I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
Hal Pomeranz retweeted
If you're considering where you should be focusing your cybersecurity learning efforts for 2022, just stop now and start learning cloud. AWS, Azure, GCP, etc.. it doesn't matter just start now and be prepared for your next career conversation.
16
54
9
328
Hal Pomeranz retweeted
Microsoft Active Directory is the most common directory services product in the world. Unfortunately, it can also be a nightmare to secure. Here, some widespread AD security issues admins face and what they can do to prevent or mitigate them: informatech.co/3i2xigS
13
1
42
Hal Pomeranz retweeted
Fugu14 exploitation is impressive! In #OBTS v4, I mentioned a kernel bug that has the same nature as the one used in Fugu14, allowing attacker to overwrite physical memory page. The way how @LinusHenze bypasses PAC/PPL is eye-opening :O
2
52
2
247
A story about goals, hard work and persistence, and the power of asking - linkedin.com/pulse/power-ask…
1
1
3
How about we eulogize those who struggle and persevere and ultimately become more than what they started with, rather than those who ended up so much less than they might have been.
2
Incredibly tired of reading touching eulogies for privileged sex offenders who are given unlimited free passes because they happen to be gifted athletes, and who ultimately piss those gifts away to addiction and suicide.
1
Hal Pomeranz retweeted
why worry about ETW when you can simply inject into the windows event log service, modify/delete events in memory and reflush the log file
15
25
1
213
Hal Pomeranz retweeted
In my experience on Linux, a packed/encrypted executable is 99.9% of the time malicious. Assume packed files on Linux are dangerous until proven otherwise.
Don’t think I’d ever considered “high entropy + executable” as a suspicious combo before, but once it’s laid out like that, yep. 👍
Can’t open Twitter without learning something. The unfathomable amount to know is both the best and the most terrifying thing about this field.
7
14
Europe is setting its clocks back one hour. Poland is attempting to set theirs back multiple decades.
3
4
Hal Pomeranz retweeted
I had multiple conversations with @joachimmetz around EVTX and things I was assuming. He wrote an article on common misconceptions. Highly recommend reading it if you work with Windows event logs in any forensic way or rely on tools that do it for you. osdfir.blogspot.com/2021/10/…
50
87
My dog freaks out when she sees me putting on my shoes, thinking maybe I’m taking her along. I find myself quoting “Casablanca” ay her. movie-sounds.org/old-movie-s…
1
Hal Pomeranz retweeted
Hey, looking for a DFIR person with specific experience in MS Word forensics for a quick, lucrative contract (4-8 hours, ish) to resolve an academic plagiarism case. RTs/referrals appreciated as always. #infosec #infosecjobs
9
5
Hal Pomeranz retweeted
Neat SIP bypass for macOS:
1️⃣ Apple-signed .pkgs triggers launch of (SIP entitled) system_installd
2️⃣ system_installd executes zsh shell
3️⃣ zsh executes any cmds found in (subvertabile) /etc/zshenv. Such cmds (executed as a child of system_installd), run uninhibited by SIP 🙌🏽
Microsoft found a vulnerability (CVE-2021-30892) that could allow an attacker to bypass System Integrity Protection (SIP) in macOS. We shared our findings with Apple via coordinated vulnerability disclosure, and a fix was released October 26. Get details: msft.it/6016k1VFi
3
31
1
128
Hal Pomeranz retweeted
An important "soft skill" as you move up in leadership roles is brevity, the ability to not only be succinct but also flexible when presenting; knowing how to adjust your content on the fly. This is crucial when presenting to higher level business leaders. Practice this!
26
70
4
518
Hal Pomeranz retweeted
US democracy totally broken when huge majorities support policies like paid leave, expanding healthcare, taxing wealthy, lowering prescription drug prices, protecting voting rights, gun control, etc & none of it becomes law b/c of undemocratic institutions & influence of big $
207
2,259
135
8,776
Hal Pomeranz retweeted
Grab your popcorn (and get ready to write some detections).
Friday, October 29th, 2021 we will release the ransomware toolkit we have acquired.
The tools we possess we have confirmed to be used by both Conti ransomware group and BlackMatter ransomware group. They are scripts stolen from TeamTNT - modified to deliver ransomware.
1
9
32