I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
Hal Pomeranz retweeted
I’m no monster, so I won’t make you wait in fervent anticipation for the debut post discussing a popular technique in local linux kernel priv escs: overwriting modprove_path 😇
sam4k.com/like-techniques-mo…
1
13
42
And this point is fundamentally why I switched from doing operational infosec work to incident response. Trying to effect change left of boom was burnout inducing. So I’ll see you all when you get to the right.
1
1
Hey Chicagoland friends, I’ll be in town next week working for a client in the Loop. Evenings should be free if anybody is down for a meet-up.
Hal Pomeranz retweeted
Why are people from Norway so good at editing files in Linux?
Their ancestors are vi-kings.
215
1,477
166
9,558
Hal Pomeranz retweeted
This is amazing.
My student @h3xduck spent the last few months studying offensive capabilities enabled by eBPF. I helped him design and write a Linux eBPF rootkit with some cool features. Meet TripleCross! /1
github.com/h3xduck/TripleCro…
7
31
Hal Pomeranz retweeted
☆。 🔐。 ☆ 🔐
。☆🗝☆🗝☆
🔐。\|/。🔐
if you liked it
then you should
have put some
crypto on it
🔐。/|\。🔐
。 ☆🗝☆🗝☆
☆。 🔐。 ☆ 🔐
51
95
12
533
Hal Pomeranz retweeted
I really hated Linux auditing until I found this. Couple it with Laurel and it becomes really easy to ingest these types of logs. Best of all, logging on linux is so rare most adversaries won't see it coming and get caught instantly. Demo here: youtube.com/watch?v=lc1i9h1G…
For #auditd on #Linux you can use my best practice auditd configuration, which is still actively maintained and gets frequent updates via PR
If you've found ways to improve it, please provide them as pull request to help everyone else
github.com/Neo23x0/auditd
9
133
3
509
Happy Bobby Bonilla Day to all the Mets (and Orioles) fans out there! nypost.com/2022/07/01/happy-…
Hal Pomeranz retweeted
The problem we need to solve isn't "How do we slow/eventually stop climate change?" It's "How do we support vulnerable people through the drastic societal changes that will slow our environmental damage to reasonable levels?"
3
90
2
220
Today I'll be giving a rapid intro to eBPF. Hope to see you there! zoom.us/webinar/register/WN_…
2
3
Hal Pomeranz retweeted
Good morning. Today is a great day to review your DNS logs. You might find:
* Malware C2
* Automatic update checks for unauthorized software
* Use of unapproved SaaS (go shadow IT!)
* Website access patterns consistent with insider threats
Go get it folks!
6
39
5
210
