I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

Orlando, FL
Joined November 2008
Replying to @johullrich
Unbelievable amounts of rain— we are way ahead of monthly and annual averages and haven’t even seen major storms this year. Crazy. #MyPoolOverfloweth
Replying to @MalwareJake
Strikes me as an interesting honeypotting technique for defenders
1
4
Daily Linux Forensics Trivia #11 - Yesterday's question asked how to spot processes running from deleted executables during live analysis. How would you recover the deleted executable?
2
1
Then @DfirNotes chimed in with the other typical way for doing this, "lsof +L1", which would show all open but unlinked files ("+L1" means "link count < 1", or zero). If you just want running deleted executables, make it "lsof +L1 -a -d txt"
2
Trivia Answer #10 - @jgasmussen got in first with one good answer: "ls -l /proc/*/exe 2>/dev/null | grep deleted" (bonus points for redirecting stderr!)
1
7
Something I need cis people to understand: Trans people were four times as likely to be violently attacked, three times as likely to go hungry, and twice as likely to live in poverty *and then* all this bullshit started.
7
402
9
1,300
Hal Pomeranz retweeted
Only one more day to get the early bird discount for BSides Augusta! It's always a great con. I was thinking about heading that way, but noticed there are no offensive appsec talks on the schedule. :-(
1
1
Replying to @hacks4pancakes
An organization that is successful because of heroic and/or “last minute” efforts is not a successful organization
1
18
1
86
Hal Pomeranz retweeted
I’m saying this as a manager. Like, have an open dialogue with your boss and give constructive and courteous feedback to your peers first, but if you are constantly silently saving the day and nobody sees it, they’re probably gonna get promoted and you’re not.
23
92
9
1,003
Hal Pomeranz retweeted
• If you're wrong, admit it. • If you're confused, ask questions. • If you're stuck, seek for help. • If you make mistake, learn from it. • If you learn something, teach others
88
5,424
173
19,536
Hal Pomeranz retweeted
Replying to @soundmigration
They have within the last week fired their entire IT security team and possible due to the reason in article below. secjuice.com/patreon-fired-s…
1
8
2
23
Daily Linux Forensics Trivia #10 - When investigating a live Linux system, how can you detect if a process is running from a deleted binary? [and don't forget to sign up for live Linux forensics training wildwesthackinfest.com/deadw…]
3
3
6
From the early days of Unix file systems, permissions are stored in a packed two-byte field. The upper four bits are the file type. The remaining twelve bits track set-UID, set-GID, "sticky", and then "rwx" perms for owner, group, and other.
1
7
Hal Pomeranz retweeted
Me, an IR Consultant, versus my poor clients who didn't sign up for any of this bullshit.
10
10
4
203
Replying to @k8em0
That I would truly love to see!
1
Replying to @k8em0
I think it would get ugly. They’d want to install their own “old white guy” advisors and have you run things the “old white guy” way. Money never comes without strings.
1
1
Replying to @wimremes
Not if you just use somebody else’s
2
Daily Linux Forensics Trivia #9 - Describe how file permissions are stored in the inode for EXT and XFS.
1
1
3