I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
Hal Pomeranz retweeted
What APT activity on macOS can look like, explained by @jbradley89: themittenmac.com/what-does-a… (via @dantrauner)
12
42
Haters gonna to hate. It says much more about them than the object of their scorn.
For the record, your display is awesome!
1
1
Hal Pomeranz retweeted
Thrilled to be on the judging panel for this incident response competition 🤩 should be a great event.
"Judging Panel and Networking Event - #AWSN Security Incident Response Competition"
ADL folks, don't forget to RSVP for this event on Weds 15th Dec >> which will include talks from our esteemed judges and an announcement of the winners 👏
@A3Cyber @retrospectlabs
@stoneandchalk
4
1
17
Hal Pomeranz retweeted
AND ALL THIS IS CHEAPER THAN ACCEPTING HOMELESSNESS!”
Did you get that?
“In Finland, the # of homeless people has fallen sharply. Those affected receive a small apartment & counselling with no preconditions. 4 out of 5 people affected make their way back into a stable life. And all this is CHEAPER than accepting homelessness.” scoop.me/housing-first-finla…
2
38
1
110
Hal Pomeranz retweeted
We were brought in to investigate a new piece of Linux stealth malware running on a host. It deployed a rootkit that was able to hide from admins well enough to evade detection by a major EDR vendor. Here is Part 1 of what we found:
sandflysecurity.com/blog/lin…
2
130
2
344
Hal Pomeranz retweeted
A new Linux malware called #cronrat was found by @sansecio that hid payload data inside bogus crontab entries. In this post I go over how it works, how you can simulate it, and how to use Sandfly to immediately check your systems to see if it is present.
sandflysecurity.com/blog/det…
1
56
128
Hal Pomeranz retweeted
Read this thread.
Disguising easily disproven police propaganda as fact in your headlines isn't helping anyone.
THREAD: Yesterday, the New York Times published a headline it knew was false. The implications of this are dangerous for everyone who cares about an informed public. Here’s what happened:
1
9
1
39
Now that folks are actually looking, Omicron cases are showing up all over the place. Good thing countries are enforcing racist travel bans from southern African countries. I feel so much safer.
1
8
Hal Pomeranz retweeted
If you're in malware analysis, you owe it to yourself to learn the PE header.
If you don't work in malware RE, you'll still likely benefit at some point from knowing this. I certainly have found this knowledge useful in other domains.
A dive into the PE file format - Introduction: 0xrick.github.io/win-interna…
1:0xrick.github.io/win-interna…
2: DOS Header, DOS Stub & Rich Header: 0xrick.github.io/win-interna…
3: NT Headers: 0xrick.github.io/win-interna…
4: Data Directories,Section Headers : 0xrick.github.io/win-interna… cr @Ahm3d_H3sham
32
3
104
Hal Pomeranz retweeted
every expert you admire looks stuff up all the time, and every one who tells you they don't is lying or trying to sell you something
21
189
24
1,036
Hal Pomeranz retweeted
I have successfully loaded the RDP ActiveX from rdclientax.dll (msrdc.exe) entirely at runtime inside a C# program without using Detours or a helper native library. It turns out the ActiveX calls LoadRegTypeLib if LoadTypeLib fails on the executable returned by GetModuleFileName:
1
5
16
Hal Pomeranz retweeted
Did you know that it is possible to read memory using a PROCESS_CREATE_PROCESS handle? Just call NtCreateProcessEx to clone the target process (and its entire address space), and then read anything you want from there.😎
10
93
5
403
Hal Pomeranz retweeted
Cool YARA methodology nugget from our hero @DidierStevens, and nice to read the insights from the process of developing and tuning rules like this. File under #dailyyara and give it a go.
9
39
Thanks @AlaskaAir for helping my family of five find seats together on a crowded holiday flight. That has made our holiday trip much less stressful.
1
7
