Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Load newest
Hal Pomeranz retweeted
An0malous @An0maIous
10 Dec 2021
Helpful Links ! JDNI Injection: veracode.com/blog/research/e… Apache Update Link: github.com/apache/logging-lo… Github Advisory Link: github.com/advisories/GHSA-j… Apache Issue Thread: issues.apache.org/jira/brows…
7
14
Me: Hey our friend just had a baby! @JBeanDesign: What’s the baby’s name? Me: um…yeah…
1
1
2
Hal Pomeranz retweeted
Jake Williams @MalwareJake
10 Dec 2021
Well this is fun...
Filip Dragovic @filip_dragovic
9 Dec 2021
Here is small code to dump SAM/SYSTEM/SECURITY hives from remote host when you have SeBackup/SeRestore privileges (Backup Operators) : github.com/Wh04m1001/Random/… . Files will be saved on remote host but backup operators can access c$ and download it.
4
7
Hal Pomeranz retweeted
Joe Słowik 🌻 @jfslowik
10 Dec 2021
8
133
8
808
Instead of vilifying those who don’t vaccinate, we need to document them as human beings, interconnected with family and friends, who leave huge voids when they pass. If we create a library of these very human stories, maybe we can shift the conversation.
1
Hal Pomeranz retweeted
dzikoysk @dzikoysk
10 Dec 2021
Small update: If for some reason you can't update the dependency, you can also disable these lookups using -Dlog4j2.formatMsgNoLookups=true flag and it should protect you from this vulnerability. Source: github.com/apache/logging-lo… #java #JVM #kotlin
dzikoysk @dzikoysk
9 Dec 2021
(1/5) If you're using log4j library, you should bump it as soon as possible to 2.15+. Dangerous RCE has been spotted a few days ago and it can be used by literally ANY user just by logging an incoming data in some way. You should probably notify people you know about it #Java
6
2
13
not good... not good at all. log4j is everywhere and this looks awfully easy to exploit.
This tweet is unavailable
1
40
1
86
Big news! After a long wait, I'm excited to publicly release my doctoral dissertation, "The Analyst Mindset: A Cognitive Skills Assessment of Digital Forensic Analysts". You can download it here: chrissanders.org/2021/12/dis….
28
207
23
820
Hal Pomeranz retweeted
Kaivan Shroff @KaivanShroff
7 Dec 2021
Truly a must read. theatlantic.com/magazine/arc…
277
7,130
611
28,033
“Why else are we alive but to be known as the ultimate act of revolt against silence? Is that not freedom: to spit out our silences and in the doing to slay shame and fear? …No one is coming to save us: we are the ones we have been waiting for.” Fuck yes! ✊🏼 @monaeltahawy 🔥💕
Mona Eltahawy @monaeltahawy
8 Dec 2021
Replying to @monaeltahawy
Words are important--to fight silence, shame, fear and the violence that that trifecta exacts on us. Words are flags planted on the planets of our beings, they say this is mine, I have fought for it and despite your best attempts, I am still here. feministgiant.com/p/write-da…
1
10
29
Hal Pomeranz retweeted
Kaylin Trychon @KaylinTrychon
9 Dec 2021
This is a big step for memory safety in the Linux kernel. Proud of @Google's role in making this happen & look forward to seeing the project finish. memorysafety.org/blog/suppor…
Steven J. Vaughan-Nichols @sjvn
7 Dec 2021
Rust takes a major step forward as Linux's second official language zd.net/3pwRc6F via @ZDNet & @sjvn @rustlang moves closer to being #Linux's second official language. #opensource
12
1
34
Hal Pomeranz retweeted
Michael Fisher @InkedHellHound
8 Dec 2021
General reminder, it costs the United States more money to keep people homeless, than it would cost them to be housed.
2
61
3
204
Hal Pomeranz retweeted
Shanna Niggans 🦄
 @fancy_4n6
9 Dec 2021
We published our insights - paraflare.com/a-defenders-pe…. What became apparent was that there was exactly no evidence, or logging, that could be obtained that might assist in #detecting or #containing an #incident as it happened. So what can be done?

A defenders perspective of ssl vpn exploitation

ParaFlare’s Incident Response team has assisted with the response, containment and remediation of several large-scale ransomware cases...

paraflare.com
1
2
3
I mentioned to @JBeanDesign that I was feeling a bit punky after my booster. We’re both old enough that the obvious “Punky Booster” joke is hilarious to us.
1
8
I’m boosted, how about you? #VaccinesWork #NotALizardPerson
2
17
Hal Pomeranz retweeted
Jake Williams @MalwareJake
8 Dec 2021
Re-upping this fantastic work on #CobaltStrike.
Tom Bonner @thomas_bonner
22 Nov 2021
There appears to be a bug in #CobaltStrike that leaks the Team Server's time zone offset when specifying a compile_time for stagers. In this case the saefko.profile was used, yet the Beacon's compile time is off by 5 hours. More info in our book!.. blackberry.com/beacon
2
9
The person who wrote an article characterizing the excruciating decision 1 in 4 adult Americans make to have no contact with their parents as "a toxic social media self-help trend" can meet me behind the fucking waffle house. How dare you. How DARE you.
207
3,813
414
25,110
Hal Pomeranz retweeted
Katie Nickels @likethecoins
7 Dec 2021
I'm hiring for three positions!! Check out the job descriptions and apply if you're interested. US-based candidates only. 1. Intelligence Analyst: jobs.lever.co/redcanary/4f56… 2. Manager, Intelligence: jobs.lever.co/redcanary/a740… 3. Senior Intelligence Engineer: jobs.lever.co/redcanary/bf6b…
12
98
8
182
Hal Pomeranz retweeted
Joseph Marks @Joseph_Marks_
6 Dec 2021
Tight reporting timeframes may also produce difficulties. “Smaller organizations will struggle to comply within the timeframes...Larger organizations may struggle to comply based on complexity of the investigation," said @k8em0
1
5
5
Company where a friend works is looking for a Senior Security Engineer care.com/vis/careers/job/363…
3
1
Load more