I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
Hal Pomeranz retweeted
This is a great write-up about LockBit 2.0 Ransomware!
Very interesting they are using NtQueryInformationFile() with "FileProcessIdsUsingFileInformation" with the goal of killing file lock holders
This is a more low level and evasive approach than using the Restart Manager API
Check out my analysis of #LockBit #ransomware v2.0 where I analyze all of its functionalities in IDA!
chuongdong.com/reverse%20eng…
h/t to @BushidoToken for the CTI and @demonslay335 for helping with the crypto!
1
16
67
Hal Pomeranz retweeted
We can house all refugees, not just the white ones.
We can lift all out of poverty, especially children.
We can work with dignity with flexibility & no commute.
What else have we seen proof of in the last couple of years of the lies of the white supremacist classist patriarchy?
4
10
74
Hal Pomeranz retweeted
Being poor is not something to be ashamed of, and does not devalue you as a human, and as a human you should always have what you need to be well.
3
29
2
389
Hal Pomeranz retweeted
This is a good one & I believe it.
"If you have knowledge, let others light their candles by it."
5
12
Hal Pomeranz retweeted
Hey everyone. @Antisy_Training now has On-Demand training for many of our classes (and more to come!) On-Demand gets you lifetime access to all class updates.
We have an amazing start with some amazing instructors.
Check it out.
antisyphontraining.com/on-de…
6
35
7
83
Hal Pomeranz retweeted
This is the best synopsis of what happened, why I sued Microsoft seeking class action, why I dropped my individual lawsuit, & the white-hot generational fire that forged what I did next & will continue to do until I’m gone or until we have #payequity
theverge.com/22331972/pay-eq…
4
2
15
Hal Pomeranz retweeted
I wish I could like this more than once.
I had a mask on & walked into a jammed post office. A guy was leaving, approaching the doors as I entered. He looked at me & muttered loudly “Fucking sheep,” & I hollered back “Nobody wants to hear about your hobbies.” The entire PO exploded in laughter. A few folks clapped.
1
13
50
Hal Pomeranz retweeted
Anyone know of any entry level cybersecurity analyst jobs open? Cybersecurity community college grad (hell yeah!) looking to get their foot in the door somewhere!
58
116
1
447
Hal Pomeranz retweeted
Have you always wanted to give open source investigation a go, but don't know where to start? We've produced this easy to follow guide for beginners to help get you started: bellingcat.com/resources/202…
9
269
18
747
Hal Pomeranz retweeted
#DFIR Tip: Don't forget to check out the files sitting in `ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\*`. These XML files are snapshotted daily and denote processes using high CPU cycles. See screenshot for a command to review process names/files.
5
121
2
349
Last chance to register for the first in-person run of my Linux Forensics training! If you're looking for a small class setting, this is going to be your best bet! kernelcon.org/training#linux…
7
1
15
Hal Pomeranz retweeted
1\ How to detect what command line spawned a process with no EDR/AV? 👀 #DFIR
If you have a memory sample, this is how you can figure out what cmd spawned the processes by using volshell and memory forensics.
STEP BY STEP GUIDE BELOW
👇 👇 👇 👇
#MemoryForensics
22
353
4
1,183
Hal Pomeranz retweeted
Thrilled to share my new blog post: Put an io_uring on it: Exploiting the Linux kernel. Follow me while I learn a new kernel subsystem + its attack surface, find an 0day, build an exploit, + come up with some new tricks. I go deep and demystify the process
graplsecurity.com/post/iou-r…
48
648
41
2,419
