This message was deleted.
# _generals
Slackbot
06/26/2022, 6:35 AMThis message was deleted.
m
Mads Petersen
06/26/2022, 11:00 AMHere are some generic methods of breaking out of locked down environments
https://www.pentestpartners.com/security-blog/breaking-out-of-citrix-and-other-restricted-desktop-environments
๐ 1
๐ 3
j
James Rankin
06/26/2022, 5:11 PMMost of it is simply on the Windows level. However there are isolated Citrix-specific bits of low-hanging fruit (such as file transfer via the HTML5 client, for instance), that you might want to consider.
๐ 1
n
Nick Casagrande
06/26/2022, 9:30 PMyou can use this to check your netscaler. if not an a+, there are scripts out there to run on the NS to lock it down, pretty cool --- https://www.ssllabs.com/ssltest/
a
Arthur
06/27/2022, 8:13 PMAnything more for ADC / NSG ?
m
Mads Petersen
06/28/2022, 8:02 AMThere have been some known CVEs lately against the gateway, so if the ADC isnโt updated, you might be able to find something.
Misconfiguration could also be an issue.
Weak TLS settings could maybe lead to something, but doubtful as the ADC overall is fairly secure by default.
I would never attack the ADC directly, i would target users or escape the lookdown if you already have valid credentials.
2 Views