Skip to content

Portal/UI checks (tiny backdoors, exfil patterns) and live-host triage #13

Description

@lbuiter

Hoi @NCSC-NL-Sebastiaan @ncsc-nl-ralph @ncsc-nl-pepijn ,

I’ve published a triage extension for citrix-2025 focused on:

  • Portal persistence (themes, plugins, UI-layer injections)
  • JS-based exfil indicators (sendBeacon, fetch, etc.)
  • Tiny stealth webshells and timestamp anomalies

It’s structured to align with your existing YAML/Python architecture and is purely additive.

While I haven’t been able to run full tests on a live NetScaler instance, the logic follows the same patterns as your existing modules and aims to improve post-exploit detection in the portal surface.

Happy to adapt or collaborate further if useful.

Kind regards,

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions