November TASK: Attacking Citrix ADC: Privilege Escalation Zero-Day to Network Infiltration

Wednesday 25-November-2020 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register here to gain access


November TASK (Virtual)

Speaker: Arsenii Pustovit
Topic: Attacking Citrix ADC: Privilege Escalation Zero-Day to Network Infiltration

In this talk we will do a deep dive into the process of discovery and exploitation of a recent privilege escalation vulnerability (CVE-2020-8247) in Citrix ADC / NetScaler Gateway appliances. We will then review potential attack avenues once a threat actor obtains root privileges on a Citrix ADC device and demonstrate one of the attacks in action. Finally, we will have a discussion on improving the security posture of the Citrix ADC / NetScaler Gateway appliances and enhancing visibility into these devices.

Arsenii Pustovit is a member of the RBC Red Team. Prior to joining RBC, Arsenii spent 5 years as a cyber security consultant with Scalar Decisions conducting penetration tests and red team assessments for hundreds of Canadian clients ranging from fintech start-ups to critical infrastructure. Arsenii specialises in offensive cyber operations, Windows Active Directory exploitation and web application security testing.


A special thanks to Zoom for making this happen.
Sincerely,
The TASK Steering Committee

Posted in Events.