Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Load newest
Hal Pomeranz retweeted
4n6lady
 @4n6lady
11 Jan 2022
Don't fear failure. Fear being in the exact same place next year as you are today.
12
87
4
588
I’m in Florida, so I’m pretty much stuck in the top row…
Seung Min Kim @seungminkim
5 Jan 2022
This graphic from the @WSJ is incredibly helpful
1
1
4
STOP Collaborate and Listen! Pancakes CON is on a mission You gotta go, no exemption Now, grab a ticket, tightly View the presentations daily and nightly Will it ever stop? Yo, I don't know Turn off the lights, come learn and grow! @PancakesCon pancakescon.com/
2
5
20
Real world table-top exercises: Your founder/CEO has just bet the company on some third-party vaporware tech. How do you integrate this into your security plan while simultaneously dealing with your team heading for the exits?
8
5
1
27
Nothing is normal & no one is ok. You’re doing great 🌸
2
2,708
60
16,656
This should be my first in-person training in over two years. Love hanging out with you all on Zoom, but cannot wait to be in the same room with my students!
kernelcon @_kernelcon_
7 Jan 2022
Replying to @_kernelcon_ @C_3PJoe @sk3wl
Up Next is @hal_pomeranz's Introduction to Linux Forensics. This two-day, hands-on course is a quick start into the world of Linux forensics. Learn memory forensics, critical artifact locations, and how to rapidly process Linux logs. 3/6
1
1
14
Hal Pomeranz retweeted
mr.d0x @mrd0x
6 Jan 2022
Bypass Defender AV static detection: If you name a malicious file DumpStack.log Defender doesn't scan it.
44
1,074
99
3,429
Hal Pomeranz retweeted
Grzegorz Tworek
 @0gtweet
3 Jan 2022
WHAT?! 😂 If you provide /FS:FILESYSTEM parameter to the format[.]com utility, the resulting process will try to load ("U"+FILESYSTEM).DLL using the default search path... The weirdest custom DLL launcher I have meet so far :D
23
521
22
1,547
The expertise of 'Elephant Beetle' appears to be in targeting legacy Java applications on Linux systems, which is typically their entry point to corporate networks. via @BleepinComputer bleepingcomputer.com/news/se…
3
3
Make it a New Year's resolution not to burn out your staff. I can provide surge staffing support when your teams are overloaded or just needing some time off. Let's talk about how I can help your org!
4
7
Hal Pomeranz retweeted
Alec Karakatsanis @equalityAlec
4 Jan 2022
If you want to understand LAPD, I recommend this stunning report by local people affected by LAPD violence. It is one of the great contemporary community-based histories and analyses of police violence and who benefits from it. @stoplapdspying automatingbanishment.org/sec…

Automating Banishment

Containment, Development, and the Fight for Freedom in Skid Row

automatingbanishment.org
5
316
3
1,493
4688 may look normal exec but if you look for event details where TargetUserSid is S-1-0-0 (everyone) and TargetUserName not null then you can hunt for processes started via seclogon (i.e. runas.exe /user:user) no correlation or extra enrich needed gist.github.com/Samirbous/ec… (KQL)
7
62
2
212
Hal Pomeranz retweeted
Matt @mattnotmax
4 Jan 2022
If you're in a SOC and seeing Emotet, Qakbot or Dridex maldocs - take a look at recent #CyberChef recipes from @cluster25_io, @guelfoweb, and @Kostastsale. You'll be able to extract key IOCs to pivot and look for more badness in your network. Thanks to all who share their work!
2
59
213
Hal Pomeranz retweeted
Wim Remes TR @wimremes
4 Jan 2022
Yes to all of this. Thanks for the RT @alexhutton !!
Louie Bacaj
 @LBacaj
4 Jan 2022
I managed multiple engineering teams before quitting big tech. Now that I quit, I can speak freely. Here are 12 things your manager may not be telling you, but I know for a fact will help you. 👇
1
1
5
You’re welcome! If anybody else has Linux images to share, I’m happy to do some more of these analysis blogs as time allows.
Roberto Correa ⚡️ @robertux_sec
3 Jan 2022
Hudak’s Honeypot (Part 1) – Righteous IT #linux #forensics #analysis Thanks to ⁦⁦⁦master ⁦@hal_pomeranz⁩ for the analysis and ⁦@SecShoggoth⁩ for the forensic images. Thanks for sharing righteousit.wordpress.com/20…
8
Hal Pomeranz retweeted
4n6lady
 @4n6lady
3 Jan 2022
I will be teaching my digital forensics course, starting January 10th, 2022 to my college students. I will be posting the content for anyone else that is interested in following along :) Stay tuned for updates and access.
198
485
15
5,052
Hal Pomeranz retweeted
bohops
 @bohops
2 Jan 2022
AccChecker is a pretty interesting #lolbin (+ AppLocker Bypass) from the Win SDK. Load a managed DLL with this cmd: AccCheckConsole.exe -window "Untitled - Notepad" C:\path\to\your\lolbas.dll More info in this gist: gist.github.com/bohops/24441…

AccChecker LOLBIN [AccCheckConsole.exe]

AccChecker LOLBIN [AccCheckConsole.exe]. GitHub Gist: instantly share code, notes, and snippets.

gist.github.com
3
81
1
176
A brief pause from your doomscrolling. Lucy joins the rest of our family in wishing you all the best in the new year.
2
31
And we are rolling on short notice, again! PancakesCon 3 will be Sunday, 1/16/2022, to keep you entertained despite con cancellations. More information can be found at pancakescon.com - please sign up for our Slack! CFP will be a very tight spin up this year, again.

PancakesCon 4

Stack Overflow - 3/19/2023

pancakescon.com
6
141
35
246
The fourth (and for now final) installment of my Linux honeypot analysis. Again thanks for a fun image @SecShoggoth! righteousit.wordpress.com/20…

Hudak’s Honeypot (Part 4)

This is part four in a series. Check out part one, part two, and part three if you missed them. Reviewing the UAC data during the triage phase of our investigation, we noted two similar process hie…

righteousit.wordpress.com
2
6
4
Load more