Unable to set DefaultReuseMachinesWithoutShutdownInOutage using PowerShell command

While runing the PowerShell command "Set-BrokerSite -DefaultReuseMachinesWithoutShutdownInOutage $true" in Citrix Virtual Apps and Desktops CVAD 2203 LTSR environment, the following error "A required feature is disabled by the system configuration" was shown...

How to get delivery group published name/assigned users detail information via Powershell command

Get delivery group published name/assigned users/Desktopsdetail information via Powershell command...

New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists

A new phishing attack likely targeting civil society groups in South Korea has led to the discovery of a novel remote access trojan called SuperBear. The intrusion singled out an unnamed activist, who was contacted in late August 2023 and received a malicious LNK file from an address impersonatin...

How to Delete Many VDI and Their Accounts by Using PowerShell Command

This article is designed to describe how to remove a machine from machine catalog as well as hypervisor through PowerShell command...

Can't Logoff Ghost Sessions “-” from Citrix Studio

Can't logoff the session in Studio, which is not even shown in VDAtask manager. Customer tried to hide the session with the below Powershell command, but this ghost session record still exists on Studio. "Get-BrokerSession -username Domain\username | Set-BrokerSession -hidden $true" Need to figur...

Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware

Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center ASEC, in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on...

How to Query License Usage Through PowerShell command in DDC​

Admin needs to leverage PowerShell to get the usage of Citrix license in DDC...

Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data

A new backdoor associated with a malware downloader named Wslink has been discovered, with the tool likely used by the notorious North Korea-aligned Lazarus Group, new findings reveal. The payload, dubbed WinorDLL64 by ESET, is a fully-featured implant that can exfiltrate, overwrite, and delete...

Cannot join Server Group - Error occurred running the command: Start-DSClusterJoinService

When trying to add Storefront server to existing group, getting error: When checking event viewer logs on Storefront server, we see: An error occurred running the command: 'Start-DSClusterJoinService' Exception of type...

Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines

The Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. "Amadey bot, the malware that is used to install LockBit, is being distributed through two methods: one using a malicious Word document file, and the other using an executable that...

July 12, 2022—KB5015811 (OS Build 17763.3165)

July 12, 2022—KB5015811 OS Build 17763.3165 NEW 7/12/22 After September 20, 2022, there will no longer be optional, non-security releases known as "C" or preview releases for the 2019 LTSC editions and Windows Server 2019. Only cumulative monthly security updates known as the "B" or Update Tuesda...

Powershell Exec, Bind TCP Stager with UUID Support (Windows x64)

Execute an x64 payload from a command via PowerShell. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/vncinject/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid sh...

Powershell Exec, Windows x64 Bind Named Pipe Stager

Execute an x64 payload from a command via PowerShell. Listen for a pipe connection Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/vncinject/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show...

Powershell Exec, Bind TCP Stager (No NX or Win7)

Execute an x86 payload from a command via PowerShell. Listen for a connection No NX Module Options msf use payload/cmd/windows/powershell/vncinject/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show and set...

Powershell Exec, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Execute an x86 payload from a command via PowerShell. Connect back to the attacker Module Options msf use payload/cmd/windows/powershell/patchupdllinject/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options...

Powershell Exec, Bind TCP Stager (No NX or Win7)

Execute an x86 payload from a command via PowerShell. Listen for a connection No NX Module Options msf use payload/cmd/windows/powershell/patchupdllinject/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show an...

Powershell Exec, Reverse TCP Stager with UUID Support

Execute an x86 payload from a command via PowerShell. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/powershell/patchupmeterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...

Unable to open the StoreFront console, error “MMC has detected an error in a snap-in and will unload it”

• The customer is unable to open the StoreFront Store console in one StoreFront SF server • When opening the console, he gets the option to view stores or create new stores • If clicking on Server group on the left menu, he can see the member servers with no problems • When clicking ‘View Stores’...

Attackers Target ProxyLogon Exploit to Install Cryptojacker

Cryptojacking can be added to the list of threats that face any unpatched Exchange servers that remain vulnerable to the now-infamous ProxyLogon exploit, new research has found. Researchers discovered the threat actors using Exchange servers compromised using the highly publicized exploit...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

SignHere Introduction CVE-2017-11882 - The unique vulnerab...