I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
In any conflict the soldiers staring at each other over the barrels of their guns usually have more in common with each other than with the powerful people who put them there. Demonizing the enemy is one tool the powerful use to get people to fight each other.
Don’t forget useful interfaces under /proc/<pid> like “fd”, “maps”, “stack”, and “status”. Also don’t forget you can renice a process if it’s running away with the CPU.
Popular interview question: how to diagnose a mysterious process that’s taking too much CPU, memory, IO, etc?
The diagram below illustrates helpful tools in a Linux system.
🔹‘vmstat’ - reports information about processes, memory, paging, block IO, traps, and CPU activity.
2
16
55
Are you sure that’s not “Stuck in the Middle”? youtube.com/watch?v=ln7Vn_…
1
And steak. So much steak. nom nom nom
Training registration is still open!
Don't miss amazing courses like Linux Forensics with @hal_pomeranz! Instead of virtual classes filled with distractions put your training budget toward an intimate in-person experience with an expert instructor‼️
kernelcon.org/training#linux… 🐧
2
Thanks @TireKingdom for saving our weekend with a quick patch on the family minivan tire that had taken a nail. Been a customer for years, recommend them highly!
1
Soft skills (managing your customer, dealing with local political issues) is definitely part of it. There are also logistical issues around dealing with large amounts of (sometimes remote) evidence that can be fun to solve.
1
Why do you love #DFIR? For me it's:
1) Love problem solving-- DFIR is a constant stream of puzzles (technical and non-technical)
2) Researching how things work-- DFIR is an open field (so much we don't know)
3) Helping others and fighting the good fight
5
8
4
42
Not only exhausting and stressful, but also requires a substantial body of knowledge, acquired through both training and experience, in order to be successful. There are few of us because the barriers to entry are high.
senior incident leaders are rare, you can look on Twitter or LinkedIn and find a handful of us.
partly bc the work is exhausting and stressful.
but it Hella pays the bills.
3
3
5
I don’t know where that data is coming from but those salaries seem very low based on my experience.
3
5
Yeah, the market is just weird right now. Sadly I'm afraid that some of the low-bid DFIR work is going to result in a bigger bill later related to failure to adequately address the intrusion.
3
5
Somebody just offered me a gig doing DFIR with malware analysis for $75-85/hr. That’s not even close to market rates. What the heck is going on these days?
20
6
4
58
I agree it's a terrible precedent. I'm glad I'm not the one with the authority to make that call because right now my "better angels" are screaming for payback.
1
1