I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
Hal Pomeranz retweeted
idk who needs to hear this but NOBODY is loved by everyone, without abandoning and losing themselves in the process. It's enough to be loved by the right people. You are loved.
8
50
1
144
Vaccine canvassing—neighborhood by neighborhood, door by door. “Here’s your shot, we’ll fill out the paperwork, and we’ll be back in three weeks for the second dose.”
8/
You: “They need to be on the hustle like them folks registering people to vote. I’m dead serious.”
Me: “I know you are.”
You: “That’s how I got registered to vote. A random dude with a clipboard.”
*silence*
You: “Tell the truth—I got some good ass ideas, don’t I?”
1
Hal Pomeranz retweeted
1/
This week at Grady
You: “They stay talking’ ‘bout how everybody could get that shot if they want it. All they got to do is walk in.” *making air quotes* “But that’s some bullshit.”
Me: *listening*
You: “That AIN’T all you got to do.”
You folded your arms in a huff.
66
812
397
2,743
Langley used to be an unmarked exit off the GW Parkway. Everybody knew what was down that road but the government tried to pretend it didn’t exist. Sigh.
1
3
Hal Pomeranz retweeted
Free OpenSecurityTraining2 classes - learn about architecture, debugging, reverse engineering, and malware analysis
p.ost2.fyi/
1
49
1
121
I am taken back to the 1980’s era of Sendmail back doors. At least this intentional back door is unlikely to cause an Internet outage, but almost certainly will be used as a pivot to deploy ransomware.
For years, a backdoor in popular KiwiSDR product gave root to project developer.
arstechnica.com/gadgets/2021… [quite the debugging feature... would you like root with that?]
1
Hal Pomeranz retweeted
Next time someone tells me they're afraid to apply for a job because they don't check off all the bullet points on the job listing, I'm just gonna play them this clip of the 3 leading white male actors of Mamma Mia 😳🇬🇷🎶:
35
256
51
1,129
0
Hal Pomeranz retweeted
Reporter: "What's your message to platforms like Facebook?"
President Biden: "They're killing people."
323
2,455
819
10,087
0
Hal Pomeranz retweeted
Trickbot discovery from the below sample:
ipconfig /all
net config workstation
net view /all
net view /all /domain
nltest /domain_trusts
nltest /domain_trusts /all_trusts
Followed by:
wermgr->cmd (multiple times)
Thanks @malware_traffic!
2
1
11
Hal Pomeranz retweeted
Interesting insights into hunting via the expanded dataset EDR provides.
This tweet is unavailable
4
3
Hal Pomeranz retweeted
During the last two years, we shared a lot about #LinuxForensics #DFIR at DFRWS, MVS, NW3C, OSDFCon, SANS DFIR, & many more. All of the work can be found here: linuxdfir.ashemery.com/
Follow this thread to understand what's shared and check the repo to know the team plus others.
3
93
3
241
Hal Pomeranz retweeted
NtCreateProcess(Ex) allows using a deleted executable to create a process with an empty image name. Task Manager doesn't show them; Process Explorer calls them "System Idle Process"; and only Process Hacker handles such processes somewhat correctly.
11
113
3
314
Hal Pomeranz retweeted
Being unvaccinated isn’t a protected class. Businesses that ban the unvaccinated aren’t discriminating, they’re reserving their right to refuse service as the free market allows. You don’t have an inherent right to go to Applebee’s with your dick out, Brad. Get vaccinated.
60
791
30
3,718
Hal Pomeranz retweeted
Another exceptional body of analytical work by @citizenlab and @Microsoft on mercenary cyber ops group "Candiru". This is the future of state threats IMO. citizenlab.ca/2021/07/hookin…
4
9
Hal Pomeranz retweeted
Brands: Don’t do this
Ever
I’m not your diversity poster girl.
Do not use women’s names & images without their permission in your promo BS.
You are the epitome of exploitation without giving agency to women you exploit for your own profit.
Blocked & reported across all platforms
42
106
18
792
Why is the devil in the deerstalker looking at the dog’s butt with a magnifying glass?
hubs.la/H0SkbYm0 Our Scout products are designed to give you peace of mind when it comes to your security. Each Scout subscription uses automation backed up with human verification to provide detailed findings and recommendations for your business. So, is your data Secure?
1
3
Hal Pomeranz retweeted
Remember: EDR only goes so far and good attackers will disable it ASAP. You're likely running one of 2-3 alternatives, so it's not like they have to operationalize attacks against a ton of them.
Other question: how long does your EDR queue events for locally before sending up?
This is good stuff. Has any APT been found that detaches EDRs? mdsec.co.uk/2020/12/bypassin…
5
10
4
77
