Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Load newest
Replying to @wendynather
As of today, my quarantine hairstyle has reached the “full ponytail” (pwnie-tale?) stage
1
Replying to @secureideas
Authentication is proving you are who you claim to be (“I am Hal”). Authorization is granting privileges to an authenticated entity (“Hal can run commands via sudo”).
2
2
Replying to @wimremes
My pandemic playlist has gone in a weird Latin Pop direction...and I don’t even speak Spanish!
1
1
Replying to @bettersafetynet
The Unix command "grep" gets it's name from the "ed" command-line editor which had a command for displaying matched patterns: "g" (for "global"), followed by a regular expression ("re"), followed by "p" (for "print").
1
4
Looking forward to it!
Heather Mahalik Barnhart
 @HeatherMahalik
7 Jan 2021
Join us Monday on Life has No Ctrl+Alt+Del where @hal_pomeranz will talk about Linux IR+Rapid Triage. cellebrite.com/en/series/ctr… #DFIR @Cellebrite_UFED @CellebriteES
1
5
"Some of those that work forces are the same that burn crosses."
1
21
Meanwhile, non-violent drug offenders are doing hard time...
1
9
If you're looking to learn Linux #DFIR check out Hal's training material. He's made a torrent available that's hosted by @internetarchive 🔎🖥️
Hal Pomeranz @hal_pomeranz
24 Mar 2020
My Linux Forensics material is now up at archive.org -- grab the torrent from archive.org/download/HalLinu…
3
10
Replying to @bettersafetynet
I still remember multiple common UUCP "bang paths" to my original email account, swatsun!pomeranz
1
A reminder to survivors of every type—wear your scars proudly. Though it may not feel like it, today is a victory. You are still here despite everything you have endured. youtube.com/watch?v=mg3hYE…
2
Replying to @wimremes
What’s the question, Wim?
Replying to @attrc
I'm also a big fan of lsof, which is available on most Linux distros-- "lsof -p <pid>" or "lsof -c <cmd>"
2
12
Hal Pomeranz retweeted
Joe Słowik 🌻 @jfslowik
4 Jan 2021
This is a GREAT blog post on #cobaltstrike analysis from late last month - if you're not familiar with analyzing Cobalt Strike, I highly recommend you read it. H/T to @4A4133 for flagging this! randhome.io/blog/2020/12/20/…
39
116
Booking speakers for Life Has No Ctrl+Alt+Del. Let me know if you are interested. Zoom meeting, 30 mins total with some of the best people I know in DFIR.
2
5
17
GIF
Replying to @HeatherMahalik
Happy to contribute—let me know when
1
1
Replying to @stoney27
Wow! A classic!
Hal Pomeranz retweeted
Lesley Carhart @hacks4pancakes
2 Jan 2021
Oh yea, I tried to make this a thing but had too small reach at BSides. (Sticking a specific sticker on the con badge if you’re willing to do social or networking stuff that doesn’t involve or pressure alcohol use.)
This tweet is unavailable
5
6
1
69
Hal Pomeranz retweeted
Florian Roth
 @cyb3rops
2 Jan 2021
I wrote a @littlesnitch log exporter for the new version 5 that transforms CSV into log lines and creates summaries of all connections within a given timeframe - also check the --noteworthy flag to reduces even that summary github.com/Neo23x0/littlesni…
52
130
Hal Pomeranz retweeted
Florian Hansemann @CyberWarship
2 Jan 2021
I Like to Move It: Windows Lateral Movement Part 1 - WMI Event Subscription mdsec.co.uk/2020/09/i-like-t… Part 2 - DCOM mdsec.co.uk/2020/09/i-like-t… Part 3 - DLL Hijacking mdsec.co.uk/2020/10/i-live-t… - thanks for sharing @domchell #infosec #pentest #redteam
2
301
6
879
GIF
Hal Pomeranz retweeted
Christopher Glyer @cglyer
1 Jan 2021
I didn’t know much about Citrix or Freebsd forensics - but @SecShoggoth and @hal_pomeranz’s work was helpful sans.org/blog/freebsd-comput… trustedsec.com/blog/netscale…

NetScaler Remote Code Execution Forensics

trustedsec.com
1
3
14
Load more