Wednesday 25-November-2020 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register here to gain access
November TASK (Virtual)
Speaker: Arsenii Pustovit
Topic: Attacking Citrix ADC: Privilege Escalation Zero-Day to Network Infiltration
In this talk we will do a deep dive into the process of discovery and exploitation of a recent privilege escalation vulnerability (CVE-2020-8247) in Citrix ADC / NetScaler Gateway appliances. We will then review potential attack avenues once a threat actor obtains root privileges on a Citrix ADC device and demonstrate one of the attacks in action. Finally, we will have a discussion on improving the security posture of the Citrix ADC / NetScaler Gateway appliances and enhancing visibility into these devices.
Arsenii Pustovit is a member of the RBC Red Team. Prior to joining RBC, Arsenii spent 5 years as a cyber security consultant with Scalar Decisions conducting penetration tests and red team assessments for hundreds of Canadian clients ranging from fintech start-ups to critical infrastructure. Arsenii specialises in offensive cyber operations, Windows Active Directory exploitation and web application security testing.
A special thanks to Zoom for making this happen.
The TASK Steering Committee