Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Load newest
This means that web requests that take longer than usual to be fulfilled may be logged later than shorter duration requests that were actually received after the slow web request. Shout outs to @DfirNotes and @mboelen on this one!
1
Trivia Answer #32 - It is actually not uncommon to find Apache log entries out of chronological order. The log timestamps show the time the web request was received, but the log entries are not written until the web response is completed.
1
1
3
If you get a chance to see the musical “Six” you should definitely go. Super fun, high energy show!
This is a wild, hopeful story: grad students at @Northeastern successfully pushed back against digital workplace surveillance, through fearless solidarity and the bright light of publicity. It's a tale of hand-to-hand, victorious combat with the #ShittyTechnologyAdoptionCurve. 1/
19
1,123
190
3,265
A decade ago, many tech companies had newer code bases & a chance to rearchitect for security without too much world impact. Now, we see many orgs stuck supporting legacy code long abandoned with no owners left who know which code is load bearing so they don’t touch it for years.
10
21
3
120
Joking with some colleagues and I said, “I have bug reports that are older than some of you!” And we all laughed until we realized it was actually true. And then it got real quiet.
3
2
62
Hal Pomeranz retweeted
Bryson 🦄 @brysonbort
29 Jun 2022
I've had the privilege to work with some of the greatest hackers on the planet: they were all good at different things. There is no one path or outcome. Climb your own mountain.
1
10
2
89
Daily Linux Forensics Trivia #32 - You find entries in an Apache web server log whose timestamps are out of chronological order. Does this mean the log has been tampered with?
3
2
And finally systemd gets into the mix (like it always does) with /etc/systemd/system/timers.target.wants and $HOME/.local/share/systemd
Don't forget "at" jobs under /var/spool/at/spool or /var/spool/cron/atjobs
1
2
10
Then there's Anacron which owns the /etc/cron.{hourly,daily,monthly} jobs
1
1
5
Let's start with traditional aka "Vixie" cron (yes, named after @paulvixie who isn't just "that BIND guy") which uses /etc/crontab, /etc/cron.d, and /var/spool/cron/crontabs
2
2
Trivia Answer #31 - Kudos to @CraigHRowland for checking in with a scarily complete answer. Honorable mention to @jwmwi. The full answer is long, so buckle up friends...
1
2
The burning question on my mind this morning is this: "We've Got Tonight" - Kenny Rogers or Bob Seger?
3
1
As long as people keep depliying Fortinet I’ll always have plenty of #DFIR work
Gi7w0rm @Gi7w0rm
7 Oct 2022
#Fortinet is currently advising it's customers on a high severity #vulnerability in FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1 FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0 #CVE: CVE-2022-40684 #authbypass #RCE #prepareforimpact @campuscodi @uuallan @GossiTheDog
1
Every time I read about one of these exploits it always reminds me of this scene youtube.com/watch?v=iqueZ1…

"Paper Moon" Five and Ten

Practicing the art of distraction.From the 1973 movie "Paper Moon" starring Ryan and Tatum O'Neal.

youtube.com
Daniel Cuthbert @dcuthbert
7 Oct 2022
The attacks against web3 are something else. Numbers are staggering, the abuse of functions mind-blowing
For the record, Kevin took the headshot that I use here as my avatar
1
Fuck
Bill Pelletier @awpiii
6 Oct 2022
We lost another of our own this week. Kevin Riggins @kriggins. hamiltonsfuneralhome.com/ser…
1
1
2
Just to be clear, I'm looking for locations in the file system where scheduled tasks can be configured.
1
Load more