I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

Orlando, FL
Joined November 2008
Replying to @girlgerms
Haters gonna to hate. It says much more about them than the object of their scorn. For the record, your display is awesome!
1
1
Hal Pomeranz retweeted
Thrilled to be on the judging panel for this incident response competition 🤩 should be a great event.
"Judging Panel and Networking Event - #AWSN Security Incident Response Competition" ADL folks, don't forget to RSVP for this event on Weds 15th Dec >> which will include talks from our esteemed judges and an announcement of the winners 👏 @A3Cyber @retrospectlabs @stoneandchalk
4
1
17
Replying to @josephwshaw
Thoughts and prayers, brother. Wishing everybody the best!
1
1
AND ALL THIS IS CHEAPER THAN ACCEPTING HOMELESSNESS!” Did you get that?
“In Finland, the # of homeless people has fallen sharply. Those affected receive a small apartment & counselling with no preconditions. 4 out of 5 people affected make their way back into a stable life. And all this is CHEAPER than accepting homelessness.” scoop.me/housing-first-finla…
2
38
1
110
Hal Pomeranz retweeted
How do I like this tweet more than once?
This tweet is unavailable
6
25
206
We were brought in to investigate a new piece of Linux stealth malware running on a host. It deployed a rootkit that was able to hide from admins well enough to evade detection by a major EDR vendor. Here is Part 1 of what we found: sandflysecurity.com/blog/lin…
2
130
2
344
A new Linux malware called #cronrat was found by @sansecio that hid payload data inside bogus crontab entries. In this post I go over how it works, how you can simulate it, and how to use Sandfly to immediately check your systems to see if it is present. sandflysecurity.com/blog/det…
1
56
128
Hal Pomeranz retweeted
Read this thread. Disguising easily disproven police propaganda as fact in your headlines isn't helping anyone.
THREAD: Yesterday, the New York Times published a headline it knew was false. The implications of this are dangerous for everyone who cares about an informed public. Here’s what happened:
1
9
1
39
Now that folks are actually looking, Omicron cases are showing up all over the place. Good thing countries are enforcing racist travel bans from southern African countries. I feel so much safer.
1
8
Hal Pomeranz retweeted
If you're in malware analysis, you owe it to yourself to learn the PE header. If you don't work in malware RE, you'll still likely benefit at some point from knowing this. I certainly have found this knowledge useful in other domains.
A dive into the PE file format - Introduction: 0xrick.github.io/win-interna… 1:0xrick.github.io/win-interna… 2: DOS Header, DOS Stub & Rich Header: 0xrick.github.io/win-interna… 3: NT Headers: 0xrick.github.io/win-interna… 4: Data Directories,Section Headers : 0xrick.github.io/win-interna… cr @Ahm3d_H3sham
32
3
104
every expert you admire looks stuff up all the time, and every one who tells you they don't is lying or trying to sell you something
21
189
24
1,036
I have successfully loaded the RDP ActiveX from rdclientax.dll (msrdc.exe) entirely at runtime inside a C# program without using Detours or a helper native library. It turns out the ActiveX calls LoadRegTypeLib if LoadTypeLib fails on the executable returned by GetModuleFileName:
1
5
16
Replying to @selenamarie
Try whipping in a little lemon zest at the end next time. Yummy!
Hal Pomeranz retweeted
Did you know that it is possible to read memory using a PROCESS_CREATE_PROCESS handle? Just call NtCreateProcessEx to clone the target process (and its entire address space), and then read anything you want from there.😎
10
93
5
403
Cool YARA methodology nugget from our hero @DidierStevens, and nice to read the insights from the process of developing and tuning rules like this. File under #dailyyara and give it a go.
YARA Rule for OOXML Maldocs: Less False Positives i5c.us/d28066
9
39
Thanks @AlaskaAir for helping my family of five find seats together on a crowded holiday flight. That has made our holiday trip much less stressful.
1
7
Hal Pomeranz retweeted
Holy shit, this is powerful:
This tweet is unavailable
24
197
3
1,499
Absolutely one of my favorite holiday stories/traditions. We are all here to help each other.
This tree from Nova Scotia is now in Boston Common. The Nova Scotians send one every year. Why?
1