Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Load newest
Replying to @codeslack
meatloaf
1
2
Replying to @MalwareJake
Solid detect though
11
Replying to @tliston
Sorry for your loss, my friend.
1
Replying to @hal_pomeranz @WWHackinFest
Daily Linux Forensics Trivia #20 - Name two Volatility modules that can help to search for hidden loadable kernel module rootkits.
2
2
Replying to @hal_pomeranz @WWHackinFest
Trivia Answer #19 - Congrats to @lux_amalgamated for checking in with the correct answer! $HOME/.lesshst tracks search terms and shell eacape commands entered by the user in the “less” program. It DOES NOT track which files the used has viewed.
1
Hal Pomeranz retweeted
Jake Williams @MalwareJake
25 Sep 2022
The pandemic is only "over" if you need a political talking point.
Dare Obasanjo🐀 @Carnage4Life
25 Sep 2022
The CEO of Pfizer has caught COVID twice in two months despite being quadruple vaxxed. The pandemic is over in the sense that we’ve decided to live with it instead of making any structural changes, the same way we live with gun violence and homelessness.
4
6
41
Replying to @hal_pomeranz @WWHackinFest
Daily Linux Forensics Trivia #19 - What data can you find in $HOME/.lesshst?
2
Replying to @hal_pomeranz @WWHackinFest
Trivia Answer #18 - @MalwareJake points out that determining attacker intent is always difficult, but known_hosts files plus SSH keys (id_* files) are useful for attempts at lateral movement. Enabling the HashKnownHosts option and using strong pass phrases on keys slows attackers
3
I find it interesting that after a period which has seen widespread labor activism, US monetary policy seems to be driving recession and unemployment. Almost as if somebody were trying to scare labor into submission.
3
1
When one door closes, many more open. Who needs #DFIR talent? Get ahold of @4n6lady before somebody else does!
4n6lady
 @4n6lady
24 Sep 2022
I quit my job today.
1
5
Replying to @vicomarziale @HECFBlog @codeslack @jtsylve @BSidesNOLA
I hearby dub the event “TikiSummitNOLA”
1
3
Replying to @brennantom @CRESTadvocate
Interesting idea, thanks! Looks like they're mostly active in Singapore and Hong Kong though.
Hal Pomeranz retweeted
Jake Williams @MalwareJake
23 Sep 2022
Don't try to boil the ocean when it comes to cybersecurity. Nothing will ever get 100% implementation, you'll be missing coverage even if it does, and there's always work left to do. Just ask: did I move the ball forward today? Every little bit helps.
22
86
10
584
Replying to @hal_pomeranz @WWHackinFest
Daily Linux Forensics Trivia #18 - During an IR you find a script used by the attackers that is gathering known_hosts and id_* files from user $HOME/.ssh directories. What would the attacker use these files for?
3
2
Trivia Answer #18 - “Members of group ‘wheel’ may, on any system, as any user, run any command.” In other words, unlimited Sudo access to all members of group wheel. Group membership may be via a user’s default group in /etc/password or via the “wheel” entry in /etc/group.
Replying to @strandjs
Yes! We can be the infosec training version of @Twillo0!
2
Replying to @jtsylve @codeslack
Or Tetris
Hal Pomeranz @hal_pomeranz
22 Sep 2022
Replying to @wesdrone
Forget "Turing complete", the real question is can you write Tetris in the language? github.com/uuner/sedtris
Replying to @HECFBlog @codeslack @jtsylve @vicomarziale @BSidesNOLA
I’m down for whatever but the Tiki Bar is a must!
2
3
Replying to @GyledC @fancy_4n6
The hope is teach Linux Forensics in Canberra and then again in Melbourne. We’re still hashing out the details though.
1
3
Replying to @fancy_4n6 @wan0net @GyledC
Absolutely! You have a hookup over there? I’m all ears.
1
2
Load more