Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Filter
Exclude
Time range
-
Near
Load newest
They found their niche but it’s all they have in their lives that makes them feel special. So they defend it ruthlessly.
10
Replying to @yerdonna8 @justdo_com
Direct exploits are easier/more predictable for the attacker. They are often stealthier. And yes, user awareness and training does have something to do with all of this.
1
Replying to @yerdonna8
It’s just a general rule of thumb based on my experience buying IT solutions. Budget 20% of the original purchase on an annual basis for license renewal/upgrades.
1
Replying to @jaybeale
How wide is your editor window? :-)
1
Agree on #1, not necessarily on #2
Jay Beale @jaybeale
20 Jul 2021
Reminding a group of us about Linux/UNIX culture/best practice: “Anything you do more than once, you script. Anything that takes more than one line, you don’t use bash for.” - @Mike_Poor
2
2
7
Replying to @hacks4pancakes
If he hadn’t beaten me to the joke, I definitely would have gone there
Replying to @justdo_com
Honestly not much lately. Attackers are preferring to use direct exploits rather than social engineering.
1
2
Replying to @justdo_com
Lately it’s been vulnerabilities in edge devices like VPN concentrators and firewalls. Also on-prem Exchange servers.
1
1
Replying to @fancy_4n6 @ParaFlare_Cyber @4n6Bexaminer
Congratulations to all of you! Long may you reign!
2
Replying to @yerdonna8
Can't really go by client base, it's more of a function of nodes to be protected and volumes of data to be ingested. For a reasonable size enterprise you're looking at maybe US$1-2mil plus recurring licensing costs at 20%/yr, and you have to staff it or hire an MSP to run it.
2
Replying to @x71n3
Yes. @RealGeneKim is a friend. Great book.
Replying to @yerdonna8
Depends on the environment we find, but it's often a significant buy. 2FA, Log collection/analysis, EDR, plus upgrade costs and professional services. Note that we generally do not directly profit here, we just recommend.
1
Replying to @windsheep_
I am glad to hear this.
I get it. And a lot of IT organizations are toxic in this way and nothing I say at the outset is going to help. If this is you, I've been there too and I'm sorry you find yourself in this position.
This tweet is unavailable
2
2
Replying to @windsheep_
Yes, definitely my clients are largely based in the USA. How do things work where you are?
1
Replying to @AndrewCStuart
I'm sorry it happened to you. Ultimately all you can do is chalk it up to a learning experience and try to be better.
1
Backups will definitely aid in recovery. They won't stop the ransomware from being implanted. And they won't stop the org from paying the ransom in order to avoid sensitive data being leaked.
1
Replying to @dnlongen
Welcome to my world as a third-party incident responder. Even bringing my team in can be viewed as a message from management that the current IT staff is not trusted to handle the incident.
1
Replying to @Queen_fennec @oley
We are third-party IR, but our job is not to tell people what to do. Our job is to scope the problem and make recommendations to get orgs operational ASAP. This includes discovery of point of entry, where the attackers are in the network, and what they took.
3
Replying to @Queen_fennec @yasegumi
Sure, nobody likes the hired guns from outside. Especially when those outsiders are telling management exactly what the local team has been saying for years. There’s a whole other thread about de-escalating that conflict.
1
Load more