Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Load newest
Replying to @daveshackleford
Australia, with Japan a close second. More friends I haven’t seen in a long time in Australia.
1
3
Hal Pomeranz retweeted
Nicolas Brulez
 @nicolasbrulez
16 Dec 2020
🔴1 simple trick to do position independent code analysis statically in IDA Pro, so you can see cross references in your disassembly (which means analysis becomes much easier) IDA Pro - Position Independent Code Analysis youtube.com/FNFZjdPlHc8 via @YouTube Like & subscribe 🕶️

IDA Pro Tutorial - Position Independent Code Analysis (Statically)

IDA Pro Tutorial - Position Independent Code Analysis (Statically) By HexorcistIn this video tutorial, you will learn how to handle position-independent code...

youtube.com
34
2
123
Hal Pomeranz retweeted
Kaitlyn @KaitlynGuru
19 Dec 2020
I second this. No one would be where they are without a community and society. We need to support each other and invest in our people.
Julien Vehent @jvehent
19 Dec 2020
It shits my brains to see people work three jobs to feed their family while I sit in front of a computer eight hours a day. I'd gladly pay more taxes to help mothers spent evening with their kids instead of doing another shift at walmart.
2
5
Replying to @fancy_4n6
Hi @fancy_flare! Remember me? Almost being electrocuted by a bar together and a hazy memory of stealing glassware...
1
1
Hal Pomeranz retweeted
Ann Johnson
 @ajohnsocyber
18 Dec 2020
Popping this up. A lot of folks now canceling holiday plans. Show your appreciation.
Ann Johnson
 @ajohnsocyber
14 Dec 2020
Your front line infosec folks are working non stop right now. Feed them. Give them breaks. Remember they have a life outside of work. Show appreciation. Be grateful. It costs $0 to be kind & respectful. They are under tremendous stress - even if they hide it.
1
23
87
Hal Pomeranz retweeted
Jake Williams @MalwareJake
18 Dec 2020
I’m not suggesting automation and orchestration are bad. You should absolutely use them. You should also make sure they don’t make you weak. If you landed in a job today where you don’t really understand fundamentals, take some time to fix that. You’ll never regret it. /FIN
20
32
2
488
Hal Pomeranz retweeted
David Cowen @HECFBlog
17 Dec 2020
Well I finally got the first version up. You can now search to see if a crypto currency wallet address is on the OFAC sanctions list. canipaytheransom.com I'll be adding more info and making it SSL soon.
2
28
5
104
Hal Pomeranz retweeted
briankrebs @briankrebs
17 Dec 2020
The latest CISA advisory on the SolarWinds compromise is sobering. It suggests we don't know the worst of it yet, and that a great many organizations have a herculean task in front of them in terms of incident response. us-cert.cisa.gov/ncas/alerts…
25
244
34
440
Hal Pomeranz retweeted
Katie Nickels @likethecoins
17 Dec 2020
Some of the best response guidance I've seen. Thanks @TrustedSec!
TrustedSec
 @TrustedSec
17 Dec 2020
🚨URGENT🚨 Our #IncidentResponse team has put together a playbook of recommended actions to provide some level of assurance that your organization is no longer affected by the SolarWinds backdoor #solarigate hubs.la/H0CPz9r0
6
44
We need real change & deliberate dismantling of systems of systemic oppression. We have so much work to do, work that starts with me, you, & every org around the world doing what is right, not just saying they are committed but without action #PayEquityNow payequitynowfoundation.org/p…

Put Your Pay Equity Where Your DEI Mouth Is

As we come to the final weeks of a difficult year, my heart is full of hope and cheer. Not because we’ve seen two notable examples of organizational lip service for Diversity, Equity, and Inclusion...

payequitynowfoundation.org
1
8
41
Hal Pomeranz retweeted
Jay Healey @Jason_Healey
16 Dec 2020
FWIW, here are some of the reasons often cited by infosec practitioners on attacker advantage, collected by the NY Cyber Task Force sipa.columbia.edu/sites/defa…
1
1
2
Replying to @lee_whitfield
Congratulations!
2
Hal Pomeranz retweeted
Rob Fuller
 @mubix
15 Dec 2020
#BlogPost - SolarFlare Release: Password Dumper for SolarWinds Orion - j.mp/3mhXKlP
7
76
8
172
Replying to @DfirNotes
I applaud your effort. Try it in C:\Windows\System32\Tasks
1
Doing Windows #DFIR on Linux. What Windows directory is this command-line useful in: find * -type f | while read file; do echo ===== $file; strings -e l "$file" | grep -E '(Command|Arguments)'; echo; done
2
2
7
But most of all #SUBURST has me thinking again why "May you live in interesting times" is a curse
4
If #SUNBURST demonstrates what a hostile power can do with a supply-chain attack, never question what intelligence services can do with cooperating domestic vendors. And again the majority of those vendors are based in the West.
10
One long-term cost of #SUNBURST will fall on ISVs and their customers who now need to validate the rest of their enterprise software stacks. This cost will fall disproportionately on Western Democracies where these technologies are highly leveraged.
1
Hal Pomeranz retweeted
Robert M. Lee @RobertMLee
14 Dec 2020
Fantastic report by FireEye on the SolarWinds supply chain compromise into organizations around the community including the FireEye intrusion: fireeye.com/blog/threat-rese… great insights for defenders to go burn the adversary’s efforts to the ground

SolarWinds Supply Chain Attack Uses SUNBURST Backdoor

A highly evasive attacker leverages a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute SUNBURST malware.

mandiant.com
1
38
1
137
Hal Pomeranz retweeted
Jake Williams @MalwareJake
14 Dec 2020
In case you haven't seen these yet, Kim has IOCs for the SolarWinds breach.
Kim Zetter @KimZetter
14 Dec 2020
I have report from Microsoft about SolarWinds hack, including IoCs. Excerpts in this thread: "Microsoft security researchers recently discovered a sophisticated attack where an adversary inserted malicious code into a supply chain development process.... 1/
2
7
1
26
Load more