Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Filter
Exclude
Time range
-
Near
Load newest
Replying to @heyalliehansen @edskoudis @AlyssaM_InfoSec @WWHackinFest
Thanks so much for the kind words!
2
Replying to @MicheleDGuel @strandjs
I’m so glad our boy Johnny grew out of that phase!
1
Looking forward to catching up with everybody @WWHackinFest Way West! It's also the debut of my new Linux Command Line course. So much Linux. Much excitement. Teach in person!
4
29
See you all in San Diego or online!
Wild West Hackin' Fest @WWHackinFest
29 Apr 2022
Can you believe we are only a mere 5 days away from Way West 2022?! (Only 4 days if you'll be joining us for pre-con training...😏) If you are wanting to join us, there is still a little time left to register! Con details and registration here: wildwesthackinfest.com/way-w…
1
Replying to @tliston @TimMedin
They’re just making a list for when Skynet becomes fully aware
3
Replying to @webjedi
Oh yeah, I get the frustration and anger
1
Replying to @webjedi
Stages of grief— anger is in there someplace
1
1
Somebody please help preserve this bit of history!
Amélie E. Koran @webjedi
27 Apr 2022
Replying to @webjedi
Still need to find somebody willing to (or has the tech, since my spouse got rid of my VHS player) transfer that very rare "History of BSD" talk Kirk gave in 1999 when we not only played a drinking game on his verbal ticks, but got him extremely drunk on Anchor Steam.
2
Somehow in my world “zero trust” has come to mean “every new client sends me their ‘trusted laptop’”. Any fellow consultants come up with a good racking solution for all this gear?
4
Let us not forget Paunch buying zero-days on the open market to further Black Hole back in the early 2010s…
This tweet is unavailable
1
Every day, across the nation and around the world, teachers save student lives quietly and without fanfare. And all we do is make their jobs harder and less rewarding.
2
3
19
Replying to @webjedi @Foone
I love this so much
1
Replying to @MoarGood
Certainly eliminates Exchange as the initial breach, but it will be a juicy target after they get in with stolen VPN credentials
1
2
Replying to @UlfLundh @Rvndoorn
Even if you still have to maintain local Exchange in a hybrid environment, those machines can be completely isolated from the Internet and most of your infrastructure.
1
Replying to @typeyourname10
Definitely avoids a raft of problems, and keeps a large cache of user creds away from your home network. Pay extra for higher levels of M365 auditing to help you troubleshoot cloud issues.
1
Actually let me quote tweet this so it’s easier for everybody to see
Hal Pomeranz @hal_pomeranz
20 Apr 2022
Replying to @uplinc
The most common indicator we’re seeing is w3wp.exe spawning csc.exe. Look for webshells under …\Exchange Server\*\FrontEnd\HttpProxy\{owa,ecp}\*
2
7
15
Replying to @uplinc
The most common indicator we’re seeing is w3wp.exe spawning csc.exe. Look for webshells under …\Exchange Server\*\FrontEnd\HttpProxy\{owa,ecp}\*
1
8
1
52
Because there is no integrated calendaring solution.
Replying to @typeyourname10
Recent experience is teaching me that it’s impossible to securely run Exchange on prem. It’s been the initial point of entry for numerous compromises.
2
31
Notes from the IR front lines — if you have on-prem Exchange, assume compromise. Also start a plan to migrate to Microsoft 365… yesterday.
22
72
8
435
Load more