Tool Release – Socks Over RDP Now Works With Citrix

Introduction A month ago, we released a new tool that made it possible to tunnel traffic over an existing Remote Desktop Connection without the need to alter the configuration of the environment. This tool enables penetration testers to conduct their assessments over Windows-based jump boxes. Remote Access technologies are quite diversified, although Remote Desktop Services … Continue reading Tool Release – Socks Over RDP Now Works With Citrix

Shell Arithmetic Expansion and Evaluation Abuse

Introduction Recently we came across a class of vulnerability that was discovered some time ago yet is not very well known, despite the potential impact of its discovery and exploitation being critical. During the (re)discovery of this type of bug we managed to get a privileged shell on a Linux-based appliance that only presented a … Continue reading Shell Arithmetic Expansion and Evaluation Abuse

Tool Release – Socks Over RDP

Introduction Remote Desktop Protocol (RDP) is used to create an interactive session on a remote Windows machine. This is a widely used protocol mostly used by Administrators to remotely access the resources of the operating system or network based services. As penetration testers we frequently find ourselves in a situation where the only access that … Continue reading Tool Release – Socks Over RDP