I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
Hal Pomeranz retweeted
Last post we looked at #Emotet post breach. Here looking at catching emotet at execution using @wazuh. As well a little history on the changes in the Emotet doc techniques over the past year.
#DFIR
#infosec
laskowski-tech.com/2019/10/2…
2
33
2
47
Hal Pomeranz retweeted
Whilst we often feel overwhelmed with trying to know everything, this image is a brilliant reminder that we know more than we believe and actually, knowing everything is impossible.
Not sure who created this graphic, please credit, I absolutely love it! #imposterSyndrome
13
633
48
1,788
Hal Pomeranz retweeted
Short thread by former FBI agent @jimeharrisjr on the challenge of investigating child exploitation (scroll up):
So, long story short, aggressive intelligence operations, combined with international cooperation and some technology investment would probably be the better solution than backdoored crypto - but as the articles have been saying, there's no real will on the part of the government
1
17
15
Hal Pomeranz retweeted
A memory corruption in the EHLO component of a MTA ... tonight we're gonna party like it's 1999 :)
5
20
2
139
Hal Pomeranz retweeted
Today I stumbled across the fact that I can extract any file that is locked by the OS on a Windows 10 machine with this native command.
C:\WINDOWS\system32\esentutl.exe /y <SOURCE> /vss /d <DEST>
Initially I thought it only worked for ese files, but it seems to work everywhere!
16
504
12
1,411
Hal Pomeranz retweeted
You could learn how to sift through seemingly endless information with #FOR572 Advanced Network Forensics with Hal Pomeranz @hal_pomeranz in Miami, Florida from November 4th - 9th
Register before Oct. 2nd and save $200 at sans.org/u/RXp
3
5
GIF
Management would be the ones tugging at your ankles. Face shots come from the Sys Admins in IT.
1
1
5
Hal Pomeranz retweeted
I hear people like reverse socks proxies. Did you know that an update in OpenSSH 7.6 overloaded the `-R` flag?
Since Oct '17, if you omit $host in the `-R $host:$port` notation, the destination SSH server will receive a reverse dynamic SOCKS4/5 proxy.
openssh.com/txt/release-7.6
2
39
98
Very well done! Congratulations!
3
Hal Pomeranz retweeted
#DFIRCON 2019 Line-up:
#FOR498 w/ @EricRZimmerman
#FOR508 w/ @MalwareJake
#SEC504 w/ @mikemurr
#FOR500 w/ @robtlee
#FOR572 w/ @hal_pomeranz
#FOR578 w/ @_s14
#FOR585 w/ @HeatherMahalik
#FOR610 w/ @lennyzeltser
PLUS DFIR #NetWars!
Register now: sans.org/u/Pxm
4
6
Hal Pomeranz retweeted
Choose your problems well. Many times I have spoken to people who have no real idea why they are studying what they are.
Introspection can’t be rushed. In the rush to publish paper after paper, who has time? I think we should breathe, write fewer papers, and have them matter more
3
21
1
55
Hal Pomeranz retweeted
The next SANS #CommunitySession in Sydney, 'Getting in the Flow with NetFlow' will take place on August 30 with SANS Faculty Fellow @hal_pomeranz. Register at sans.org/u/UzU
2
1
Hal Pomeranz retweeted
We are very happy to announce Security @BSidesNOLA 2019!
Full details here: lists.volatilityfoundation.o…
@SecurityBSides @SiliconBayou #DFIR #infosec
23
3
20
Hal Pomeranz retweeted
I'm publishing some 🔥 research today, a major design flaw in Windows that's existed for almost *two decades*. I wrote a blog post on the story of the discovery all the way through to exploitation.
googleprojectzero.blogspot.c…
70
1,774
173
3,716