Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Load newest
Props to 🐘ilikepi@hachyderm.io for checking in with the first correct answer to yesterday's Linux DFIR command line trivia. Let's break this down line by line: 1. The lsof pipeline grabs the username and path name of all ssh-agent sockets as well as… infosec.exchange/@hal_pomera…

Hal Pomeranz (@hal_pomeranz@infosec.exchange)

Props to @ilikepi@hachyderm.io for checking in with the first correct answer to yesterday's Linux DFIR command line trivia. Let's break this down line by line: 1. The lsof pipeline grabs the username...

infosec.exchange
#CyberCrime #Zeus 🐘briankrebs@infosec.exchange reports that one of the “old wolves” of Ukrainian cybercrime was arrested in Switzerland krebsonsecurity.com/2022/11/…
1
Here's a fun #Linux #DFIR #CommandLine #Trivia question with a little #RedTeam flavor. You find the following commands in /root/.bash_history: lsof -c /ssh/ | awk '$5 == "unix" && $NF != "socket" {print $3, $NF}' export… infosec.exchange/@hal_pomera…

Hal Pomeranz (@hal_pomeranz@infosec.exchange)

Here's a fun #Linux #DFIR #CommandLine #Trivia question with a little #RedTeam flavor. You find the following commands in /root/.bash_history: lsof -c /ssh/ | awk '$5 == "unix" && $NF != "socket"...

infosec.exchange
1
3
4
Apparently the most confusing part of yesterday's #Linux #DFIR #CommandLine #Trivia was my wording of the question. Sorry, didn't mean to turn this into a CISSP exam! The basic question was can you arbitrarily set ctime and btime in an EXT… infosec.exchange/@hal_pomera…

Hal Pomeranz (@hal_pomeranz@infosec.exchange)

Apparently the most confusing part of yesterday's #Linux #DFIR #CommandLine #Trivia was my wording of the question. Sorry, didn't mean to turn this into a CISSP exam! The basic question was can you...

infosec.exchange
Excited to be participating in 🐘ComfyConAU@infosec.exchange. The conference kicks off Sunday at 11am AEST. My sources tell me that's 7pm SATURDAY NIGHT her in US Eastern time. Looks like I'll be going at 7:50pm au.comfycon.rocks/schedule
1
And how about some love for Brian Kernighan showing off his sexy Unix command line chops in this Bell Labs video youtube.com/watch?v=tc4ROC…
1
True or false: There is no way to arbitrarily set ctime or btime on an existing file in an EXT or XFS file system. #Linux #DFIR #CommandLine #Trivia
2
1
Despite pessimism from 🐘tliston@infosec.exchange, lots of people checked in with the correct answer to yesterday’s #Linux #DFIR #CommandLine #Trivia. The command name “awk” comes from the initials of its creators—Al Aho, Peter… infosec.exchange/@hal_pomera…

Hal Pomeranz (@hal_pomeranz@infosec.exchange)

Despite pessimism from @tliston, lots of people checked in with the correct answer to yesterday’s #Linux #DFIR #CommandLine #Trivia. The command name “awk” comes from the initials of its creators—Al...

infosec.exchange
1
#Mondog is for pup pics you say? This is Lucy. We should all be as happy as a dog at an off-leash dog park.
Another night writing reports. I cannot emphasize enough how important #writing skills are for many jobs in the tech industry. The old joke in the #DFIR community applies: “Forensicate for show, report for dough.” I don’t get paid unless… infosec.exchange/@hal_pomera…

Hal Pomeranz (@hal_pomeranz@infosec.exchange)

Another night writing reports. I cannot emphasize enough how important #writing skills are for many jobs in the tech industry. The old joke in the #DFIR community applies: “Forensicate for show,...

infosec.exchange
2
6
Today’s #Linux #DFIR #CommandLine #Trivia asks where does the command name “awk” come from? Shout out to 🐘tliston@infosec.exchange who thinks you young whipper snappers don’t even know what awk is.
4
7
The first and best answer to yesterday's #Linux #DFIR #CommandLine #Trivia comes from Linkavych: readlink -f /proc/*/exe | sort The first lesson here is never be afraid to get the answers you need directly from /proc. This saves a lot of… infosec.exchange/@hal_pomera…

Hal Pomeranz (@hal_pomeranz@infosec.exchange)

The first and best answer to yesterday's #Linux #DFIR #CommandLine #Trivia comes from @Linkavych@twitter.com: readlink -f /proc/*/exe | sort The first lesson here is never be afraid to get the...

infosec.exchange
2
10
This is Maddie. She was a feral kitten who got separated from her family during Hurricane Matthew. I found her in a parking lot, infested with hookworms, severely anemic, dehydrated, and starving. Danielle always jokes we should have… infosec.exchange/@hal_pomera…

Hal Pomeranz (@hal_pomeranz@infosec.exchange)

Attached: 2 images · Content warning: #caturday

infosec.exchange
For today's #Linux #DFIR #CommandLine #Trivia I want a command to produce a sorted list of the executable paths for all running processes on the system.
5
10
Props to istar_nil for a great answer to yesterday's #Linux #DFIR #CommandLine #Trivia: ps -ef | tail +2 | awk '{ print $1 }' | sort | uniq -c | sort -nr First off, *chef's kiss* to the "tail +2" to skip the initial header line in… infosec.exchange/@hal_pomera…

Hal Pomeranz (@hal_pomeranz@infosec.exchange)

Props to @istar_nil@twitter.com for a great answer to yesterday's #Linux #DFIR #CommandLine #Trivia: ps -ef | tail +2 | awk '{ print $1 }' | sort | uniq -c | sort -nr First off, *chef's kiss* to the...

infosec.exchange
1
3
aws ec2 describe-vpcs | jq -r '.Vpcs[] | .VpcId' | while read id; do echo ===== $id aws ec2 delete-vpc --vpc-id $id done That's how my day is going. How's yours?
1
1
Seeing that there is a 🐘tech.lgbt@infosec.exchange instance made my day a little brighter today. Sometimes living in #Florida makes me feel like I'm in the epicenter of a hate storm, and I fear for my #LGBTQ friends and family. Keep shining and protecting each other, you all!
3
For all you #PCAP ninjas, I feel like I should throw a shout-out to "tshark -Tfields ..." which is basically "awk" for packets. tcpdump is great for breaking down huge PCAPs. But once they are a manageable size, nothing beats tshark for extracting just the fields you need.
2
6
I've been a #Unix/#Linux user since 1985, and arguably I may be a bit stuck in my ways. But when I think about new #CommandLine tools I've picked up recently, none of them have had the impact on my life that the "jq" command has. Between APIs and… infosec.exchange/@hal_pomera…

Hal Pomeranz (@hal_pomeranz@infosec.exchange)

I've been a #Unix/#Linux user since 1985, and arguably I may be a bit stuck in my ways. But when I think about new #CommandLine tools I've picked up recently, none of them have had the impact on my...

infosec.exchange
1
9
From the Linux command line, give a count of the number of active processes per user, sorted in descending order by count. #Linux #DFIR #CommandLine #Trivia
5
5
Load more