dChan
Anonymous ID: 59322e March 11, 2020, 5:16 p.m. No.8382258   🗄️.is 🔗kun   >>2276

>>8382078 (pb)

 

BTW Citrix is one of the few companies that licensed and enhanced MSFT Windows server successfully. (Making the kernel multi-user aware) MophiaSoft almost destroyed Citrix by pulling the licensing agreement and killing their stock. Citrix created the original "thin-client' protocols for high latency network connections. Also known as Terminal Server (Very nice for hackers to gain full access to MSFT servers and applications silently. Very easy to tunnel thin client protocols within other protocols. Beautiful for subverting treat detection. Dont ask me how I know. ;) ) One port full access to the server and the rest of the internal network of a given company. …Guess who has contracts with the White House. Guess who has been reportedly breached for the last 5 years? (I believe they have been powned for more years than that…. Yep…Citrix. Timing is everything….This was anounced right around the time Brennon and others were locked out of their security access. Coincidence? Yeah right.

 

'Friendly' hackers are seemingly fixing the Citrix server hole – and leaving a nasty present behind

 

https://www.theregister.co.uk/2020/01/17/hackers_patch_citrix_vulnerability/

Anonymous ID: 59322e March 11, 2020, 5:19 p.m. No.8382294   🗄️.is 🔗kun   >>2312

>>8382276

 

Brilliant tech when implemented correctly. Security of the server takes on an entirely new dynamic when locking down access. The challenge one port = keys to the kingdom.

Anonymous ID: 59322e March 11, 2020, 5:44 p.m. No.8382596   🗄️.is 🔗kun   >>2639

>>8382312

 

Sure… Thin-client protocols only pass keyboard video and mouse instructions. The data lives on the server as well as the session for a user. Its like looking down the wire and "seeing" the data and applications. The "view" appears to be on your local system. There is a "virtual channel" than can be utilized to pass data locally, print locally etc… Thin clients are usually on port 1494 for citrix and 3389 for Terminal services. (They can be changed to obscure for port filtering firewalls and other security tech.) Almost all MSFT servers are capable of having this port open or opened on another port. Kinda like the hackers in the previous attached article. The other killer way to get in is to tunnel within http https, or even ssh a thin client protocol. (So it looks like web or ssh traffic to the administrators and security sniffers.) Not that I know anything about this…one of the first things a hacker will look for is unintentionally Terminal server instances left open for admins. Poking at these ports takes some time (keylogers / password scripts) Once access is gained bad actors can get in with full access on a server sub-net backends. (Where all the real data lives for any organization…hence the keys to the kingdom) There is also a way to "shadow" users on the server side and observe everything they are doing on the server without the users knowledge. Imagine shadowing an administrator on a corporate network. Access to everything. Very handy. Make sense? Look up Citrix on theregister.com. You will find a lot of information on the hacks that have been going on for years and not patched or fixed. Curious.

Anonymous ID: 59322e March 11, 2020, 5:56 p.m. No.8382746   🗄️.is 🔗kun

>>8382639

 

>theregister.com

Yeah… it is what it is unfortunately. Discernment is a good skill to have on these digs. There are some other great resources out there. Krebs on security. The Defensive security guys are what they are but cover key challenges within the security community.