I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
Daily Linux Forensics Trivia #2 — What environment variable setting immediately truncates .bash_history to zero bytes? wildwesthackinfest.com/deadw…
2
7
Trivia Answer #1 — File type was originally only stored in the inode. It was later added to directory entries so that commands like “ls -F” would not have to read every inode in a directory in order to display the file type.
1
3
Hal Pomeranz retweeted
Some commands are overwhelmingly run by attackers on compromised hosts (and seldom ever by regular users in regular usage).
Our @subtee has just released a new (free) Canarytoken to make monitoring these commands trivial.
Read more about it - blog.thinkst.com/2022/09/sen…
17
197
23
606
Hal Pomeranz retweeted
When evaluating Republican candidates now backing away from their "make all abortions illegal" positions, remember the lies Brett Kavanaugh and Amy Coney Barrett told when questioned in their confirmation hearings.
2,307
15,662
627
53,305
Hal Pomeranz retweeted
Seems like a good time to remind everyone to do their scream tests to get rid of zombie servers. (Courtesy of Mark Simos, Microsoft Lead Cybersecurity Architect)
"Microsoft uses a scream test to silence its unused servers" - Inside Track Blog microsoft.com/insidetrack/bl…
15
179
26
827
Signed up for my bivalent COVID booster. This means I'm going to get better 5G *and* WiFi throughput right?
8
21
Daily Linux Forensics Trivia #1 -- Name two places in the Linux file system where the file type is encoded. wildwesthackinfest.com/deadw…
1
8
6
Live Linux Forensics training coming up @WWHackinFest Deadwood! Let's do some daily Linux Forensics trivia as a lead-up! wildwesthackinfest.com/deadw…
34
50
2
95
Hal Pomeranz retweeted
1\ #DFIR: Russian IRON HEMLOCK (APT29) is still abusing sdelete to wipe attacker files as defence evasion.
sdelete tool overwrites filenames with 26 alphabetic entries "AAAA.AAA"... but this is how you can recover the original filename 👇
inversecos.com/2022/09/foren…
9
136
5
397
Hal Pomeranz retweeted
Homeless shelter we bring meals to told us yesterday that because they have so many kids, they’ve been out of milk for 3 days.
Kids in a shelter. In the US. Where there are millions of vacant homes due to real estate investors keeping them vacant.
We *have* to do better as humans
12
70
2
346
Hal Pomeranz retweeted
This is the best piece I have read in a long time!
The Eternal Lyric of Love and Loss: "Goodnight Moon" Author Margaret Wise Brown's Little-Known Poems for the Tragic Love of Her Life themarginalian.org/2022/08/2… via @brainpicker
1
12
1
39
Hal Pomeranz retweeted
It's working, now I need the Altos 8000 MP/M II disks! They're nowhere to be found on the internet. Does anyone happen to have them? Maybe you know someone who knows someone? Please help me get the last working Altos 8000 running in full multi-user mode! #RetroComputing
Feeling inspired today to revisit a machine I got 7 years ago: a Z80 based Altos (with an S!) ACS8000-15A minicomputer. I have a lot more knowledge and a lot more tools than I did back then, so maybe I can get it to do something this time around?
9
34
1
99
My Linux Forensics class @WWHackinFest Deadwood will likely be my last live training this year. I'll be in-person at Deadwood and live-streaming the class for virtual attendees. Hope to see you there! wildwesthackinfest.com/deadw…
2
1
14
Hal Pomeranz retweeted
#DFIR internship and full-time openings with KPMG in Dallas and Chicago for students. Apply by September 7. Great team, leadership, projects, training, and tools.
kpmgcampus.com/campus/Search…
26
1
27
Hal Pomeranz retweeted
Especially for the ladies:
The world will constantly try to make you feel smaller & less capable than you are.
Don’t beat them to it by dressing down your accomplishments or potential, even to yourself.
Boldly assert your knowledge, experience, & ask for a shot at new challenges.
Never let imposter syndrome stop you.
Think you're not good enough for a job? Apply anyway.
Think you're not good enough to contribute to open source? Do it anyway.
Think you're not smart enough to work at, say, Google? Well think again
It's NEVER your job to reject yourself.
1
11
1
43
Hal Pomeranz retweeted
Jason has built many communities. Now his own family needs your help.
If you can, help Jason.
My dad was recently diagnosed with terminal liver disease and is hopeful for a transplant. If you'd like to donate to help him cover his medical expenses (this is difficult to ask), my family has setup a GoFundMe. Thank you.
gofund.me/d93422bf
1
4
12
Hal Pomeranz retweeted
Related technical note -- if you ever find yourself wanting to do some forensics on a URL, play around with this helpful tool: dfir.blog/unfurl/ by @_RyanBenson
2
11
72
Hal Pomeranz retweeted
#Malware Analysis Tip:
Windows registry contains an interesting key (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\UAC\COMAutoApprovalList) that shows all COM objects that auto-elevate, bypassing UAC. Malware may be able to modify or hijack some these to elevate privileges.
14
309
5
1,022