Wilco van Bragt - LinkeIn Wilco van Bragt - Twitter rssa 

E2EVC 2015 Berlin Day 3

E2EVC Berlin 2015 is taken place from 12 to 14 June. After a nice citytour and an excellent diner arranged by Geert, it is already the last day of the event. My day 3 experiences are in this blog article.

The first session of the Sunday morning was Deploy Citrix XenApp within 15 minutes with Chocolatey and Boxstarter by Romain Gros. Romain explainsed his set-up with charasteristics like business ready private repository, portable packages, on prem storage for binaries. He followed showing some scripts both of Chocolatey and Boxstarter. Next he showed Chocolatey in a video, unfortunate the PowerShell window was not full screen, so it was not good to see what was actually happening. Next the show some details of the script. He also demoed Boxstarter, but again I could not see the details. You still need to use something for installing the vanilla OS, boxstarter and chocolatey scripts and a myget repository.

Second session was by Andrew Morgan and Remko Weijnen with the title the art of finding what is not documented. Andrew started with the anatomy of a Windows applications: registry, config files, command line, libraries, log files, API, communication medium and source code. Andrew also mentioned the types of applications: managed (virtual basic.net, C#) and unmanaged (C, C++, Delphi). Andrew continued with how to discover registry items via process monitor (filter by executables, filter by know registry paths, look for not found). Next Andrew shows discovery command line swithes steps (?/help, task manager command line, native tools). He demoed it with strings.exe from SysInternals. Andrew continued with discorvery config settings where many applications store application settings in files. (.exe.config / ini files), followed by a demo of this topic based on sharefile to check if it’s connected to the Internet. Start your search at <applicationsettings> in exe.config files. Next topic was discovering library methtods (many applications store shared code in librabries, using depends.exe, use rundll32 for success. Andrew continued with monitoring communication mediums (IP, PIPE, Command Line/Mutex, HTTP/HTTPS, XML), shown in a demo based on the VMware Horizon Client communication using fiddler. Last topic that Andrew touched was Reverse engineering .net Applications, showed with a demo reverse engineering the Citrix SelfService.exe using JetBrains dotPeek. Remko continued with the more advanced stuff, if the tools Andrew discussed does not help. He demoed how to use API monitor. The last topic of the presentation Remko showed how bypass policies for cmd and regedit via IDA Pro.

The last session I attended before it was time for me to get to the airport was by Remko Weijnen and Jim Moyle about Atlantis USX the lazy way. They started explaining the products of Atlantis (USX, HyperScale). They showed the normal installation of USX, to see the differences between the default way and the automated way they made. Jim continued describing Life Cycle Management within the Workspace Cloud. Jim described that the option is really useful and pretty easy. Jim continued with the requirements both for external services as internal services (lcm gateway), followed by the initial access within Workspace Cloud / Lifecycle Management. Via a video demoed based on templates created by the suppliers to deploy products via Citrix Lifecycle Management. Cool thing is that the templates can be shared and re-used by others. After Jim showed Lifecyle Management Remko continued with the PowerShell modules he created which use the Atlantis REST API to configure the Atlantis USX, followed by a video shown the scripts in action.

It was a great event again in a wonderful city. Already looking forward to join again at Lisbon.