Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Load newest
Replying to @hal_pomeranz @WWHackinFest
Trivia Answer #8 — Look in $HOME/.local/share/recently-used.xbel for the Nautilus/Nemo file browsing history. XML formatted doc includes file name, app used to open file, and first/last visit times.
1
1
5
Replying to @cartoonlord @stoney27
lost+found gets created when the file system is created. fsck may place orphaned inodes into lost+found if it finds file system damage, but it does not create the directory.
1
**NEW** BHIS | Tester's Blog Linux System Call Monitoring by: moth Published: 9/13/2022 blackhillsinfosec.com/linux-…

Linux System Call Monitoring  - Black Hills Information Security

moth // I’ve been diving deep into Linux lately, with my latest kick being exploring the Linux kernel. I’ve found “The Linux Programming Interface” (TLPI) by Michael Kerrisk, among others, […]

blackhillsinfosec.com
1
11
13
Replying to @randymarchany @bettersafetynet
Amen, brother!
1
Replying to @bettersafetynet
Have we ever had the “How Hal ended up in DFIR” talk? Remind me the next time we are drinking together.
2
6
Hal Pomeranz retweeted
Dylan Beattie @dylanbeattie
13 Sep 2022
Speaker tip: always make one of your presentation slides a full frame screenshot of the Windows Blue Screen of Death, and then forget which slide it is. The unexpected shot of adrenaline will help to keep you focused and alert during your presentation.
21
57
9
406
Replying to @hal_pomeranz @KirrinFinch
It’s hard to imagine a better brand ambassador than Lesley— exec at one of the hottest tech companies on the planet, accomplished hacker, community leader, veteran who helps other veterans, expert martial artist in multiple disciplines. Always willing to fight the good fight.
2
1
5
Replying to @hal_pomeranz @WWHackinFest
Daily Linux Forensics Trivia #8 — Where does the Nautilus/Nemo file browser for the Gnome desktop store browsing history?
2
1
Replying to @hal_pomeranz @DfirNotes
Several folks noted, however, that the known_hosts file is just a text file and can be edited. So perhaps that entry is bogus. I recommend comparing the public host key from the remote system against the public key in the known_hosts entry as an additional level of validation.
2
Replying to @hal_pomeranz @DfirNotes
You would have to check the logs on the remote system to determine if there was any kind of login and what happened from there.
1
1
Trivia Answer #7 — Shout out to @DfirNotes for the first correct response. An entry in known_hosts means the account established an SSH connection to the remote host long enough to exchange public keys. It does NOT tell you whether or not there was a successful login.
1
1
2
Hey @KirrinFinch, one of our community leaders is feeling a profound sense of grief due to the loss of their Kirrin Finch suit. Perhaps you can help Lesley out? Nobody could be more deserving, after helping so many others.
Lesley Carhart @hacks4pancakes
13 Sep 2022
Replying to @hacks4pancakes
Just such a miserable situation. It was from a company called Kirrin Finch that makes suits for non gender conforming people, and it was super gender-affirming, too. I got to wear it once and I was so damn excited to get it.
2
5
1
20
Replying to @hacks4pancakes
I’m sorry for your loss and frustration. It sucks. Putting the cleaners aside for a moment, perhaps you could come at this another way. Reach out to the suit designers, explain the issue and your pain of loss, and see what they can do. You have enormous influencer clout. Use it.
1
3
Hal Pomeranz retweeted
Ed Yong is not here @edyong209
12 Sep 2022
Also people w/ brain fog are also good at hiding it—it’s intermittent and they just don’t see people on the worst days. Stigma also motivates them to present as normal in social situations or doctors’ appts, furthering the false idea that they’re fine. 10/ theatlantic.com/health/archi…

One of Long COVID’s Worst Symptoms Is Also Its Most Misunderstood

Brain fog isn’t like a hangover or depression. It’s a disorder of executive function that makes basic cognitive tasks absurdly hard.

theatlantic.com
23
320
39
2,535
Hal Pomeranz retweeted
Larry W. Cashdollar @_larry0
11 Sep 2022
Facebook scam, I’m selling a desk and they’re pretending to be interested. They’re using my cell number to attempt to sign up for google voice. Remember never share your 2FA codes.
32
315
18
985
Hal Pomeranz retweeted
Aliyya Swaby @AliyyaSwaby
12 Sep 2022
We wanted to make sure people who struggle with literacy and with getting assistance to vote understood their rights under federal law. So @asiakmfields created a guide in plain language and available in 11 languages. Please share with anyone who might need it.
ProPublica @propublica
12 Sep 2022
You have the right to vote even if you don’t speak or read English. This guide will tell you about your right to ask for help, how to vote and what to do if you have problems. Available in 11 languages 🧵👇 propublica.org/article/guide…
2
57
1
85
Replying to @HECFBlog @CdtDelta @lee_whitfield
Let me know when you are ready for some 1099 help
2
Replying to @lee_whitfield
Congrats and bon voyage!
1
We updated our blog on the Linux trojan XorDdos with new information on initial access and payload, including details on a rootkit component that we found while investigating a XorDdos sample we saw in June 2022: msft.it/6012jvVgq

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices | Microsoft...

Observing a 254% increase in activity over the last six months from a versatile Linux trojan called XorDdos, the Microsoft 365 Defender research team provides in-depth analysis into this stealthy...

microsoft.com
2
79
2
121
Daily Linux Forensics Trivia #7 -- You find an entry for a suspicious IP address in /root/.ssh/known_hosts. What conclusions can you draw from this artifact?
4
3
Load more