I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
Hal Pomeranz retweeted
Well this is fun...
Here is small code to dump SAM/SYSTEM/SECURITY hives from remote host when you have SeBackup/SeRestore privileges (Backup Operators) : github.com/Wh04m1001/Random/… . Files will be saved on remote host but backup operators can access c$ and download it.
4
7
Instead of vilifying those who don’t vaccinate, we need to document them as human beings, interconnected with family and friends, who leave huge voids when they pass. If we create a library of these very human stories, maybe we can shift the conversation.
1
Hal Pomeranz retweeted
Small update: If for some reason you can't update the dependency, you can also disable these lookups using -Dlog4j2.formatMsgNoLookups=true flag and it should protect you from this vulnerability. Source:
github.com/apache/logging-lo…
#java #JVM #kotlin
(1/5) If you're using log4j library, you should bump it as soon as possible to 2.15+. Dangerous RCE has been spotted a few days ago and it can be used by literally ANY user just by logging an incoming data in some way.
You should probably notify people you know about it #Java
6
2
13
Hal Pomeranz retweeted
not good... not good at all. log4j is everywhere and this looks awfully easy to exploit.
This tweet is unavailable
1
40
1
86
My standard Zoom background is the Sanctum Sanctorum from the MCU collection. Dr. Strange is my spirit animal.
1
Hal Pomeranz retweeted
Big news!
After a long wait, I'm excited to publicly release my doctoral dissertation, "The Analyst Mindset: A Cognitive Skills Assessment of Digital Forensic Analysts".
You can download it here: chrissanders.org/2021/12/dis….
28
207
23
820
Hal Pomeranz retweeted
“Why else are we alive but to be known as the ultimate act of revolt against silence? Is that not freedom: to spit out our silences and in the doing to slay shame and fear?
…No one is coming to save us: we are the ones we have been waiting for.”
Fuck yes! ✊🏼 @monaeltahawy 🔥💕
Words are important--to fight silence, shame, fear and the violence that that trifecta exacts on us. Words are flags planted on the planets of our beings, they say this is mine, I have fought for it and despite your best attempts, I am still here.
feministgiant.com/p/write-da…
1
10
29
Hal Pomeranz retweeted
This is a big step for memory safety in the Linux kernel.
Proud of @Google's role in making this happen & look forward to seeing the project finish. memorysafety.org/blog/suppor…
Rust takes a major step forward as Linux's second official language zd.net/3pwRc6F via @ZDNet & @sjvn @rustlang moves closer to being #Linux's second official language. #opensource
12
1
34
Hal Pomeranz retweeted
General reminder, it costs the United States more money to keep people homeless, than it would cost them to be housed.
2
61
3
204
Hal Pomeranz retweeted
We published our insights - paraflare.com/a-defenders-pe….
What became apparent was that there was exactly no evidence, or logging, that could be obtained that might assist in #detecting or #containing an #incident as it happened. So what can be done?
1
2
3
I mentioned to @JBeanDesign that I was feeling a bit punky after my booster. We’re both old enough that the obvious “Punky Booster” joke is hilarious to us.
1
8
I’m boosted, how about you? #VaccinesWork #NotALizardPerson
2
17
Hal Pomeranz retweeted
Re-upping this fantastic work on #CobaltStrike.
There appears to be a bug in #CobaltStrike that leaks the Team Server's time zone offset when specifying a compile_time for stagers. In this case the saefko.profile was used, yet the Beacon's compile time is off by 5 hours.
More info in our book!.. blackberry.com/beacon
2
9
