Few weeks ago, pdp released an article about citrix hacking and it actually caught my attention. I read through a total of 4 pdp's posts and also wirepair's whitepaper on hackingcitrix. It was overall a basic yet interesting article and actually gave me an idea on how to start enumeration and hacking citrix. Well, for my next trick when i am about to audit citrix soon, i will start employing the techniques that was discussed in the article and also include one of my favourite tricks of all time that would actually find flaws in the Citrix application. This would actually test how robust is the citrix application and how can it handle certain payloads. Since Citrix is not taking security seriously according to wirepair's article, i would not hestitate to publish any flaws i find. With that being said, of course i would give them a chance to see how is their response.
The Hacka Man