CitrixTM is a Remote Desktop application that is widely popular. It is similar to Microsoft’s Terminal Services, RDP (Remote Desktop Protocol). Unlike Terminal Services, Citrix allows the administrator to specify certain applications to be run on the server. This allows them to control which programs they want to allow the end user to execute.
Citrix Security Testing
Due to certain mis-configurations which 7Safe regularly finds in client networks it is often possible for a malicious user to bypass such security restrictions and launch arbitrary applications. 7safe consultants undertake application security testing against Citrix deployments to test a wide variety of attacks. Such security testing is designed to identify whether it’s possible to “break-out” of the Citrix lock-down environment to launch arbitrary applications (e.g. cmd.exe) and if after the break-out it’s possible to carry out any malicious activity such as elevation of privileges, attacking the back-end systems etc.