US-based software firm Citrix last month released an advisory for a vulnerability that existed in Citrix Application Delivery Controller and Citrix Gateway installations. Exploit code for the vuln (CVE-2019-19781) was released to the public on 10th January, at which time there was no official patch.
This is concerning for a company that was brutally attacked by hackers last year, with swathes of its customer data exposed online. Resecurity attributed that attack to Iranian-linked hacker group IRIDIUM – and if that interests you, our full breakdown of Iran’s cyber capability is available here.
Research groups have now posted proof-of-concept (POC) exploit code for the recent vuln on GitHub, so Citrix’s mitigatory advice should be actioned by all affected organizations. Project Zero India released one exploit for the remotely executable flaw, while the other – dubbed Citrixmash – comes via security consulting firm TrustedSec.
And there are also reports suggesting that scanning activity has surged in recent days, which means it’s likely that attackers are now seeking systems to exploit.
At Immersive Labs we’ve created both red and blue team labs on Shitrix, so you can learn how to mitigate the vulnerability while also thinking like the bad guys. Check out our overview of the two labs below.
In this lab you will explore investigative techniques post-compromise by analyzing network traffic, identifying C2 commands and creating a Snort rule to detect future attacks.
In this lab you will use the proof-of-concept code to exploit a vulnerable server and escalate your privileges to root.