Citrix. The point and click remote desktop interface that is often seen but not heard. Often used as an alternative to RDP as it offers flexible and secure configuration options. Typically though a deployment is extremely weak and a compromise is guaranteed. This talk will cover off some standard deployment scenarios and explain a lot of Citrix security issues. The presentation will cover various network layer security weaknesses and other configuration issues that should be addressed when implementing a secure Citrix installation. The presentation will also include a live demonstration that will show a common scenario where an attacker can exploit vulnerabilities allowing them to take over the server and potentially the entire network. This includes breaking out of a typical Citrix environment, escalating privileges, and stealing domain authentication to access a domain controller.