I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
Hal Pomeranz retweeted
I created a #CyberChef recipe to ease the extraction of URLs from the word document (.doc & .docm) which download #Emotet. It is not completely foolproof, but it worked 99% of the time for me.
tinyurl.com/zexbjxcd
14
277
7
810
Hal Pomeranz retweeted
There’s a common adage in BJJ that says the only really difference between a white belt and a black belt is the black belt has tapped out 10,000 more times. I believe the same to be true in high-tech and InfoSec. Keep trying, keep learning, don’t give up. /5
1
3
1
23
Hey @ChipotleTweets nothing says “we DGAF” like the following response I received from your customer service web portal: “I'm sorry we let you down. We strive to provide exemplary service at every visit. I'm reaching out to our Willa Springs leadership team to make sure of this.”
3
Hey @ChipotleTweets your Willa Springs store in Winter Springs FL is a clown show. Worker on the line and worker involved in food prep both wearing masks on chin and not covering nose and mouth. Beverage station a mess with spilled beverage in fork&spoon holders. Disgusting!
1
2
There is no Armageddon—no cataclysmic final battle between good and evil. There are no superheroes coming to save us. There is only us and the choices we make every day.
1
7
94 years old and still fighting fascists
Wearing a military beret and a Polish wartime resistance armband, 94-year-old Wanda Traczyk-Stawska stunned the crowd at a pro-EU rally when she thundered "Be quiet, stupid boy! You lousy bastard" at a member of a far-right group u.afp.com/wJH2
14
65
Hal Pomeranz retweeted
macOS zero-day deployed via Hong Kong pro-democracy news sites therecord.media/macos-zero-d…
2
1
Hal Pomeranz retweeted
If you're coming into a situation cold, before you start sharpshooting decisions made by others, step back and ask "what constraints don't I know about that led to these specific decisions."
Sure, you can just sharpshoot without this - but it just shows you're the fool.
6
30
4
177
Hal Pomeranz retweeted
Amazing #cloudsecurity research - lots of questions about Azure’s monitoring and detection capabilities…
2
1
Hal Pomeranz retweeted
Just added support for Linux targets to SharpSphere, plus some bug fixes and a --verbose flag for listing vCenter privs.
github.com/JamesCooteUK/Shar…
7
28
Hal Pomeranz retweeted
In case you missed all the MS Ignite shouting, we published the Windows Server 2022 comparison guide last week. It gives a very high-level scenario &capability comparison between WS2016, 2019, & 2022. download.microsoft.com/downl…
4
24
56
Hal Pomeranz retweeted
“When a target user opens the HTML in their web browser, the browser decodes the malicious script, which, assembles the payload on the host device. Instead of having a malicious executable pass directly through a network, the attacker builds the malware locally behind a firewall”
There has been a spike in email campaigns using HTML smuggling to deploy banking Trojans, RATs, and ransomware. Attackers use this technique to build malware on a device via the browser instead of passing payloads directly through the network. Details: msft.it/6010kXevK
2
28
1
87
Hal Pomeranz retweeted
Very sad to learn about the death of Alan Paller, a dear friend & mentor who cared deeply about making things more secure & bringing more young people into infosec w/ the right skills. Alan was great at making important things happen behind the scenes. sans.org/press/announcements…
5
29
8
188
Hal Pomeranz retweeted
Woohoo, we got dozens of applicants!
Feel free to keep ‘em coming (via email only, not Twitter please - for a PM role to be successful, they have to pay attention to the 1st key detail & not flood the CEO!)
We’re likely done with interviews before Thanksgiving, so step right up
Hey we are hiring a security PM or two soon, typical employment background check required
Email careers@Lutasecurity if you are able to fit some fun part time security PM work into your life & don’t mind the bg check (client requirement, no exceptions).
Please ask q’s via email
2
10
1
63
Hal Pomeranz retweeted
Trying to remind myself documenting logs sources is just as important at #hunting in them
2
3
Hal Pomeranz retweeted
There are a lot of good people in infosec. Ignore those who tell you you can't, find those who will support you and support them in return. It's not easy, but you're worth it.
No one is successful without the help of others. The list of people I owe a debt of thanks is long
4
12
