I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

Orlando, FL
Joined November 2008
She heads to Carnegie Mellon in August as the newest member of the diving team! 😳
1
With apologies to Sgt Pepper - “All you need is Splunk! All you need is Splunk! All you need is Splunk! Splunk! Splunk is all you need!”
5
19
Replying to @codeslack
Let me know how that goes. We’re thinking of sending Spawn0 off to college with one.
1
1
Hal Pomeranz retweeted
She struck out Hank Aaron. And Ted Williams. Underhanded. She played 19 years on the LPGA. Once scored 67 points as an all-American basketball player. And won a state bowling championship a month after taking up the sport. nytimes.com/2022/03/29/sport… #RIPJoanJoyce
9
173
15
640
Love doing "side by side" mode on my double-wide monitor with two laptops. Wish the monitor had a magic, intelligent KVM switch that would seamlessly move my external mouse/keyboard connection to the right machine when I try and track between the two desktops.
3
5
Replying to @ThisIsAGorecki
Rarely-- but that's partially because of my role as a third-party. Sites that are mature enough to have enabled this event also likely have in-house IR capability, so I'll almost never visit them.
1
Replying to @charliesidjan
Hahaha Sysmon. I never get that. I rarely get the 4688s.
1
Replying to @bettersafetynet
Do the PBMplus utilities have something for that?
My DFIR happy place is a Windows event log with 4688 events. Third-party IR consulting teaches you to have modest expectations at best.
6
9
59
Replying to @k8em0
Unfortunately the greedy and selfish seem to be conspiring much harder than the decent folks lately.
1
Hal Pomeranz retweeted
Assumption is the worst kind of communication.
8
19
122
Hal Pomeranz retweeted
If this was happening anywhere else, we'd be talking about that country like it was a failed state.
ONE MORE TIME -- THE CHIEF OF STAFF TO THE PRESIDENT OF THE UNITED STATES WHO WAS TRYING TO STAY IN POWER ILLEGALLY-PLOTTED WITH THE WIFE OF A SUPREME COURT JUSTICE WHO COULD’VE ENDED UP RULING ON THE TRANSITION OF POWER -
3
20
130
“It’s Friday evening. Do you know where your compromise is?”
1
2
10
Hal Pomeranz retweeted
This book should be in your reading list if you are learning memory forensics #DFIR
If you want to understand how programs load into memory and how the transformation from an executable on disk to a program in memory works, then read Linkers and Loaders: iecc.com/linker/ #DFIR #infosec
5
10
External validation is a fickle dream to pursue. Satisfaction comes from within.
1
1
3
Hal Pomeranz retweeted
Almost like they're trying to control spread. What a novel freaking idea...
This tweet is unavailable
11
44
Hal Pomeranz retweeted
I put together a list of RSS feeds from official government CERTs. Please feel free to contribute, and if you like it please RT for reach. 🙂 github.com/pulsedive/certrss
13
19
Replying to @malanalysis
I’ve also worked at places where everybody thought they were so smart that they constantly reinvented the wheel without any critical thought about how existing solutions might in fact be better. Beware the traps of extremes.
1
7