I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
Hal Pomeranz retweeted
This appears to be a widespread #TR #Qakbot #Qbot campaign today that could lead to Cobalt Strike, Bloodhound, and things that look very "pre-ransomware-y." The domains/hashes change, but the detection opps mentioned here are more durable. I highly recommend looking for this NOW.
Over the past few hours, we’ve observed malicious phishing emails associated with the delivery affiliate TR in multiple customer environments. The infection scheme was consistent, executing in the following pattern: OneDrive phishing page -> ZIP download -> malicious XLSB -> Qbot
5
58
3
135
Meanwhile the IRS doesn’t go after the really big offenders because they can afford to hire armies of lawyers
1
1
Hal Pomeranz retweeted
NEW: Walgreens made donations to 11 members of the Sedition Caucus in November 2021, totaling $25.5k, breaking the pledge they made after Jan 6th to indefinitely suspend contributions to members of Congress who objected to the election certification. Shame on them.
730
6,808
1,134
11,878
Steven Bradbury— one of my favorite Olympic stories
20-year anniversary of the craziest gold medal you will ever see.
Aussie skater was outclassed by the quarterfinals but advanced when one of the top 2 was penalized. In the semis, everyone but him and one other crashed and he found himself in the finals. And then this happened:
6
Courage does not always roar. Sometimes courage is the quiet voice at the end of the day saying, "I will try again tomorrow."
1
I am in your Omahas, eating your steaks...
TRAINING: Today's feature is Introduction to Linux Forensics with the always awesome @hal_pomeranz!
Hal will provide the background and information to teach you to properly conduct Linux forensic examinations in this two-day hands-on course.
Register ➡️ kernelcon.org/training#linux…
1
1
24
Just had a "Wait! You do that?" moment with a friend. Yes, I am available as "surge staff" for your professional services team--forensics, IR, etc. Just in case you didn't know.
2
11
Take a moment to reach out to folks you haven't talked to in a while. They'll thank you for making the first move. Put all this technology to good use!
3
10
You get the feeling Microsoft is only going to address the single issue presented here and there will be follow-on exploits of similar nature.
1
7
Hal Pomeranz retweeted
Read these articles from @GeeksCyber to see precisely what analyzing malware looks like. Both posts take you step-by-step with screenshots through reversing & documenting findings. Highly recommended reading!
- cybergeeks.tech/a-step-by-st…
- cybergeeks.tech/dissecting-t…
#DFIR #infosec
42
61
Hal Pomeranz retweeted
This should be fun.
I'll probably be the one throwing in pub-level trivia about the film...
Join @ColumbiaDEFRAG to explore the cultural and political impact of WarGames (1983). An interactive experience featuring a panel of cyber professionals, filmmakers and storytellers, guides the audience into cybersecurity and its relationship to Hollywood.
eventbrite.com/e/defrag-pres…
1
1
Hal Pomeranz retweeted
The "Backup Operators" group in your Active Directory can remote in to your Domain Controllers, and extract the ntds.dit file holding your entire AD along with hashes of all accounts.
Here's the rundown on how you exploit this ...
hackingarticles.in/windows-p…
6
164
3
526
My first in-person training dates in over two years, and in one of my favorite underrated cities. Hope to see you at Kernelcon 2022 for Linux Forensics - kernelcon.org/training#linux…
5
13
This is an extremely fierce takedown of Uber and Lyft pluralistic.net/2022/02/11/b… (via @k8em0)
3
6
Hal Pomeranz retweeted
And another Amcache limitation is documented now: old.reddit.com/r/computerforensi… #DFIR
2
23
1
43