I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
Hal Pomeranz retweeted
I will be teaching my digital forensics course, starting January 10th, 2022 to my college students. I will be posting the content for anyone else that is interested in following along :)
Stay tuned for updates and access.
198
485
15
5,052
Hal Pomeranz retweeted
AccChecker is a pretty interesting #lolbin (+ AppLocker Bypass) from the Win SDK. Load a managed DLL with this cmd:
AccCheckConsole.exe -window "Untitled - Notepad" C:\path\to\your\lolbas.dll
More info in this gist: gist.github.com/bohops/24441…
3
81
1
176
A brief pause from your doomscrolling. Lucy joins the rest of our family in wishing you all the best in the new year.
2
31
Hal Pomeranz retweeted
And we are rolling on short notice, again! PancakesCon 3 will be Sunday, 1/16/2022, to keep you entertained despite con cancellations. More information can be found at pancakescon.com - please sign up for our Slack!
CFP will be a very tight spin up this year, again.
6
141
35
246
The fourth (and for now final) installment of my Linux honeypot analysis. Again thanks for a fun image @SecShoggoth! righteousit.wordpress.com/20…
2
6
4
Hal Pomeranz retweeted
“There comes a point where we need to stop just pulling people out of the river. We need to go upstream and find out why they're falling in.” - Desmond Tutu
#DesmondTutu
3
170
2
499
Part three of my Linux honeypot analysis with a whole bunch of encoded shell scripts of dubious origin and quality. Thanks again for the image, @SecShoggoth! righteousit.wordpress.com/20…
18
1
45
Hal Pomeranz retweeted
WMEye - A small project I wrote that uses WMI foo to remotely upload shellcode into a WMI Class and execute it by invoking MSBuild.
It uses LogFileEventConsumer Class to write the MSBuild Payload.
github.com/pwn1sher/WMEye
#redteam
1
166
3
366
Could two followers please copy and re-post this tweet? I'm trying to demonstrate that someone is always there, especially at this time of year. Call 800-273-8255 (National Suicide Prevention Helpline US). Just two. Any two. Copy, not retweet. Let’s all look out for each other.
Could two followers please copy and re-post this tweet? I'm trying to demonstrate that someone is always there, especially at this time of year. Call 800-273-8255 (National Suicide Prevention Helpline US). Just two. Any two. Copy, not retweet. Let’s all look out for each other.
1
2
Hal Pomeranz retweeted
And this is why we'll be finding software with embedded log4j for years to come...
5
73
3
353
For those of you who are looking for more of my Linux honeypot analysis, Part 3 & 4 will be appearing this coming Mon/Tue (Dec 27&28). In the meantime, get started with righteousit.wordpress.com/20… and righteousit.wordpress.com/20…
1
13
1
36
Hal Pomeranz retweeted
This is totally true. And. The investment required to get this right and maintain it is a massive piece of overhead most orgs can’t afford. Don’t tell us we need it. Tell us how to do it well without strangling ourselves.
In 100% #DFIR cases I worked on this year, the victim orgs couldn't tell what information was on their servers, what got compromised, and what impact will it have if this information leaks.
So today you are ready to hear the truth...
#infosec #cybersecurity #informationsecurity
3
4
12
Hal Pomeranz retweeted
OK folks, this is NOT a drill. If you're not monitoring access to your IMDS, you better start NOW.
Don't panic. This is very observable. But you do have to enable logging.
Attacking the metadata api with #Log4j
And getting crisp on #log4j impact on the cloud control plane.
Merry Christmas y’all
vectra.ai/blogpost/log4j-uni…
4
27
3
87
Hal Pomeranz retweeted
A retweet but great link for the Unix crew to read and remember. www-uxsup.csx.cam.ac.uk/misc…
1
3
3
