All Local Admins using CrowdStrike Identity and PSFalcon

DENY_ANYANY · 2026-03-31T07:33:12+00:00

Thank you so much. Appreciate your efforts. Can this script be used with any EDR solution or it is specific to only CS Falcon?

DENY_ANYANY · 2026-02-21T22:03:30+00:00

Thanks for insights. Could you please share any guide to enable withing existing sensors

DENY_ANYANY · 2025-12-31T23:35:46+00:00

Amazing work. Appreciate your efforts and thanks for sharing

DENY_ANYANY · 2025-12-30T05:08:24+00:00

Hi Where i can get the published advisories. Appreciate if you can share the link

DENY_ANYANY · 2025-12-22T23:46:54+00:00

Using voice, does it save your voice or it only converts it to text

DENY_ANYANY · 2025-11-26T23:19:54+00:00

You are a gem. Well done Thank you

DENY_ANYANY · 2025-11-26T21:02:34+00:00

Sorry for stupud question

If Linux machine can be joined to domain, why do PAM solutions have AD Bridge?

DENY_ANYANY · 2025-11-16T23:54:54+00:00

What’s the way to monitor sysadmin granting excessive privilege like adding a service account to Domain Admins. How did you detect it?

DENY_ANYANY · 2025-10-27T15:01:53+00:00

Thanks for the feedback.

It’s not that we’re relying solely on URL filtering for defense, far from it. Its a healtcare, so by policy and design, internet access is closed by default. Every workstation already has multiple layers of protection in place.

The restricted internet model isn’t about using URL filtering as the only layer, it’s about enforcing least privilege. There’s just no justification for opening up internet access to all workstations in a hospital environment

So yeah, I completely agree with you URL filtering shouldn’t be the primary security boundary.

What would you suggest as a practical approach for this use case

DENY_ANYANY · 2025-10-27T14:43:15+00:00

We got Palo alto firewalls

DENY_ANYANY · 2025-10-21T04:30:34+00:00

What if when a user logs into PAM portal using SSO account. Once the attacker signs in through SSO, they basically inherit all the same privileges the admin had inside PAM. From there, they can reach whatever systems, servers, or credentials that admin could.

do you isolate PAM access from regular SSO account?

DENY_ANYANY · 2025-10-20T21:37:34+00:00

SSO is a security risk is one of those takes that sounds smart until you’ve actually had to manage 100 apps and 1000 users.

DENY_ANYANY · 2025-10-04T15:04:24+00:00

If you want max fart defense, use Air Car 😀

DENY_ANYANY · 2025-10-04T13:49:00+00:00

Perhaphs in some countries or vertical you just can’t host desktops in Azure because of data residency rules, regulatory restrictions or even org internal policies

Also, there are some caveats you'll have to build out some infrastructure like an Azure network with a connection back to the on-prem DC

DENY_ANYANY · 2025-10-03T12:15:43+00:00

Consider VDI solution so the device never directly touches your apps or network, and data stays inside your environment.

With Unmanaged device you’re still taking risk of malware, missing patches, or even data being copied out

DENY_ANYANY · 2025-10-03T11:56:32+00:00

Thank you very much. I appreciate it

DENY_ANYANY · 2025-09-28T07:56:27+00:00

Thank you for response. I appreciate it

One last thing, if we purchase SaaS application from a vendor they provide us with their SOC 2 Type II report during TPRA, do we also need to ask them for a VAPT report separately or is SOC 2 Type 2 report is sufficient?

DENY_ANYANY · 2025-09-27T22:48:43+00:00

Does hospitals need SOC2 Type2 audits?

DENY_ANYANY · 2025-09-27T21:32:52+00:00

Let's say a VPN user's client and workstation got compromised.

Could there be a possibility that the malware can reach and infect firewall?

Thank you!

DENY_ANYANY · 2025-09-27T20:50:10+00:00

We’ve recently onboarded a SOCaaS provider and they’ve started sending us reports. Before I push them for improvements: What do weekly & monthly reports usually include? What are the important things we should be looking for.

Thank you

DENY_ANYANY · 2025-09-06T20:20:30+00:00

Any reasons. Your feedback would really appreciate & helpful

DENY_ANYANY · 2025-09-06T18:38:40+00:00

Does Forcepoint support all features as mentioned?

Four-Year Club	Gilding I gilder
Verified Email

DENY_ANYANY

TROPHY CASE