Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Load newest
Daily Linux Forensics Trivia #3 - True or False: the mlocate.db file contains timestamps for all listed files.
1
1
3
Replying to @crash0ver1d3 @WWHackinFest
Close! "export HISTSIZE=0" clobbers the history list in memory but has no impact on .bash_history
2
Trivia Answer #2 -- "export HISTFILESIZE=0" immediately truncates $HOME/.bash_history to zero bytes
3
Seems like there is a lot of darkness in the world right now. Hold fast to your truth. Let your light shine.
2
9
Looking forward to seeing everybody!
This tweet is unavailable
1
Replying to @hal_pomeranz @WWHackinFest
Daily Linux Forensics Trivia #2 — What environment variable setting immediately truncates .bash_history to zero bytes? wildwesthackinfest.com/deadw…
2
7
Trivia Answer #1 — File type was originally only stored in the inode. It was later added to directory entries so that commands like “ls -F” would not have to read every inode in a directory in order to display the file type.
1
3
Hal Pomeranz retweeted
Thinkst Canary
 @ThinkstCanary
6 Sep 2022
Some commands are overwhelmingly run by attackers on compromised hosts (and seldom ever by regular users in regular usage). Our @subtee has just released a new (free) Canarytoken to make monitoring these commands trivial. Read more about it - blog.thinkst.com/2022/09/sen…
17
197
23
606
Hal Pomeranz retweeted
Stephen King
 @StephenKing
6 Sep 2022
When evaluating Republican candidates now backing away from their "make all abortions illegal" positions, remember the lies Brett Kavanaugh and Amy Coney Barrett told when questioned in their confirmation hearings.
2,307
15,662
627
53,304
Hal Pomeranz retweeted
kurtsh@mastodon.social @kurtsh
4 Sep 2022
Seems like a good time to remind everyone to do their scream tests to get rid of zombie servers. (Courtesy of Mark Simos, Microsoft Lead Cybersecurity Architect) "Microsoft uses a scream test to silence its unused servers" - Inside Track Blog microsoft.com/insidetrack/bl…
15
179
26
827
Signed up for my bivalent COVID booster. This means I'm going to get better 5G *and* WiFi throughput right?
8
21
Daily Linux Forensics Trivia #1 -- Name two places in the Linux file system where the file type is encoded. wildwesthackinfest.com/deadw…
1
8
6
Live Linux Forensics training coming up @WWHackinFest Deadwood! Let's do some daily Linux Forensics trivia as a lead-up! wildwesthackinfest.com/deadw…
34
50
2
95
Hal Pomeranz retweeted
INVERSECOS 🕸️ @inversecos
6 Sep 2022
1\ #DFIR: Russian IRON HEMLOCK (APT29) is still abusing sdelete to wipe attacker files as defence evasion. sdelete tool overwrites filenames with 26 alphabetic entries "AAAA.AAA"... but this is how you can recover the original filename 👇 inversecos.com/2022/09/foren…
9
136
5
397
Replying to @cyb3rops @Shpantzer
- $I32 date fields in directory indices - MFT slack
1
We don’t need no stinkin’ spleens!
I often wish I had a magic wand that I could wave to make all your ailments fall away, my friend. Wishing you the best in difficult circumstances.
1
Homeless shelter we bring meals to told us yesterday that because they have so many kids, they’ve been out of milk for 3 days. Kids in a shelter. In the US. Where there are millions of vacant homes due to real estate investors keeping them vacant. We *have* to do better as humans
12
70
2
346
Replying to @k8em0
To me the amount of basil is out of whack to the rest of the ingredients. I’d use half that much basil or even less.
2
2
Load more