared after having seen this session.

Chema Alonso: Chema Alonso is a Computer Engineer by the Rey Juan Carlos University and System Engineer by the Politecnica University of Madrid. He has been working as security consultant last six years and had been awarded as Microsoft Most Valuable Professional since 2005 to present time. He is a Microsoft frequent speaker in Security Conferences. He writes monthly in several Spanish Technical Magazines. He is currently working on his PhD thesis about Blind Techniques. Recently spoke in BH Europe 2008 about LDAP Injection & Blind LDAP Injection attacks, in Defcon 16 about Time-Based Blind SQL Injection using heavy Queries, in Toorcon X about RFD (Remote File Downloading) and in DeepSec 2k8 in Austria. Currently has been selected to be presenting in HackCon#4 in Norway and in SchmooCon 2k9 in Washington DC, BlackHat Europe 2k9 and Defcon 17.