Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Load newest
So if it's a user home dir path, we prune our search there. Otherwise print directory names starting with dot.
1
"find / -type d -name .\*" will get you directory names that begin with dot. But dot directories in user home dirs are not unusual. "\( -path /root -o -path /home/\*/\* \)" matches the normal user profile paths and "-prune" says don't go into those dirs.
1
Trivia Answer #30 - The correct answer is "find / \( -path /root -o -path /home/\*/\* \) -prune -o -type d -name .\* -print", but this one deserves some deeper explanation.
1
1
Replying to @dandlsv @bettersafetynet @joswr1ght
Always buy Zojirushi — I use mine all the time and it lasts for years and years
1
Replying to @bettersafetynet @dandlsv @joswr1ght
Sorcery!
1
1
Hal Pomeranz retweeted
4n6lady
 @4n6lady
5 Oct 2022
Here, take this Googling guide, it's dangerous out there!
1
11
47
Replying to @diami03
Welcome, sister! Your membership card is in the mail.
Replying to @webjedi
Another goat meme for @RobertMLee
3
Daily Linux Forensics Trivia #30 - Write a "find" expression to locate directories whose names begin with a dot (".") and which are not located in a user's home directory.
1
1
Some folks suggested looking at /etc/issue or /etc/motd. While these files often contain the distro/version info, they are also just as likely to have been edited and contain a site-specific message without the OS information.
Other distros may also have another /etc/*-release file, like /etc/lsb-release on Debian/Ubuntu or /etc/redhat-release on RHEL/Fedora/CentOS
1
Trivia Answer #29 - Shout out to @Grabbi_it for chiming in with the answer. Mount your evidence and look at /etc/os-release, which should be there regardless of which distro you have been given.
1
2
4
And while you're there take a look at their security monitoring solution for Linux-- so much more than a typical XDR solution.
Check out this fun little tool from my friends @SpyderbatInc -- a historical process and performance monitoring tool for Linux spyderbat.com/all-posts/moni…
1
12
23
Replying to @wendynather @Tactical3dge
But does @EnglishRyno love getting caught in the rain?
1
2
Replying to @bettersafetynet
Says the man with little to no sense of smell/taste…
“Our new medicine costs thousands per month, but your insurance covers it! Oh you say it’s not covered? Here’s a coupon so you can get it for $25/mo!” — Why do we keep letting this scam play out?
2
1
4
Hmmm, thinking I should steal this idea…
1
These implement a really cool technique for parsing data structures from c headers. This is the type of stuff I love to see and study! great stuff @foxit #DFIR
Dirk-jan @_dirkjan
4 Oct 2022
Fox-IT just open sourced their enterprise forensics tooling dissect. This is a big project that some of the smartest people I know have worked on. It supports many filesystems and file formats, all as Python libraries. Docs: docs.dissect.tools / code: github.com/fox-it/dissect
2
2
12
Replying to @hal_pomeranz @WWHackinFest
Daily Linux Forensics Trivia #29 - You are given a disk image of a Linux system. How do you determine which distro and version it is?
6
9
1
14
Load more