Disc Analysis: Verify Citrix Compromise - Quick Guide #shorts

Let's take a step back and look at the disk analysis. So basically someone calls us or someone is compromised from either Citrix or the other unnamed rce. Uh what can you do to verify it was a compromise or not? So this appliance so the Citrix appliance is basically running a hardened FreeBSD kernel or customize and we can't really run stuff on it. So there's no EDR running out, no AV, no security solutions. So, we need to get to the disk.