I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
Unbelievable amounts of rain— we are way ahead of monthly and annual averages and haven’t even seen major storms this year. Crazy. #MyPoolOverfloweth
Daily Linux Forensics Trivia #11 - Yesterday's question asked how to spot processes running from deleted executables during live analysis. How would you recover the deleted executable?
2
1
Then @DfirNotes chimed in with the other typical way for doing this, "lsof +L1", which would show all open but unlinked files ("+L1" means "link count < 1", or zero). If you just want running deleted executables, make it "lsof +L1 -a -d txt"
2
Trivia Answer #10 - @jgasmussen got in first with one good answer: "ls -l /proc/*/exe 2>/dev/null | grep deleted" (bonus points for redirecting stderr!)
1
7
Hal Pomeranz retweeted
Something I need cis people to understand: Trans people were four times as likely to be violently attacked, three times as likely to go hungry, and twice as likely to live in poverty *and then* all this bullshit started.
7
402
9
1,300
Hal Pomeranz retweeted
Only one more day to get the early bird discount for BSides Augusta! It's always a great con. I was thinking about heading that way, but noticed there are no offensive appsec talks on the schedule. :-(
1
1
Hal Pomeranz retweeted
Hackers trojanize PuTTY SSH client to backdoor media company - @billtoulas
bleepingcomputer.com/news/se…
2
105
10
176
An organization that is successful because of heroic and/or “last minute” efforts is not a successful organization
1
18
1
86
Hal Pomeranz retweeted
I’m saying this as a manager. Like, have an open dialogue with your boss and give constructive and courteous feedback to your peers first, but if you are constantly silently saving the day and nobody sees it, they’re probably gonna get promoted and you’re not.
23
92
9
1,003
Hal Pomeranz retweeted
• If you're wrong, admit it.
• If you're confused, ask questions.
• If you're stuck, seek for help.
• If you make mistake, learn from it.
• If you learn something, teach others
88
5,424
173
19,536
Hal Pomeranz retweeted
They have within the last week fired their entire IT security team and possible due to the reason in article below.
secjuice.com/patreon-fired-s…
1
8
2
23
Daily Linux Forensics Trivia #10 - When investigating a live Linux system, how can you detect if a process is running from a deleted binary? [and don't forget to sign up for live Linux forensics training wildwesthackinfest.com/deadw…]
3
3
6
From the early days of Unix file systems, permissions are stored in a packed two-byte field. The upper four bits are the file type. The remaining twelve bits track set-UID, set-GID, "sticky", and then "rwx" perms for owner, group, and other.
1
7
Hal Pomeranz retweeted
Me, an IR Consultant, versus my poor clients who didn't sign up for any of this bullshit.
10
10
4
203
I think it would get ugly. They’d want to install their own “old white guy” advisors and have you run things the “old white guy” way. Money never comes without strings.
1
1