I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
This #DFIR life gives us ample opportunity to feel stupid on a regular basis. So when you have some success, don't be afraid to quietly pat yourself on the back a little bit. You're doing well. Keep it up!
5
33
Hal Pomeranz retweeted
A delayed launch, no exfiltration of sensitive data, and the attackers didn't delete Volume Shadow copies. The Kaseya REvil attack would have stood out as distinct even if it didn't happen on a holiday weekend. Our analysis of the attack:
news.sophos.com/en-us/2021/0…
10
167
23
325
Hal Pomeranz retweeted
I am the Chief Intern of my company.
Nobody is greener than me, screwing up, growing up, learning on the job, every single day. 🤷🏻♀️
Believe in yourself. 💫
You can do it, whatever it is. 💪🏻
💞Love from one perpetual intern to all the others.💞
5
5
3
143
GIF
Reminds me of the SaltStack vulnerability from last year. But unfortunately concentrated through some good sized MSPs.
1
Hal Pomeranz retweeted
Per @HuntressLabs, it looks like there's an authentication bypass on the @KaseyaCorp VSA server that allowed the threat actor to issue commands from the server.
old.reddit.com/r/msp/comments/oc…
3
33
1
68
My experience is that the threat actors are people stuck in untenable kleptocracies who are just trying to make a life for themselves and their families like anybody else. Unfortunately, with few options, taking money from distant Western democracies seems like a good plan.
1
I would like to see an honest account of the annual cost of ransomware to the US economy. Because it seems that a fraction of that cost spent towards addressing global inequality and increasing world-wide cooperation would go a long way.
10
6
2
62
Up early on a holiday weekend, working on ransomware DFIR... just like all of my other colleagues. Sharing your frustration and disappointment. Thank you for your efforts.
1
8
Hal Pomeranz retweeted
- Ransomware does not just come through phishing emails anymore. Your (perhaps overly cruel) awareness tests won’t save you, alone.
The most common vectors I’ve seen recently are supply chain and vulnerable ingress/egress perimeter devices like concentrators or virtual clients.
4
82
7
350
Hal Pomeranz retweeted
I study non-stop, gain certs, and volunteer as much as possible. I really need ur help to be able to attend DEFCON, which will fulfill a dream of mine and help my career. I have it all, except my plane ticket.
Please support my GoFundMe campaign: gofund.me/6656d2cc #GoFundMe
4
14
5
21
Hal Pomeranz retweeted
Life is short. Way too short for some. Enjoy it. Live it. And spend it with the right people. ❤️
4
14
122
Hal Pomeranz retweeted
All your IR pals are seeing your BBQ pics and plotting your demise right now.
26
28
4
471
Hal Pomeranz retweeted
NEW: Microsoft lost millions of dollars’ worth of Xbox gift cards in an online scheme. Turns out it was an inside job trib.al/j3mg3rb
171
1,283
503
3,300
Check out @attrc's reading list here
This pages contain my list of Recommended Reading books related to #DFIR & #infosec:
dfir.org/?q=node/8
If you know of a book written in the last 2-3 years that is missing then please let me know so that I can review it!
1
1
When I get to BTRFS it will be a series of blog posts like my earlier EXT4 and XFS work. But it's going to take a big case with a lot of BTRFS to get me to do that research.
1
For your weekend reading pleasure, I'm happy to announce a small update to my Linux Forensics class-- now with a new module on EXT4 and some fixes of previous errata. Always free at archive.org/details/HalLinux…
3
48
1
112