I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
Don’t forget useful interfaces under /proc/<pid> like “fd”, “maps”, “stack”, and “status”. Also don’t forget you can renice a process if it’s running away with the CPU.
Popular interview question: how to diagnose a mysterious process that’s taking too much CPU, memory, IO, etc?
The diagram below illustrates helpful tools in a Linux system.
🔹‘vmstat’ - reports information about processes, memory, paging, block IO, traps, and CPU activity.
2
16
55
Hal Pomeranz retweeted
New Linux bug gives root on all major distros, exploit released - @LawrenceAbrams
bleepingcomputer.com/news/se…
25
495
55
928
Hal Pomeranz retweeted
Recent #Emotet downloaders use:
XLSX ➡ VBA ➡ batch ➡ PowerShell
Based on some great work by @DissectMalware, binary refinery now has a batch deobfuscator. Ripping out those C2s is easier than ever!
🏭 xlxtr | bat | carve -sd b64 | xtp url
🌐 github.com/binref/refinery
1
90
192
Hal Pomeranz retweeted
Ever wanted to learn the Cherokee language? We have the perfect opportunity! 🙌
Registration is now open for our free online Cherokee #language classes! Classes begin March 20.
🔗 For more information or to register, visit loom.ly/lYqkdIM.
2
26
1
56
Hal Pomeranz retweeted
Casually compromising API keys from Azure customers:
- Step 1: Create an Azure automation account
- Step 2: curl localhost on ports 40000+
You now have an API token in the Azure tenant of another customer, with the same permissions as the automation🙈
orca.security/resources/blog…
6
94
13
248
And steak. So much steak. nom nom nom
Training registration is still open!
Don't miss amazing courses like Linux Forensics with @hal_pomeranz! Instead of virtual classes filled with distractions put your training budget toward an intimate in-person experience with an expert instructor‼️
kernelcon.org/training#linux… 🐧
2
Thanks @TireKingdom for saving our weekend with a quick patch on the family minivan tire that had taken a nail. Been a customer for years, recommend them highly!
1
Hal Pomeranz retweeted
NtdllPipe - Using cmd.exe to retrieve a clean version of ntdll.dll
A simple method to bypass ntdll.dll user-mode hooks!
x86matthew.com/view_post?id=…
5
238
2
703
GIF
Hal Pomeranz retweeted
if i may propose an ascending scale…
1. outage
2. anomaly
3. incident
4. compromise
5. breach
6. owned
7. pwnd
8. lolpwnd
9. pWnZ0r3D
10. congressional hearing
3
25
5
92
Hal Pomeranz retweeted
#Malware analysis tip of the week:
Malware can hide from a debugger by calling NtSetInformationThread and setting the ThreadHideFromDebugger flag. If this flag is set, the running code thread will no longer send debug events to the debugger, essentially hiding code execution. 🧐
3
74
3
232
Hal Pomeranz retweeted
This isn't easy news to share, but my family could use your thoughts and prayers if you have them to spare.
314
47
5
1,422
Hal Pomeranz retweeted
Think about this for a minute, how bad did we have to be in Infosec that we got labeled as the "Department of No" over the legal team??
120
50
20
819
Why do you love #DFIR? For me it's:
1) Love problem solving-- DFIR is a constant stream of puzzles (technical and non-technical)
2) Researching how things work-- DFIR is an open field (so much we don't know)
3) Helping others and fighting the good fight
5
8
4
42
Not only exhausting and stressful, but also requires a substantial body of knowledge, acquired through both training and experience, in order to be successful. There are few of us because the barriers to entry are high.
senior incident leaders are rare, you can look on Twitter or LinkedIn and find a handful of us.
partly bc the work is exhausting and stressful.
but it Hella pays the bills.
3
3
5
Somebody just offered me a gig doing DFIR with malware analysis for $75-85/hr. That’s not even close to market rates. What the heck is going on these days?
20
6
4
58
Hal Pomeranz retweeted
The Fall 2022 Scholarship for Service application window is now open at @LSU @LSUCCT. These scholarships provide a living wage, tuition, training funds & guaranteed jobs. @nolaforensix is the main professor and memory forensics R&D is the focus:
lsu.edu/cybersecurity/schola…
#DFIR
21
5
16