I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
I’ve said if before and I’ll say it again—listen to Mick. He gives good advice.
I've had 3 calls so far today (it's not even 10) about defending against Russian cyber ops
I'm tired of having the same call... so... here's what I've told everyone. This is the playbook you need... but it's not going to be what you think it will be.
Ready? Lets go!
1
8
Hal Pomeranz retweeted
Meet Ollie. He's in the middle of something very important. He'll be with you in a second. (video courtesy of @OllieLeeTheCorgi on IG)
144
2,332
252
19,957
0
If you're not going to Kernelcon you are missing out-- on these sweet electronics and my Linux Forensics class kernelcon.org/training#linux…
7
9
Hal Pomeranz retweeted
After I have realized Live Kernel Dump is basically a result of one NtSystemDebugControl() call, my next thought was "And what if I wrap it into PowerShell?"
1. CreateFile(),
2. NtSystemDebugControl(),
3. Enjoy/Profit! 😎
github.com/gtworek/PSBits/bl…
3
73
2
199
Hal Pomeranz retweeted
This appears to be a widespread #TR #Qakbot #Qbot campaign today that could lead to Cobalt Strike, Bloodhound, and things that look very "pre-ransomware-y." The domains/hashes change, but the detection opps mentioned here are more durable. I highly recommend looking for this NOW.
Over the past few hours, we’ve observed malicious phishing emails associated with the delivery affiliate TR in multiple customer environments. The infection scheme was consistent, executing in the following pattern: OneDrive phishing page -> ZIP download -> malicious XLSB -> Qbot
5
58
3
135
Hal Pomeranz retweeted
NEW: Walgreens made donations to 11 members of the Sedition Caucus in November 2021, totaling $25.5k, breaking the pledge they made after Jan 6th to indefinitely suspend contributions to members of Congress who objected to the election certification. Shame on them.
730
6,808
1,134
11,878
Steven Bradbury— one of my favorite Olympic stories
20-year anniversary of the craziest gold medal you will ever see.
Aussie skater was outclassed by the quarterfinals but advanced when one of the top 2 was penalized. In the semis, everyone but him and one other crashed and he found himself in the finals. And then this happened:
6
I am in your Omahas, eating your steaks...
TRAINING: Today's feature is Introduction to Linux Forensics with the always awesome @hal_pomeranz!
Hal will provide the background and information to teach you to properly conduct Linux forensic examinations in this two-day hands-on course.
Register ➡️ kernelcon.org/training#linux…
1
1
24
Just had a "Wait! You do that?" moment with a friend. Yes, I am available as "surge staff" for your professional services team--forensics, IR, etc. Just in case you didn't know.
2
11
Take a moment to reach out to folks you haven't talked to in a while. They'll thank you for making the first move. Put all this technology to good use!
3
10
Hal Pomeranz retweeted
Read these articles from @GeeksCyber to see precisely what analyzing malware looks like. Both posts take you step-by-step with screenshots through reversing & documenting findings. Highly recommended reading!
- cybergeeks.tech/a-step-by-st…
- cybergeeks.tech/dissecting-t…
#DFIR #infosec
42
61
Hal Pomeranz retweeted
This should be fun.
I'll probably be the one throwing in pub-level trivia about the film...
Join @ColumbiaDEFRAG to explore the cultural and political impact of WarGames (1983). An interactive experience featuring a panel of cyber professionals, filmmakers and storytellers, guides the audience into cybersecurity and its relationship to Hollywood.
eventbrite.com/e/defrag-pres…
1
1
Hal Pomeranz retweeted
The "Backup Operators" group in your Active Directory can remote in to your Domain Controllers, and extract the ntds.dit file holding your entire AD along with hashes of all accounts.
Here's the rundown on how you exploit this ...
hackingarticles.in/windows-p…
6
164
3
526
My first in-person training dates in over two years, and in one of my favorite underrated cities. Hope to see you at Kernelcon 2022 for Linux Forensics - kernelcon.org/training#linux…
5
13
This is an extremely fierce takedown of Uber and Lyft pluralistic.net/2022/02/11/b… (via @k8em0)
3
6
Hal Pomeranz retweeted
And another Amcache limitation is documented now: old.reddit.com/r/computerforensi… #DFIR
2
23
1
43
This week has seen me having multiple conversations about workplace cultures where people feel safe to admit mistakes. This is so important for the health of your people and your business.
2
9
