Hacking Citrix presented at AUScert 2009

by Brett Moore,

Summary : Citrix Insecurities (or Hacking Citrix if you prefer) Citrix. The point and click remote desktop interface that is often seen but not heard. Often used as an alternative to RDP as it offers flexible and secure configuration options. Typically though a deployment is extremely weak and a compromise is guaranteed. This talk will cover off some standard deployment scenarios; explain a lot of Citrix security issues. The presentation will cover various network layer security weaknesses and other configuration issues that should be addressed when implementing a secure Citrix installation. The presentation will also demonstrate a common scenario where an attacker can exploit vulnerabilities allowing them to take over the server and potentially the entire network. This includes breaking out of a typical Citrix environment, escalating privileges, and stealing domain authentication to access a domain controller.

Brett Moore: Having conducted vulnerability assessments, network reviews, and penetration tests for the majority of the large companies in New Zealand, Insomnia founder Brett Moore brings with him over eight years experience in information security. During this time, Brett has also worked with companies such as SUN Microsystems, Skype Limited and Microsoft Corporation by reporting and helping to fix security vulnerabilities in their products. Brett has released numerous whitepapers and technical postings related to security issues and has spoken at security conferences both locally and overseas, including BlackHat, Defcon, Syscan, Kiwicon, Ruxcon, and the invitation only Microsoft internal security conference called BlueHat.