Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Load newest
Replying to @RobertMLee @DragosInc
Congrats to you all!
While @JBeanDesign appreciates everything I’ve been getting done around the house, somebody PLEASE pull me in on some interesting casework! #DFIRMrMom
2
Replying to @k8em0
At least they are making it easy to say “No”?
2
Hal Pomeranz retweeted
Jake Williams @MalwareJake
27 Oct 2021
Evergreen
𝔅͛𝔯͛𝔦͛𝔞͛𝔫͛ ͛𝔚͛𝔥͛𝔢͛𝔩͛𝔱͛𝔬͛𝔫͛ @brianwhelton
26 Oct 2021
10
42
Replying to @bettersafetynet
Middle ground doesn’t sell advertising
1
4
Replying to @TimMedin
You gonna eat all that?
1
Replying to @horrible_site
Corporate InfoSec is vastly more complicated than locking a car door, and is not a core business function for most companies. They’ll never get pro-active about security to any meaningful level. Maybe they shouldn’t have to.
Welcome back to #TipTuesday! We figure everyone needs tips about #Powershell so check it out and share with your friends!
4
4
I'm getting extremely fed up with the victim-blaming in InfoSec. Nobody has a security budget that exceeds their attack surface, and few companies have sufficient staffing. So who's "fault" is that breach exactly?
3
2
25
Stop by and I’ll shank you #ShankingAsAService
1
Hal Pomeranz retweeted
Florian Roth
 @cyb3rops
24 Oct 2021
It's not always possible to scan every device in your network for crypt mining malware (Linux boxes, IOT, App containers) But you could check your DNS & firewall logs for connections to the limited number of mining pools I've compiled a list for you nextron-systems.com/2021/10/…
24
460
18
1,500
Upgrade to a new iPhone for "free" with trade-in... as long as you agree to the 36-month installment plan during which your phone is carrier locked (inluding the eSIM). I'm calling BS on you @ATT.
1
8
Replying to @MalwareJake
Multi-year advent calendar
1
3
I don't think the @debian folks get enough praise. 11.1 is just about perfection. What a rocking platform! Thanks for all the hard work you do!
3
8
Replying to @rstasiunas @Golgothus
Coming soon to WWHF training— a two-day course full of Linux Command-Line goodness. And oh yes, there will be sed and awk!
1
3
Hal Pomeranz retweeted
INVERSECOS 🕸️ @inversecos
22 Oct 2021
1\ Threat actors leave behind traces on disks that end up incriminating them or giving away that they are Russian/Ukranian. If you ever see RDP events, you should parse out the RDP bitmap cache. It maps out bitmap images of a user's RDP session. #DFIR
15
393
22
1,452
Hal Pomeranz retweeted
Didier Stevens @DidierStevens
21 Oct 2021
I found some private keys on VT, enabling all of us to decrypt C2 traffic from a subset of all the malicious Cobalt Strike servers that are out there on the Internet. More details: "Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1" blog.nviso.eu/2021/10/21/cob…

Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1

We found 6 private keys for rogue Cobalt Strike software, enabling C2 network traffic decryption. The communication between a Cobalt Strike beacon (client) and a Cobalt Strike team server (C2) is e…

blog.nviso.eu
4
269
12
633
Wow, I wrote this 10 years ago. A friend used it today to mount an encrypted Linux image. Evergreen content. deer-run.com/users/hal/CEIC-…
3
19
Replying to @MarkSimos
Interesting. Does that count as two moves?
1
Load more