Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Load newest
I’m just going to put this out to the universe. I would love to find a training partner that would help me bring my Linux Forensics training to Japan.
5
6
1
20
Please tell me @BSidesNOLA will return soon! I miss all y’all lunatics!
2
1
Easy choice. Good cause.
Antisyphon Training @Antisy_Training
22 Sep 2022
Thank you to @hal_pomeranz for choosing @RuralTechFund for his donation from his "Linux Forensics" and "SELinux – Necessary and Not Evil!" classes!
1
6
Replying to @wesdrone
Forget "Turing complete", the real question is can you write Tetris in the language? github.com/uuner/sedtris

GitHub - uuner/sedtris: Tetris in sed

Tetris in sed. Contribute to uuner/sedtris development by creating an account on GitHub.

github.com
1
1
What scripting language have I used most in my career (counting number of different projects, rather than lines of code)? It’s SQL by a mile.
2
1
7
Replying to @RayDavidson @WWHackinFest
Anybody who is teaching or attending the pre-event training should be getting in Monday. Are you sure there is no shuttle being arranged?
1
My office-mate snores
1
Daily Linux Forensics Trivia #17 - Explain this configuration from /etc/sudoers: "%wheel ALL : (ALL) ALL" [and don't forget to sign up for my 2-day Linux Forensics training at wildwesthackinfest.com/deadw…]
1
2
3
Trivia Answer #16 - EXT4 uses 48-bit block addresses. Apparently the developers were concerned that 64-bit addresses would result in file systems that were so large that they could potentially not be fsck-ed in a reasonable amount of time.
1
1
4
Replying to @fancy_4n6
So this would be the wrong time to mention that I’m working on a trip to Australia in Mar/Apr 2023?
2
4
Replying to @josephwshaw
@JBeanDesign has been fortunate to teach at the high school our two oldest have attended. It’s been a good thing for them to be together.
1
1
Replying to @hal_pomeranz @WWHackinFest
Daily Linux Forensics Trivia #16 - How many bits are block addresses in EXT4?
1
2
3
Replying to @hal_pomeranz @WWHackinFest
Trivia Answer #15 - The typical Syslog log timestamp is “Mon dd hh:mm:ss”, e.g. “Sep 21 7:49:34”. The regex “[A-Z][a-z]{2} +[0-9]+ +[0-9]+:[0-9]{2}:[0-9]{2} “ matches this pattern and is effective at finding old/deleted log entries in unallocated.
1
5
When life gives you leftover rice, make rice pudding
1
1
Hal Pomeranz retweeted
DFIR Training
 @DFIRTraining
20 Sep 2022
It is not the tool, but the examiner that does the forensics. #DFIR #infosec #digitalforensics

Tools are instrumental in #DFIR, but...

dfir.training
4
14
37
Hal Pomeranz retweeted
Chad Tilbury
 @chadtilbury
20 Sep 2022
How to Detect and Prevent impacket's Wmiexec crowdstrike.com/blog/how-to-… >> Great set of forensic artifacts detailed for tracking Impacket attack tools
3
101
2
214
Replying to @fwiles
Hal Pomeranz @hal_pomeranz
20 Sep 2022
Replying to @hal_pomeranz
Trivia Answer #14 - Standard log rotation happens weekly and four weeks of old logs are saved. So you could end up with anywhere from 28-35 days of logs online.
1
1
Replying to @hal_pomeranz @WWHackinFest
Daily Linux Forensics Trivia #15 - Write a regular expression to match traditional Syslog-style logs in unallocated blocks.
1
5
Trivia Answer #14 - Standard log rotation happens weekly and four weeks of old logs are saved. So you could end up with anywhere from 28-35 days of logs online.
1
5
Hal Pomeranz retweeted
Joe Desimone @dez_
19 Sep 2022
Had some fun with this - exploiting the Process Explorer driver for kernel code execution. Will msft ever add to their own blocklist? 🤔 elastic.co/security-labs/sto…
14
200
9
631
Load more