Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Load newest
Replying to @falconsview
Homestly I am too
1
Replying to @hal_pomeranz @falconsview
Check out the 1* reviews on these apps for the real story.
1
Replying to @falconsview
They have you deposit money first (not sure how they motivate that behavior) and then never let you withdraw your “winnings”.
1
1
Replying to @BasebaIlKing @webjedi
Ball 4, runner advances safely to second. Throw/tag doesn’t matter. Just playing silly buggers.
4
Replying to @fwiles
More 😃
1
Daily Linux Forensics Trivia #14 - If the default log rotation policy has not been changed, roughly how many days worth of logs should you expect to find on a Linux system?
2
1
On older systems, look under /var/lib/dhc* for similar files.
2
Trivia Answer #13 - On modern Linux distros, look in /var/lib/NetworkManager for dhclient-<GUID>-<NIC>.lease files. These are text files containing details of DHCP leases acquired. They are not normally cleaned up and may cover the entire lifetime of the equipment.
1
1
3
Hal Pomeranz retweeted
Jason Kint @jason_kint
17 Sep 2022
Dropping this in the thread here as @riptari at @TechCrunch did an amazing job explaining this Facebook lawsuit and the latest discovery. This isn’t unexpected as she’s one of the best in the biz at unpacking data and privacy issues. /25 techcrunch.com/2022/09/16/un…

Unsealed docs in Facebook privacy suit offer glimpse of missing app audit | TechCrunch

The revelations provide a glimpse into the privacy-free zone Facebook was presiding over when a "sketchy" data company helped itself to millions of users' data.

techcrunch.com
2
21
37
I'm not certain it is widely appreciated that excess US deaths in 2022 nearly exactly match excess deaths in 2021. There is nothing about this pandemic that is "winding down" except for public health response, workplace safety precautions, and funding to keep it from worsening.
wsbgnl @wsbgnl
12 Sep 2022
Cumulative Excess Deaths in the US, 2021 vs 2022 data.cdc.gov/NCHS/Excess-Dea…
29
1,632
46
3,445
Where by “decimal variable” I think they meant “floating point variable”. Sigh.
Replying to @MalwareJake
I’m just going to stick with what I first saw, because that reality is so much cooler!
7
Daily Linux Forensics Trivia #13 - Your suspect claims they never connected their Linux laptop to their neighbor's WiFi network. What Linux artifact could you use to disprove this claim?
2
1
4
Substitute the path where you have your evidence mounted for "/etc/localtime" in these examples, e.g. "/mnt/evidence/etc/localtime".
1
Finally, I've seen cases where /etc/localtime is simply a copy of a file from /usr/share/zoneinfo. In this case, "zdump /etc/localtime" will display the current time with the time zone indicated in the output.
1
1
On other Linux distros, /etc/localtime is a symlink to the timezone file under /usr/share/zoneinfo - use "ls -l /etc/localtime" or "readlink /etc/localtime" to view.
1
1
2
Trivia Answer #12 - Shout out to @JPoForenso for a pretty complete solution. It turns out not all Linux distros are the same in this. Some have an /etc/timezone file that contains the time zone name in text format.
1
1
3
Replying to @k8em0
If only we knew a boss like that…
1
Replying to @hal_pomeranz @WWHackinFest
Daily Linux Forensics Trivia #12 - Given only a disk image, how do you determine the default timezone of a Linux system?
3
5
Trivia Answer #11 - @MalwareJake checked in with the correct answer: “cat /proc/<pid>/exe > /path/to/newfile”. The “cp” command works too. Try to write the recovered file someplace that won’t mess up your evidence.
3
Load more