Complete guide to Perform External Penetration Testing Step by Step methods.

Harvesting email addresses
Password spray attack against Citrix login portal
This time, one of the users had an internal SAP application in their Citrix application catalog and this SAP application opens with Internet Explorer.
Viewing Citrix application’s webpage source
Broken out of Citrix
Running Empire PowerShell launcher on Citrix server


‘Kerberoasting has been well discussed, so I will skip over that and move on to what happened next. Because Citrix servers are high-value systems, only a few users have administrative privileges on them.

Credential Abuse/Re-use

I had gathered vital information about the internal network from this External Penetration Testing, such as the list of Domain Admins, Enterprise Admins, Domain Controllers, etc.

Credential abuse with CrackMapExec

Data Hunting and Exfiltration

An adversary’s primary purpose is to access and/or retrieve sensitive/critical data, which we term the target’s “crown jewels.” This may be:

Research On the Web

Recommended to Read

Penetration Testing Tools

Most Important Web Application Penetration Testing Tools & Resources for Hackers and Security Professionals.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Private investigation, Cybersecurity and Tech We’ve perfected reaching challenging targets for 10 years. Nous avons l’expertise et la technologie pour.