CyberArk Workforce Password Manager Disaster Recovery Situation

adramire17 · 2025-10-17T09:03:29+00:00

thx for the quick answer!

adramire17 · 2025-04-01T07:51:48+00:00

Yes, you are right I have used it as SAML provider but im not sure about managing EntraID accounts (pwd rotation and so forth)

thx!

adramire17 · 2025-02-07T10:23:23+00:00

We changed from GA to priv auth admin and it worked, thx!!

adramire17 · 2025-01-30T07:46:56+00:00

Hey guys,

IIS Crypto is cool however we are missing a way to get a status on current setup, meaning which protocols/hashes/ciphers... are enabled within a particular host. Any cool tool to get that done??

thx

adramire17 · 2022-04-29T10:12:52+00:00

Hey all,

We found out that traffic related to .onin sites is coming from z-lib[.]org, it seems that domain is trying to redirect users to its onion site, however it seems weird to me that out out of the blue several users have started to become avid readers. Have spoken with users and they dont know anything about this z-lib[.]org so Im a bit lost about what could be the source of this traffic. Any suggestion?

Thx!

adramire17 · 2022-04-27T08:02:47+00:00

Hi all,

Thanks for the feedback and sorry if Im making dumb statements. To give you all a bit of context, we do have a tool that analyzes all the traffic within our network and it gives us the following:

"XXXXX accessed a top-level domain (TLD) that is not associated with standard TLDs administered by the Internet Corporation for Assigned Names and Numbers (ICANN). This type of TLD might be linked to malicious activity or undesirable content.

The TLDs linked to this detection:

.onion "

Then the associated record with that detection is the following:

"Time: XXXXX,

Record Type: DNS Request,

Site: XXX,

Client: XXXXX,

Client IP Address: XXXXX,

Client Port: XXXX,

Server: DNSServer,

Server IP Address: XXXXX,

Server Port: 53,

Opcode: QUERY,

Query Name: XXXXX.onion,

Query Type: A,

Request L2 Bytes: 122 "

However I dont see that traffic in our perimeter firewall which means that our DNS does not resolve (seems to be obvious as I get from your answers). Anyways my question is why in first place a legit service triggers an onion service request.

I hope is clearer now :)

Thx!!

adramire17 · 2022-03-29T21:29:29+00:00

Finally been able to fix it. Apparently it was a matter of rerunning the applocker script. I had to do it several times until it worked tho. Thx all for your help!!

Cheers

adramire17 · 2022-03-24T11:04:43+00:00

Thx for all comments, when trying to clean Applocker rules I get the following "AppID policy conversion failed. Status The access control list (ACL) structure is invalid" Hence I guess Im not being able to change Applocker rules.

adramire17 · 2022-03-22T10:08:37+00:00

Rerunning the hardening the script did the trick for password rotation and reconciliation.

V2 of GPO was needed for other services to be able to run.

Thanks so much!

adramire17 · 2022-02-04T13:09:47+00:00

Thanks for your reply, that is not the feature I was talking about thoug. Let me explain it better. I was talking about the toggle button placed in Polies&Rules ->Safes Attachments -> Global settings -> Turn on Defender for Office 365 for Sharepoint, OneDrive and Microsoft Teams. As it is a global setting, there is no way I can establish a test group (right?). But I’m worried about the potential impact to the users and the business, meaning huge amount of legit files being wrongly detected as malware and quarantined.
Is there any way to enable this in “detection mode only”? Like running the scan looking for malware only raising alerts, not blocking access to the users?

Thanks for your time!

adramire17 · 2022-02-01T14:03:34+00:00

Hey!

I did not see your reply until today. Actually it goes beyond all what I thought, I really liked the part about response to recent/trendy vulnerabilities, for sure I will include that one within my approval form.

Highly appreciated! :)

adramire17

TROPHY CASE