I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

Orlando, FL
Joined November 2008
Feeling a little under the weather after a trip. Now it’s time to play the fun guessing game—“Cold or COVID?” Testing negative so far.
1
8
Next time I’m paying extra for XL
1
1
Thank you to everybody who made @WWHackinFest happen this year. Got to catch up with old friends and make new ones!
1
16
Think about these ideas when you get to meet your heroes. I believe you will have a much more authentic and valuable interaction. And maybe we’ll break down some barriers along the way.
1
1
3
The golden rule applies here. How would you like somebody to approach you? Would you like them to get to know something authentic about you? Would you like them to express interest in what’s important to you?
1
1
1
The result is a persona that in no way reflects who your hero truly is. If you expect the persona to be the person, you’ll likely be disappointed. It’s also incredibly isolating for the person who is being asked to play the role others have made for them.
1
1
6
What you think you know about them is based on the tiny slice of themselves they choose to share on social media. This gets mixed together with a lot of other speculation that people choose to project into the mix.
1
1
As we return to in-person events, more of us are getting the opportunity to interact with our heroes in the InfoSec community. When you get a chance to interact with these folks remember:
2
2
4
Last day of pre-conference training @WWHackinFest — let’s make it awesome!
1
12
The journey to Deadwood begins! Look out @WWHackinFest here I come!
1
15
Note that under "relatime" atimes will also be updated if the current atime is more than 24hrs old. The upshot is that atime often indicates the FIRST time a program is executed during an incident, rather than the last time as we would infer when atimes were updated every access.
1
1
Trivia Answer #34 - By default EXT uses "relatime" ("relative atimes") which means that atimes are only updated if the mtime on the file is newer than the atime at the moment the file is read.
1
1
2
For the weekday crowd...
Full-time, fully remote (but USA citizens only) IR job - careers.unitedhealthgroup.co… [posting on behalf of the hiring manager]
1
When the patriarchy sends foot soldiers to try to trip you up, it helps to remember they are victims of it too. Tread gently & kindly as you step over their heads. Take no prisoners, harvest no trophies. They are already suffering. Leave a path clear for them to join you later
4
16
85
Full-time, fully remote (but USA citizens only) IR job - careers.unitedhealthgroup.co… [posting on behalf of the hiring manager]
2
1
1
Oh come on. If you know me at all, you knew I would end on a file systems question!
1
3
Daily Linux Forensics Trivia #34 [last daily trivia before @WWHackinFest!] - How are atimes handled by default in EXT?
3
1
3
Shout outs to @DfirNotes, @Jim_Hendrick, and especially to my fellow IRIX sufferer @clarkgaylord
Trivia Answer #33 - False. Any account with UID 0 has superuser privileges, and multiple accounts with the same UID are allowed. Attackers will sometimes create additional UID 0 accounts (or change the UID of an existing account) as a back door.
1
2
Daily Linux Forensics Trivia #33 - True or False: The only superuser account that can exist on a Linux system is the "root" account.
10
3
1
8