Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Filter
Exclude
Time range
-
Near
Load newest
As long as people keep depliying Fortinet I’ll always have plenty of #DFIR work
Gi7w0rm @Gi7w0rm
7 Oct 2022
#Fortinet is currently advising it's customers on a high severity #vulnerability in FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1 FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0 #CVE: CVE-2022-40684 #authbypass #RCE #prepareforimpact @campuscodi @uuallan @GossiTheDog
1
Replying to @hal_pomeranz @wimremes
I was messaging him earlier in the year about getting together when I came out for KernelCon. Sadly, that trip never happened.
1
Replying to @wimremes
I got to know Kevin and Robin when I was working that crazy long gig in Omaha. They lived in the next state over and I’d road trip over there every so often for home-cooked meal and good company.
1
1
Replying to @bettersafetynet
Sorcery!
2
Every time I read about one of these exploits it always reminds me of this scene youtube.com/watch?v=iqueZ1…
Daniel Cuthbert @dcuthbert
7 Oct 2022
The attacks against web3 are something else. Numbers are staggering, the abuse of functions mind-blowing
Replying to @RobertMLee @serino_gus @hacks4pancakes
Dress Rob up however you want. But when the beard goes, that’s when he’s gone full dark side.
5
Replying to @wendynather @diami03
Screw that noise. I’ll just be over here in this puddle.
1
For the record, Kevin took the headshot that I use here as my avatar
1
Fuck
Bill Pelletier @awpiii
6 Oct 2022
We lost another of our own this week. Kevin Riggins @kriggins. hamiltonsfuneralhome.com/ser…
1
1
2
Replying to @IanColdwater @hacks4pancakes
How about that one where the attackers unknowingly added the machine to the Tsunami botnet by trusting the wrong SSH backdoor download. Good times.
1
Just to be clear, I'm looking for locations in the file system where scheduled tasks can be configured.
1
Replying to @crash0ver1d3
But where does cron configuration live?
1
Daily Linux Forensics Trivia #31 - Name three places in Linux where scheduled tasks can be configured.
5
4
7
The final "-print" matters here! Because find's default action is "-print", leaving off the final "-print" means that both the "-prune" directories and the dot directories would print out. Specifying "-print" for the dot dirs means the "-prune" dirs won't print. find is weird.
1
So if it's a user home dir path, we prune our search there. Otherwise print directory names starting with dot.
1
"find / -type d -name .\*" will get you directory names that begin with dot. But dot directories in user home dirs are not unusual. "\( -path /root -o -path /home/\*/\* \)" matches the normal user profile paths and "-prune" says don't go into those dirs.
1
Trivia Answer #30 - The correct answer is "find / \( -path /root -o -path /home/\*/\* \) -prune -o -type d -name .\* -print", but this one deserves some deeper explanation.
1
1
Replying to @dandlsv @bettersafetynet @joswr1ght
Always buy Zojirushi — I use mine all the time and it lasts for years and years
1
Replying to @bettersafetynet @dandlsv @joswr1ght
Sorcery!
1
1
Replying to @diami03
Welcome, sister! Your membership card is in the mail.
Load more