I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
A blog post almost four years in the mak^H^H^Hprocrastinating-- getting back to my teardown of XFS file systems! righteousit.wordpress.com/20…
2
1
1
3
Hal Pomeranz retweeted
Don't fear failure. Fear being in the exact same place next year as you are today.
12
87
4
588
Hal Pomeranz retweeted
STOP Collaborate and Listen!
Pancakes CON is on a mission
You gotta go, no exemption
Now, grab a ticket, tightly
View the presentations daily and nightly
Will it ever stop? Yo, I don't know
Turn off the lights, come learn and grow!
@PancakesCon
pancakescon.com/
2
5
20
Real world table-top exercises: Your founder/CEO has just bet the company on some third-party vaporware tech. How do you integrate this into your security plan while simultaneously dealing with your team heading for the exits?
8
5
1
27
I miss the good old days of SysAdmin Magazine! Am I right, @rikkiends?
1
2
This should be my first in-person training in over two years. Love hanging out with you all on Zoom, but cannot wait to be in the same room with my students!
Up Next is @hal_pomeranz's Introduction to Linux Forensics. This two-day, hands-on course is a quick start into the world of Linux forensics. Learn memory forensics, critical artifact locations, and how to rapidly process Linux logs. 3/6
1
1
14
Hal Pomeranz retweeted
Bypass Defender AV static detection:
If you name a malicious file DumpStack.log Defender doesn't scan it.
44
1,074
99
3,429
Hal Pomeranz retweeted
WHAT?! 😂
If you provide /FS:FILESYSTEM parameter to the format[.]com utility, the resulting process will try to load ("U"+FILESYSTEM).DLL using the default search path...
The weirdest custom DLL launcher I have meet so far :D
23
521
22
1,547
Hal Pomeranz retweeted
The expertise of 'Elephant Beetle' appears to be in targeting legacy Java applications on Linux systems, which is typically their entry point to corporate networks.
via @BleepinComputer
bleepingcomputer.com/news/se…
3
3
Make it a New Year's resolution not to burn out your staff. I can provide surge staffing support when your teams are overloaded or just needing some time off. Let's talk about how I can help your org!
4
7
Hal Pomeranz retweeted
If you want to understand LAPD, I recommend this stunning report by local people affected by LAPD violence. It is one of the great contemporary community-based histories and analyses of police violence and who benefits from it. @stoplapdspying automatingbanishment.org/sec…
5
316
3
1,493
Hal Pomeranz retweeted
4688 may look normal exec but if you look for event details where TargetUserSid is S-1-0-0 (everyone) and TargetUserName not null then you can hunt for processes started via seclogon (i.e. runas.exe /user:user) no correlation or extra enrich needed
gist.github.com/Samirbous/ec… (KQL)
7
62
2
212
Hal Pomeranz retweeted
If you're in a SOC and seeing Emotet, Qakbot or Dridex maldocs - take a look at recent #CyberChef recipes from @cluster25_io, @guelfoweb, and @Kostastsale. You'll be able to extract key IOCs to pivot and look for more badness in your network. Thanks to all who share their work!
2
59
213
Hal Pomeranz retweeted
Yes to all of this. Thanks for the RT @alexhutton !!
I managed multiple engineering teams before quitting big tech.
Now that I quit, I can speak freely.
Here are 12 things your manager may not be telling you, but I know for a fact will help you. 👇
1
1
5
You’re welcome! If anybody else has Linux images to share, I’m happy to do some more of these analysis blogs as time allows.
Hudak’s Honeypot (Part 1) – Righteous IT #linux #forensics #analysis Thanks to master @hal_pomeranz for the analysis and @SecShoggoth for the forensic images. Thanks for sharing righteousit.wordpress.com/20…
8