[Dailydave] Owning Citrix & Terminal Services Clients

[Dave Korn]

On 27 February 2008 18:18, DSquare Security wrote:

> There are at least two interesting ways to access client data
> 1) Spying his session to get passwords from a published application
> 2) Accessing his local drives if they are mapped in the session

  Not to mention the IPC$ share and all those pipes you can't get at (because
of RestrictAnonymous=1 these days) without being authenticated.


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....