Forensics

Investigation of Session Hijacking via Citrix NetScaler ADC and Gateway Vulnerability (CVE-2023-4966) | MandiantMandiant

Registry Path (HKEY_LOCAL_MACHINE\SOFTWARE)	Sample Value
\Policies\Citrix\<session #>\Evidence\ClientName	DESKTOP-1ABC2DE3
\Policies\Citrix\<session #>\Evidence\ClientIP	10.0.2.15
\Policies\Citrix\<session #>\Evidence\BrokeringUserSid	UserSid
\WOW6432Node\Policies\Citrix\<session #>\Events\LastUpdate	2023-10-10 12:00:00Z
\WOW6432Node\Policies\Citrix\<session #>\Evidence\ClientName	DESKTOP-1ABC2DE3