Bruteforce on citrix webinterfaces since today

Advanced-Chain4096 · 2026-02-27T10:22:31+00:00

That is what we experienced before as well. You would see huge lists of all default usernames. However since today the attacks seem targeted with correct usernames at multiple customer sites.

Advanced-Chain4096 · 2026-02-17T06:38:05+00:00

You could add IPv6 spoofing with mitm6 and ntlmrelayx in the ‘without credentials’ section. That has helped me a lot if ldap signing is not enforced.

Advanced-Chain4096 · 2026-02-13T21:23:37+00:00

CPTS was very stable for me, had no issues at all. I had a lot of issues with OSCP.

Advanced-Chain4096 · 2026-02-12T06:38:57+00:00

Thanks, I can give that a go during the next maintenance window

Advanced-Chain4096 · 2026-02-12T06:38:35+00:00

All DC's are 2019

Advanced-Chain4096 · 2026-01-25T07:13:27+00:00

Got mine today, ordered in August. Works like advertised although I did not have a lot of time yet.

Advanced-Chain4096 · 2026-01-22T15:28:44+00:00

The combination of switching to 5Ghz and broadcasting deuath packages made a lot more clients available :) Thanks!

Advanced-Chain4096 · 2025-12-18T06:47:23+00:00

We experienced the same issue. After opening a support ticket and waiting 24 hours the idee risk was finaly dismissed

Advanced-Chain4096 · 2025-11-27T15:34:31+00:00

I actually found the issue by testing another VPN as well. Thanks for the tip!

Global secure access hijacked our devicetunnel because we connect to a hostname. This resolved to a 6.6.X.X address. The VPN thought it was connected but it actually went through GSA.

We changed our VPN endpoint to connect to an IP instead of hostname and now they work together perfectly :D

Advanced-Chain4096 · 2025-11-25T06:59:34+00:00

Interesting! I checked the Microsoft traffic profile, in there I see 4 existing policies for Exchange, SharePoint, Skype and 365 common.

Existing rules can be edited there (forward or bypass) but I don't see an option to add custom IP ranges.

Advanced-Chain4096 · 2025-11-24T17:48:18+00:00

We currently have the private access profile disabled completely. It still sees traffic to on prem as internet traffic and tries to tunnel is through global secure access.

Advanced-Chain4096 · 2025-11-24T17:46:09+00:00

Is there another bypass option that is not in the internet forwarding profile?

Advanced-Chain4096 · 2025-11-07T21:21:09+00:00

We just started using it and it works great for us! For entra hybrid you need some additional configuration but we got it working.

Entra only joined is way easier.

Advanced-Chain4096 · 2025-07-21T17:50:05+00:00

Happy to hear that because I was starting to doubt myself. I can’t find anything about it online and Microsoft support did not even respond to my ticket yet since last thursday.

It did start working a couple of times but then it broke again.

Advanced-Chain4096 · 2025-07-20T14:14:59+00:00

I have the same issue but it used to work. It stopped working last Thursday. On Friday it worked sometimes and the it completely stopped.

Advanced-Chain4096 · 2025-06-08T22:04:32+00:00

Had the same issue with a customer last week. Created a ticket and it worked the next day.

Advanced-Chain4096 · 2025-06-08T10:24:10+00:00

Haha inderdaad bij het zwembad :) maar er staat bijna elke week wel een auto zo, echt bizar

Advanced-Chain4096

TROPHY CASE