CVE-2019-19781 Attack Triage Script
The script can be run on your affected Citrix ADC devices to assist in determining if a compromise has occured. It will quicky capture any associated commands or files that were used as part of the attack (unless cleanup has occured):
$ ./CVE-2019-19781-Triage.sh
Disclaimer: Best efforts were made to test the script provided, however Redscan can not be held responsible for any impact caused to the appliance the script is ran on.
Parts of this script were put together using content from posts authored by:
@x1sec darkQuassar @mpgn_x64 @ItsReallyNick @msandbu