Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Load newest
Replying to @KimZetter @MalwareJake
I enjoyed the recent Anthony Bourdain documentary, and the Beatles “Get Back” was excellent. Next on our watch list is “The Gorge”.
Replying to @k8em0
Hope you feel better soon. Apparently there’s no real reason to hope the idiots will stop. You deserve better.
1
Replying to @fancy_4n6
Your horses are lonely and need additional friends
2
Hal Pomeranz retweeted
Jake Williams @MalwareJake
13 Mar 2022
I wish I could like this more than once.
Go Deep, I'll Look for You @MattSchultz13
12 Mar 2022
I had a mask on & walked into a jammed post office. A guy was leaving, approaching the doors as I entered. He looked at me & muttered loudly “Fucking sheep,” & I hollered back “Nobody wants to hear about your hobbies.” The entire PO exploded in laughter. A few folks clapped.
1
13
50
Hal Pomeranz retweeted
Jabs @CyberSnark
12 Mar 2022
Anyone know of any entry level cybersecurity analyst jobs open? Cybersecurity community college grad (hell yeah!) looking to get their foot in the door somewhere!
58
116
1
447
Hal Pomeranz retweeted
Bellingcat
 @bellingcat
12 Mar 2022
Have you always wanted to give open source investigation a go, but don't know where to start? We've produced this easy to follow guide for beginners to help get you started: bellingcat.com/resources/202…

First Steps to Getting Started in Open Source Research - bellingcat

If you’ve an internet connection, free time, and a stubborn commitment to getting the facts right, then you too, can be an open source researcher.

bellingcat.com
9
269
18
747
Hal Pomeranz retweeted
Ryan "Chaps" Chapman
 @rj_chap
11 Mar 2022
#DFIR Tip: Don't forget to check out the files sitting in `ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\*`. These XML files are snapshotted daily and denote processes using high CPU cycles. See screenshot for a command to review process names/files.
5
121
2
349
Last chance to register for the first in-person run of my Linux Forensics training! If you're looking for a small class setting, this is going to be your best bet! kernelcon.org/training#linux…
7
1
15
Hal Pomeranz retweeted
INVERSECOS 🕸️ @inversecos
9 Mar 2022
1\ How to detect what command line spawned a process with no EDR/AV? 👀 #DFIR If you have a memory sample, this is how you can figure out what cmd spawned the processes by using volshell and memory forensics. STEP BY STEP GUIDE BELOW 👇 👇 👇 👇  #MemoryForensics
22
353
4
1,183
Replying to @elpie
In any conflict the soldiers staring at each other over the barrels of their guns usually have more in common with each other than with the powerful people who put them there. Demonizing the enemy is one tool the powerful use to get people to fight each other.
Hal Pomeranz retweeted
Jake Williams @MalwareJake
9 Mar 2022
This is 100% correct.
This tweet is unavailable
1
11
1
60
Hal Pomeranz retweeted
chompie @chompie1337
8 Mar 2022
Thrilled to share my new blog post: Put an io_uring on it: Exploiting the Linux kernel. Follow me while I learn a new kernel subsystem + its attack surface, find an 0day, build an exploit, + come up with some new tricks. I go deep and demystify the process graplsecurity.com/post/iou-r…
48
648
41
2,419
When #Linux is trending... Time to sudo apt upgrade
2
6
2
24
When Mandiant was responding to Aurora in 2009, Sergei kept trying to hire away their consultants to join Google’s IR team. Now they’re just buying the company.
Scott Crawford @s_crawford@infosec.exchange @s_crawford
8 Mar 2022
Google to acquire @Mandiant for $5.4bn to become part of @googlecloud googlecloudpresscorner.com/2…
3
9
Don’t forget useful interfaces under /proc/<pid> like “fd”, “maps”, “stack”, and “status”. Also don’t forget you can renice a process if it’s running away with the CPU.
Alex Xu
 @alexxubyte
7 Mar 2022
Popular interview question: how to diagnose a mysterious process that’s taking too much CPU, memory, IO, etc? The diagram below illustrates helpful tools in a Linux system. 🔹‘vmstat’ - reports information about processes, memory, paging, block IO, traps, and CPU activity.
2
16
55
New Linux bug gives root on all major distros, exploit released - @LawrenceAbrams bleepingcomputer.com/news/se…

New Linux bug gives root on all major distros, exploit released

A new Linux vulnerability known as 'Dirty Pipe' allows local users to gain root privileges through publicly available exploits.

bleepingcomputer.com
25
495
55
928
Replying to @webjedi
Are you sure that’s not “Stuck in the Middle”? youtube.com/watch?v=ln7Vn_…
1
Hal Pomeranz retweeted
Jesko Hüttenhain @huettenhain
6 Mar 2022
Recent #Emotet downloaders use: XLSX ➡ VBA ➡ batch ➡ PowerShell Based on some great work by @DissectMalware, binary refinery now has a batch deobfuscator. Ripping out those C2s is easier than ever! 🏭 xlxtr | bat | carve -sd b64 | xtp url 🌐 github.com/binref/refinery
1
90
192
Hal Pomeranz retweeted
Cherokee Nation
 @CherokeeNation
7 Mar 2022
Ever wanted to learn the Cherokee language? We have the perfect opportunity! 🙌 Registration is now open for our free online Cherokee #language classes! Classes begin March 20. 🔗 For more information or to register, visit loom.ly/lYqkdIM.
2
26
1
56
Load more