Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Load newest
Normalize sending Thank You notes to people with their Manager Cc'd. It's like hacking but for organizational clout.
59
375
50
2,344
So true!
Chris Sanders 🔎 🧠 @chrissanders88
2 Apr 2021
Student: *asks question about thing* Me: *looks up thing in book I wrote* Student: "Wait, you have to look up something from your own book?" Me: "Well yea, why do you think I took the time to write it all down?" Student: *twitches*
4
How can you possibly learn anything if you believe you already know everything?
4
2
32
Replying to @invertedgeek
And remember the reason they're making you feel dumb is because they probably don't know the answer either and are afraid of being caught out.
1
21
If you’re an InfoSec noob and someone makes you feel like you asked a dumb question, please tag me and I will do everything in my power to make them feel like the dumbest motherfucker in this industry. You belong in tech. You belong in InfoSec. Ask questions. It’s how we learn.
41
194
24
1,468
Replying to @k8em0
High five!
1
Replying to @joswr1ght
You don’t need “-o -perm -6000” there — your earlier clauses will also pick up the suid+sgid case
1
4
Replying to @tliston
I bet @SteveBellovin appreciates it
2
Hal Pomeranz retweeted
Programming Wisdom
 @CodeWisdom
1 Apr 2021
"If it wasn't for C, we'd be writing programs in BASI, PASAL, and OBOL." – Unknown
57
823
74
4,234
Hal Pomeranz retweeted
Lesley Carhart @hacks4pancakes
30 Mar 2021
Hey so, gentle reminder - I’m in a ton of infosec Discords and Slacks. So are a lot of other people who may or may not be at all trustworthy. I know it’s really tempting to talk about IR / engagement stuff on there, but Auntie Lesley reminds you to be mindful of TLP and NDAs.
26
114
13
1,157
.
766
36,939
10,161
141,095
0
Replying to @attrc @mpb
Maybe this will help a little blog.commandlinekungfu.com/2…
6
Replying to @mpb @attrc
awk is particularly useful in this context for selecting on columns: awk -F, '$3 == "192.168.1.1"' input.csv awk -F, '$3 ~ /^192.168./' input.csv
1
1
8
Replying to @bettersafetynet @TimMedin @strandjs
You’re hot too, Mick
1
2
Hal Pomeranz retweeted
Andrew Case @attrc
30 Mar 2021
#DFIR tip: When dealing with CSV files, you can usually avoid Excel & custom scripts when just filtering for particular columns: $ echo "a,b,c,d,e" | cut -d , -f 1,2 a,b $ echo "a,b,c,d,e" | cut -d , -f 1-3,5 a,b,c,e $ echo "a,b,c,d,e" | cut -d , -f 3- c,d,e
16
28
2
117
Replying to @attrc
Also, sort allows you to sort (and even uniq-ify) on columns: sort -t, -k2,2rn -k5,5 input.csv Gives you a reverse numeric sort on column 2 with a secondary alpha sort on column 5
4
6
32
Replying to @fancy_4n6
I rock parallel parking (thanks to too much time spent living in the SF Bay Area)
1
2
Hal Pomeranz retweeted
Jordy Zomer @pwningsystems
9 Mar 2021
I often hear that kernel exploitation is intimidating or difficult to learn. As a result, I’ve decided to start a series of basic bugs and exercises to get you started! pwning.systems/posts/an-intr…

An introduction to Kernel Exploitation Part 1

I’m writing this post because I often hear that kernel exploitation is intimidating or difficult to learn. As a result, I’ve decided to start a series of basic bugs and exercises to get you started!...

pwning.systems
3
74
3
227
Replying to @kriggins
My only beef with that build is that the connectors between the two halves are VERY weak. Our kid’s model won’t lock together anymore because the weight of the two halves has deformed the connectors.
1
2
Hal Pomeranz retweeted
Andrew Morris
 @Andrew___Morris
28 Mar 2021
function gn() { curl -s hxxps://api.greynoise.io/v3/community/$1 | python -m json.tool } ^^ replace "hxxp" w/ "http", drop this in your .bashrc or .bash_profile and use the GreyNoise Community API straight from your terminal without installing anything
8
75
4
337
Load more