Skip to content

Instantly share code, notes, and snippets.

🙊
I'm really good at keeping secrets.

Joe Garcia infamousjoeg

🙊
I'm really good at keeping secrets.
Block or report user

Report or block infamousjoeg

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@infamousjoeg
infamousjoeg / setgetsecret.sh
Created Apr 1, 2020
Script to Set/Get secret variables in CyberArk Conjur & DAP - By: @jodyhuntatx
View setgetsecret.sh
#!/bin/bash
# Authenticates as a user and gets or sets value of a specified variable.
# If you set the environment variables AUTHN_USERNAME and AUTHN_PASSWORD
# to appropriate values, you can avoid having to enter the admin username
# and password every time this script runs.
# Note that 'set' does not correctly handle values containing whitespace.
CONJUR_APPLIANCE_URL=""
CONJUR_ACCOUNT=""
@infamousjoeg
infamousjoeg / AAMCP-GetPassword.cs
Created Jan 17, 2020
CyberArk AAM Credential Provider - Using CLIPasswordSDK.exe in .NET Core
View AAMCP-GetPassword.cs
public class ValuesController : ControllerBase
{
public ActionResult<string> Get()
{
using (var process = new Process())
{
process.StartInfo.FileName = @"C:\Program Files (x86)\CyberArk\ApplicationPasswordSdk\CLIPasswordSDK.exe";
process.StartInfo.Arguments = @"GetPassword /p AppDescs.AppID=""AppId"" /p Query=""Safe=SafeName;Username=Username"" /p RequiredProps=* /o Address,Username";
process.StartInfo.CreateNoWindow = true;
process.StartInfo.UseShellExecute = false;
@infamousjoeg
infamousjoeg / protectCredential.ps1
Last active Feb 5, 2020
Protecting Credentials Retrieved using @cyberark AAM Credential Providers in PowerShell Scripts [Recommended Best Practice]
View protectCredential.ps1
# Import the modules to be used
Import-Module psPAS # https://github.com/pspete/psPAS
Import-Module CredentialRetriever # https://github.com/pspete/CredentialRetriever
# Before login, we'll request the credentials from AAM and immediately pass the PSCredential object for secure login
New-PASSession -BaseURI https://pvwa.joegarcia.dev -Credential $(Get-CCPCredential -URL https://pvwa.joegarcia.dev -AppID ApplicationID -Safe SafeName -UserName ServiceManagerUser).ToCredential() -type LDAP
# Do stuff here...
# Finally,
@infamousjoeg
infamousjoeg / prism-powershell-cyberark.js
Created Dec 28, 2019
Prismjs Component - PowerShell: CyberArk Edition (featuring psPAS functions)
View prism-powershell-cyberark.js
(function (Prism) {
var powershell = Prism.languages.powershell = {
'comment': [
{
pattern: /(^|[^`])<#[\s\S]*?#>/,
lookbehind: true
},
{
pattern: /(^|[^`])#.*/,
@infamousjoeg
infamousjoeg / psPAS-OneLiners.ps1
Last active Dec 3, 2019
Collection of helpful psPAS one-liners
View psPAS-OneLiners.ps1
# Before every one-liner before, remember to import the psPAS module and create a new PAS session (unless you're already logged in.) https://github.com/pspete/psPAS
Import-Module psPAS
# You no longer have to consume the session token for later use as of psPAS v3+
New-PASSession -BaseURI https://cyberark.joegarcia.dev -Type ldap -Credential $(Get-Credential)
###########################################
# List Safe Members by Specific Permission
@infamousjoeg
infamousjoeg / update-dap.pem
Created Oct 8, 2019
/etc/letsencrypt/renewal-hooks/deploy/update-dap.pem - LetsEncrypt Deployment Script for Renewed SSL Certificates
View update-dap.pem
#!/bin/bash
DOMAIN="dap.joegarcia.dev"
[[ $RENEWED_LINEAGE != "/etc/letsencrypt/live/$DOMAIN" ]] && exit 0
echo "Updating dap.joegarcia.dev SSL certificates"
sudo docker cp /etc/letsencrypt/live/$DOMAIN/privkey.pem dap:/root/privkey.pem
sudo docker cp /etc/letsencrypt/live/$DOMAIN/cert.pem dap:/root/cert.pem
docker exec dap evoke ca import --key /root/privkey.pem --set /root/cert.pem
@infamousjoeg
infamousjoeg / RobertSafeFactory.ps1
Last active Sep 6, 2019
CyberArk Safe Search & Permission Granting
View RobertSafeFactory.ps1
Import-Module psPAS
### VARIABLES
# Base URI to PVWA as validated on the certificate
$baseURI = "https://cyberark.joegarcia.dev"
# API Automation Username
$userName = "Svc_RESTAPI"
### LOGIN
@infamousjoeg
infamousjoeg / CreateSafeADGroups.ps1
Created Aug 16, 2019
Create Active Directory security groups for CyberArk; Create safe in CyberArk; Add groups as members
View CreateSafeADGroups.ps1
Import-Module ActiveDirectory
Import-Module psPAS
Import-Module CredentialRetriever
$domainName = "joegarcia.dev"
$baseURI = "https://cyberark.joegarcia.dev"
$apiUsername = "Svc_CybrAutomation"
$safeName = Read-Host "Enter the name of the safe in CyberArk PAS"
Write-Output "Creating security group ${safeName}_Admin"
@infamousjoeg
infamousjoeg / challenge-response.ps1
Last active Aug 29, 2019
How to MFA Challenge/Response via CyberArk REST API
View challenge-response.ps1
param
(
[Parameter(Mandatory=$true,HelpMessage="Enter the PVWA URL")]
[ValidateScript({Invoke-WebRequest -UseBasicParsing -DisableKeepAlive -Uri $_ -Method 'Head' -ErrorAction 'stop' -TimeoutSec 30})]
[Alias("url")]
[String]$PVWAURL,
[Parameter(Mandatory=$false,HelpMessage="Enter the Authentication type (Default:CyberArk)")]
[ValidateSet("cyberark","ldap","radius")]
[String]$AuthType="cyberark"
@infamousjoeg
infamousjoeg / CYBRAutomation.md
Last active Apr 1, 2020
CyberArk Automation - Greatest Hits!
View CYBRAutomation.md
You can’t perform that action at this time.