Citrix Bleed: 0-Day Exploitation Timeline Revealed! #shorts

to give you a bit of understanding. So we just saw a timeline about how quickly um we have a pog and then we have exploitation. And to make things a bit more clear here also for Citrix I've tried to compile all the dates for first exploitation for the security bulletin released by Citrix for the public pock release and for the Mars exploitation. Now um take these dates with a grain of salt because uh obviously we rely here on public data and not not each and every company's going to u disclose that they were breached. So the security bulletin that's fixed but the other dates take a bit grain of salt especially for the PC because we just looked at public source

like GitHub and stuff like that. There's also like dark web source. We didn't look into it. And to summarize it a bit because you don't have to look at everything, you can look at it at home. Um, basically to summarize it, which of those vulnerabilities were used as zero days? We have two the speed one and the unnamed rce. And what is especially interesting is here obviously the point the date on the bottom time from PC to mass exploitation which is like two days, two days, one day, seven days. So as soon as a pock drops, max exploitation starts on edge device or here in this case Citrix. But also like dates from bulletin to exploitation is

also really short because of course if you read the bulletin you also have some mitigation steps and you can read out maybe where the vulnerability lies in the developer park. So we have quick exploitations which just showcases again with the two zero days also that just patching is not