I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

Orlando, FL
Joined November 2008
Hal Pomeranz retweeted
Don't fear failure. Fear being in the exact same place next year as you are today.
12
87
4
588
I’m in Florida, so I’m pretty much stuck in the top row…
This graphic from the @WSJ is incredibly helpful
1
1
4
STOP Collaborate and Listen! Pancakes CON is on a mission You gotta go, no exemption Now, grab a ticket, tightly View the presentations daily and nightly Will it ever stop? Yo, I don't know Turn off the lights, come learn and grow! @PancakesCon pancakescon.com/
2
5
20
Real world table-top exercises: Your founder/CEO has just bet the company on some third-party vaporware tech. How do you integrate this into your security plan while simultaneously dealing with your team heading for the exits?
8
5
1
27
Nothing is normal & no one is ok. You’re doing great 🌸
2
2,708
60
16,656
This should be my first in-person training in over two years. Love hanging out with you all on Zoom, but cannot wait to be in the same room with my students!
Up Next is @hal_pomeranz's Introduction to Linux Forensics. This two-day, hands-on course is a quick start into the world of Linux forensics. Learn memory forensics, critical artifact locations, and how to rapidly process Linux logs. 3/6
1
1
14
Hal Pomeranz retweeted
Bypass Defender AV static detection: If you name a malicious file DumpStack.log Defender doesn't scan it.
44
1,074
99
3,429
Hal Pomeranz retweeted
WHAT?! 😂 If you provide /FS:FILESYSTEM parameter to the format[.]com utility, the resulting process will try to load ("U"+FILESYSTEM).DLL using the default search path... The weirdest custom DLL launcher I have meet so far :D
23
521
22
1,547
The expertise of 'Elephant Beetle' appears to be in targeting legacy Java applications on Linux systems, which is typically their entry point to corporate networks. via @BleepinComputer bleepingcomputer.com/news/se…
3
3
Make it a New Year's resolution not to burn out your staff. I can provide surge staffing support when your teams are overloaded or just needing some time off. Let's talk about how I can help your org!
4
7
Hal Pomeranz retweeted
If you want to understand LAPD, I recommend this stunning report by local people affected by LAPD violence. It is one of the great contemporary community-based histories and analyses of police violence and who benefits from it. @stoplapdspying automatingbanishment.org/sec…
5
316
3
1,493
4688 may look normal exec but if you look for event details where TargetUserSid is S-1-0-0 (everyone) and TargetUserName not null then you can hunt for processes started via seclogon (i.e. runas.exe /user:user) no correlation or extra enrich needed gist.github.com/Samirbous/ec… (KQL)
7
62
2
212
Hal Pomeranz retweeted
If you're in a SOC and seeing Emotet, Qakbot or Dridex maldocs - take a look at recent #CyberChef recipes from @cluster25_io, @guelfoweb, and @Kostastsale. You'll be able to extract key IOCs to pivot and look for more badness in your network. Thanks to all who share their work!
2
59
213
Hal Pomeranz retweeted
Yes to all of this. Thanks for the RT @alexhutton !!
I managed multiple engineering teams before quitting big tech. Now that I quit, I can speak freely. Here are 12 things your manager may not be telling you, but I know for a fact will help you. 👇
1
1
5
You’re welcome! If anybody else has Linux images to share, I’m happy to do some more of these analysis blogs as time allows.
Hudak’s Honeypot (Part 1) – Righteous IT #linux #forensics #analysis Thanks to ⁦⁦⁦master ⁦@hal_pomeranz⁩ for the analysis and ⁦@SecShoggoth⁩ for the forensic images. Thanks for sharing righteousit.wordpress.com/20…
8
Hal Pomeranz retweeted
I will be teaching my digital forensics course, starting January 10th, 2022 to my college students. I will be posting the content for anyone else that is interested in following along :) Stay tuned for updates and access.
198
485
15
5,052
Hal Pomeranz retweeted
AccChecker is a pretty interesting #lolbin (+ AppLocker Bypass) from the Win SDK. Load a managed DLL with this cmd: AccCheckConsole.exe -window "Untitled - Notepad" C:\path\to\your\lolbas.dll More info in this gist: gist.github.com/bohops/24441…
3
81
1
176
A brief pause from your doomscrolling. Lucy joins the rest of our family in wishing you all the best in the new year.
2
31
And we are rolling on short notice, again! PancakesCon 3 will be Sunday, 1/16/2022, to keep you entertained despite con cancellations. More information can be found at pancakescon.com - please sign up for our Slack! CFP will be a very tight spin up this year, again.
6
141
35
246