Default VDI Related Passwords

Below is a collection of passwords from over the years that be very helpful when attacking and or administering a VDI deployment.

Citrix

NetScaler

UN.   nsroot

PW.  nsroot

VMware

 

Dell Thin Clients

ThinOS

Default BIOS Password “Fireport” (Hold Delete during Power On to get to the BIOS)

Citrix XenDesktop, XenApp And VMware Horizon Security Blog

Disclaimer, I’m not a fancy writer with great English writing skills, I just figure it out and type stuff and try to tell it in a way that I hope people learn and little something laugh a bit (because it isn’t that serious).  I make up words and type with a southern drawl and I also have lots of Patrick’isms that I have used over the years speaking with thousands of people that have stuck (might have to make a short page on some of them to keep them organized).

I have had a great and blessed IT career over the past 18 years and I have worked my way up at so many levels that I know this is my time to give back what little I can.  I’m not an expert in really anything other than eating and a being a movie and music fan.  I have been Noob’ed and RTFM’ed with the best of them and I have learned a lot over the years.  I have also had great mentors at every IT job I had  I have worked at in a couple different roles listed below

  1. Customer Support Rep (People called me)
  2. Y2K Floppy Flinger (NT4, Novell, Exchange, Metaframe)
  3. Marine Corps Random awesomeness (Unix, Presentation Server, Exchange, Banyan Vines, 2000, 2003, Other Computer Nerdy Thingys)
  4. CHD Meridian (Security Nerd Turned Citrix Nerd (Because the Print Spoolers and the eBay servers were killing things and they needed help)
  5. LPS Integration (EUC Nerd to Architect to Director (Nerd and Deal Wrangler))
    1. Working at a Partner gave me a different perspective and also gave me the ability to work with over 500 clients in that 8+ years and see how other nerds did things. I got to directly work with people at LPS and at other clients that were smarter than me which pushed me to be “more better”.
    2. I got to participate in PTAB and PTEC and run around with some of the smartest Citrix and VMware nerds there are in the world, I got to meet lots of great speakers and build some great friendships.
  6. Patrick Coble Consulting (aka Contractor Scum hunting for work)
    1. I wanted to get back to my roots a bit and see if I could do something on my own at my own speed to try and to be a better dad and have a tempo I could control or at least try to.
  7. VDISecurity.org Creation (Changing gears for sure)
    1. Now that I’m out doing my own thing I have time to do some things. (or least I think I do) I have always wanted to do get back to my security roots but I never had the time before at LPS. I have seen the fundamental insecurity of VDI deployments for over 8 years (Not counting old school Ctirix and RDS deployments before then).  The problem is VDI security from all three major vendors Citrix, Microsoft and VMware (Workspot, I still love that Demo Coat Brad Peterson) is kinda ok, but the problem in almost all cases the VDI admin has a much different goal for survival in the IT Thunder Dome and Security isn’t on the side of the cage as normal battle weapon (I hope to be the guy throwing it in the cage).  The VDI admins survival depends on the system being up and not really secure beyond just saying “I have a lock sign in the URL bar so this thing is legit yo”.  I hope to write some blogs and maybe an Amazon Jiblet or two on things and trends I have seen and how to fix them.
    2. I have had a lot of great mentors over the years and I hope I’m trying to do this thing right, because I’m not expert but I changed my VDINinja handle to VDIHacker because that is my focus now. I hope to show the vulnerabilities and how to fix them, because I was way too fat and slow to be a Real Ninja.

I hope those couple items give you an idea of where I’m from and where I’m going (cotton eyed joe) to get a sense of things to come.  I hope I can pay homage to many of the greats in our IT world that are way more smarter than me and hopefully shine a light on the dark side of VDI to hopefully help some people along the way.

I hope I can get enough nerd cred and chances to present and give this new thing a shot.

Some of the topics I’m hoping to nerd out on in no particular order.

 

  1. VDI Security Mission
  2. Citrix Security Overview
  3. RDS Security Overview
  4. Horizon Security Overview
  5. SSL Everything.