I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
Hal Pomeranz retweeted
The most important skill to ultimately learn in digital forensics is how to research new artifacts and perform necessary testing. The field moves too fast to expect everything to have already been accomplished for you.
Forensic pet peeve of the day. "Forensic guessing". If you don't know what an artifact means put in the work to figure it out! Ask colleagues, reach out on groups, test it yourself, but please please please stop guessing and presenting your guess as fact.
1
18
61
Hal Pomeranz retweeted
Linux forensics will always be my favorite thing, because inevitably I end up building a findings table named "angry admin or hacker?" which is just a series of cmds and args filled with profanity that could go either way.
15
30
2
353
Hal Pomeranz retweeted
We've got big news today!
We've hired our first full time COO and are expanding our mission.
Read all about it in this letter from @chrissanders88 here: ruraltechfund.org/2021/12/01….
4
16
3
30
Hal Pomeranz retweeted
By appending a VBScript to a DLL signed by Microsoft, you get an HTA (Html Application) polyglot that can bypass Applocker. This is still used in the wild.
This tweet is unavailable
74
2
230
Hal Pomeranz retweeted
Fun for targeting threat actors using Cobalt Strike servers with the leaked private keys. Also potentially fun for messing with the red team.
I made a small PoC. cs-mitm. py is a mitmproxy script that intercepts Cobalt Strike traffic, decrypts it and injects its own commands. In this video, a malicious beacon is terminated by sending it an exit command. The beacon uses one of the leaked private keys.
3
10
Hal Pomeranz retweeted
Exploitation gets cooler every year.
Linux kernel exploit technique idea: if you have an arbitrary kfree and need a leak - Use @vnik5287’s setxattr technique and block on the last byte of the copy. then, free the buffer and reallocate another object, unblock the copy and leak contents of the object using getxattr
1
1
Hal Pomeranz retweeted
Never be afraid to raise your voice for honesty and truth and compassion against injustice and lying and greed. If people all over the world...would do this, it would change the earth.
William Faulkner
6
211
5
540
Very kind words @bettersafetynet, thank you. I’d like to mention @strandjs — great practitioner, great human being, doing a lot of good in the community.
@hal_pomeranz is a stone cold killer on the keyboard, but is a legit boon to multiple fields of computing.
1
3
Hal Pomeranz retweeted
In an unexpected twist, I'm looking for a new role in #Intelligence/#OSINT, #Investigations, or #Cybersecurity/#Infosec & would appreciate any intros or leads.
Please RT for reach.
I'm open to Full-Time, Part-Time, Temp, or Contract. I prefer remote. I'm also open to travel.
17
135
5
142
Hal Pomeranz retweeted
There’s still plenty of time to spread the joy of giving this #GivingTuesday! The Mo and Cher Willems Foundation (@The_pigeon) is matching every dollar you give to our #GiveaMillion campaign today, up to $50,000.
Turn $1 into 2 books for kids in need ➡️ bit.ly/30TIerb
6
26
0
Hal Pomeranz retweeted
What APT activity on macOS can look like, explained by @jbradley89: themittenmac.com/what-does-a… (via @dantrauner)
12
42
Hal Pomeranz retweeted
Thrilled to be on the judging panel for this incident response competition 🤩 should be a great event.
"Judging Panel and Networking Event - #AWSN Security Incident Response Competition"
ADL folks, don't forget to RSVP for this event on Weds 15th Dec >> which will include talks from our esteemed judges and an announcement of the winners 👏
@A3Cyber @retrospectlabs
@stoneandchalk
4
1
17
Hal Pomeranz retweeted
AND ALL THIS IS CHEAPER THAN ACCEPTING HOMELESSNESS!”
Did you get that?
“In Finland, the # of homeless people has fallen sharply. Those affected receive a small apartment & counselling with no preconditions. 4 out of 5 people affected make their way back into a stable life. And all this is CHEAPER than accepting homelessness.” scoop.me/housing-first-finla…
2
38
1
110
Hal Pomeranz retweeted
We were brought in to investigate a new piece of Linux stealth malware running on a host. It deployed a rootkit that was able to hide from admins well enough to evade detection by a major EDR vendor. Here is Part 1 of what we found:
sandflysecurity.com/blog/lin…
2
130
2
344
Hal Pomeranz retweeted
A new Linux malware called #cronrat was found by @sansecio that hid payload data inside bogus crontab entries. In this post I go over how it works, how you can simulate it, and how to use Sandfly to immediately check your systems to see if it is present.
sandflysecurity.com/blog/det…
1
56
128
Hal Pomeranz retweeted
Read this thread.
Disguising easily disproven police propaganda as fact in your headlines isn't helping anyone.
THREAD: Yesterday, the New York Times published a headline it knew was false. The implications of this are dangerous for everyone who cares about an informed public. Here’s what happened:
1
9
1
39