Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Load newest
Then there's Anacron which owns the /etc/cron.{hourly,daily,monthly} jobs
1
1
5
Let's start with traditional aka "Vixie" cron (yes, named after @paulvixie who isn't just "that BIND guy") which uses /etc/crontab, /etc/cron.d, and /var/spool/cron/crontabs
2
2
Trivia Answer #31 - Kudos to @CraigHRowland for checking in with a scarily complete answer. Honorable mention to @jwmwi. The full answer is long, so buckle up friends...
1
2
The burning question on my mind this morning is this: "We've Got Tonight" - Kenny Rogers or Bob Seger?
3
1
Replying to @JohnJHarwood @falconsview
And their constituents don’t care because they view any opposition as an existential threat. Keeping score on political hypocrisy doesn’t move the needle anymore.
3
Replying to @falconsview
In all seriousness we’ve seen remote exploits with all of the popular brands with some regularity. The firmware in these devices seems like it’s mostly crap. Poor Fortinet is just the exploit du jour.
1
As long as people keep depliying Fortinet I’ll always have plenty of #DFIR work
Gi7w0rm @Gi7w0rm
7 Oct 2022
#Fortinet is currently advising it's customers on a high severity #vulnerability in FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1 FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0 #CVE: CVE-2022-40684 #authbypass #RCE #prepareforimpact @campuscodi @uuallan @GossiTheDog
1
Replying to @hal_pomeranz @wimremes
I was messaging him earlier in the year about getting together when I came out for KernelCon. Sadly, that trip never happened.
1
Replying to @wimremes
I got to know Kevin and Robin when I was working that crazy long gig in Omaha. They lived in the next state over and I’d road trip over there every so often for home-cooked meal and good company.
1
1
Replying to @bettersafetynet
Sorcery!
2
Every time I read about one of these exploits it always reminds me of this scene youtube.com/watch?v=iqueZ1…

"Paper Moon" Five and Ten

Practicing the art of distraction.From the 1973 movie "Paper Moon" starring Ryan and Tatum O'Neal.

youtube.com
Daniel Cuthbert @dcuthbert
7 Oct 2022
The attacks against web3 are something else. Numbers are staggering, the abuse of functions mind-blowing
Replying to @RobertMLee @serino_gus @hacks4pancakes
Dress Rob up however you want. But when the beard goes, that’s when he’s gone full dark side.
5
Replying to @wendynather @diami03
Screw that noise. I’ll just be over here in this puddle.
1
For the record, Kevin took the headshot that I use here as my avatar
1
Fuck
Bill Pelletier @awpiii
6 Oct 2022
We lost another of our own this week. Kevin Riggins @kriggins. hamiltonsfuneralhome.com/ser…
1
1
2
Replying to @IanColdwater @hacks4pancakes
How about that one where the attackers unknowingly added the machine to the Tsunami botnet by trusting the wrong SSH backdoor download. Good times.
1
Just to be clear, I'm looking for locations in the file system where scheduled tasks can be configured.
1
Replying to @crash0ver1d3
But where does cron configuration live?
1
Daily Linux Forensics Trivia #31 - Name three places in Linux where scheduled tasks can be configured.
5
4
7
The final "-print" matters here! Because find's default action is "-print", leaving off the final "-print" means that both the "-prune" directories and the dot directories would print out. Specifying "-print" for the dot dirs means the "-prune" dirs won't print. find is weird.
1
Load more