I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
Hey @SANSInstitute can you look into this?
@hal_pomeranz Looking for your SANS series, "Understanding EXT4". I can access #6, but SANS removed 1 - 5.
2
1
Hal Pomeranz retweeted
A great hunting technique! I'd say the offensive technique was largely influenced by CobaltStrike. As such, be aware of the blindspots. For example, proxying in tools and alternative logon types. CS documents an evasion for this here using BOFs youtube.com/watch?v=gfYswA_R…
Here is how to hunt/detect 60% (possibly more than 60%) of lateral movement attacks:
On ALL endpoints, look for EID 4624 with LogonType 9 (NewCredentials), and check TargetOutboundUserName field. 1/4
#threathunting #dfir #lateralmovement
2
21
2
87
Hal Pomeranz retweeted
‼️ Process Ghosting: a new process tampering technique for AV evasion. Nice write-up by @GabrielLandau elastic.co/blog/process-ghos…
6
142
7
339
Hal Pomeranz retweeted
Please RT for reach: I'm looking for an operations director/coordinator at a @RenditionSec partner company (Augusta preferred, but remote okay).
If you're interested, hop here to apply (just apply to the generic position and note ops director):
breachquest.breezy.hr/
2
30
3
11
Hal Pomeranz retweeted
This blog post by @pathtofile was an awesome read. Shows how to use eBPF to detect a memory-only technique for loading malware on Linux:
blog.tofile.dev/2021/02/15/e…
#DFIR #infosec
10
13
Hal Pomeranz retweeted
I am once again asking: if y’all know anyone in DFW looking for work. Looking for a mid tier sys-admin who wants to break into cyber security.
Will be trained by me so the weirder the better. 🤠
18
141
2
242
Hal Pomeranz retweeted
When we compare ourselves to others, we are pitting 100% of our positives and 100% of our negatives, against the 80% of their positives and MAYBE 5% of their negatives we can see. We will always come up short. There is no way to win that equation. Be your best YOU.
2
13
1
63
GIF
Hal Pomeranz retweeted
I celebrate her as I mourn her, out loud because people should know who she was, what she accomplished, & what she meant to me & frankly to all humankind.
Her work, uncelebrated in life, created IVF treatments that completed so many families with babies, & created stem cell lines
4
9
1
145
Hal Pomeranz retweeted
I've got 4 mentees looking for entry level SOC positions - what have you got? hit me.
19
65
3
157
Hal Pomeranz retweeted
If you're the smartest person in the room, you're in the wrong room. 🧠
219
4,153
283
23,465
Hal Pomeranz retweeted
In this late date in our advanced technical culture, there is no need for anyone to follow the mandate to wang chung tonight. That said, everybody have fun tonight.
1
5
Here I am jabbering on about SELinux again. Another @WWHackinFest "pay what you want" opportunity, Jul 13&14! wildwesthackinfest.com/antis…
9
24
Hey folks, your ransomware encrypted endpoints are EVIDENCE and need to be treated as such. PLEASE preserve copies before beginning the process of restoring operations.
1
7
1
8
Hal Pomeranz retweeted
Detecting Ransomware Precursors by @DFIR_TNT dfirtnt.wordpress.com/2020/1… >> Great collection of commands and anti-forensic techniques common to many types of intrusions
93
2
218
Hal Pomeranz retweeted
Latest release of the SANS #SIFTWorkstation NOW AVAILABLE👍 Learn more: sans.org/u/1dMX
Download now: sans.org/u/1dVA
The move to the Ubuntu 20.04 LTS kernel gets SIFT up-to-date with security features, faster boot times, & enhanced performance. @robtlee
6
14