Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Load newest
Hal Pomeranz retweeted
Jim Duncan @jnduncan
1 Oct 2022
This is a real treat!
Paul Dokas @pauldokas
1 Oct 2022
Wow That’s an amazing deep dive on NTP, its creator David Mills, and old school open source communities. newyorker.com/tech/annals-of…
1
2
Replying to @hal_pomeranz @WWHackinFest
Daily Linux Forensics Trivia #26 - Name three different logs where you can normally find a record of user logins.
2
1
Replying to @hal_pomeranz @WWHackinFest
Trivia Answer #25 - Look at the user’s $HOME/.viminfo file. The file contains information on recently edited files, search terms, commands typed at the “:” prompt, and (probably most useful in this case) commands executed via shell escape.
3
Replying to @daveshackleford
“Self-discovery”?
1
1
Holy smokes! Glad to hear the prognosis is good though. Rest up, big buddy!
And power is restored! Thanks @DukeEnergy for working so hard for Floridians in the wake of hurricane Ian.
10
Replying to @hal_pomeranz @WWHackinFest
Daily Linux Forensics Trivia #25 —A user’s .bash_history file shows repeated use of “sudo vim” with no other arguments. What other artifact could you inspect to get a better picture of their activities?
3
2
7
Replying to @hal_pomeranz @WWHackinFest
Trivia Answer #24 - One of the directories is named “.. “ (dot dot space) or some other similar name with a non-printing character. Use “ls -b” to see the non-printing characters. @MalwareJake was suspiciously quick with the answer on this one… almost as if… nah!
1
1
11
Replying to @elpie
We’re good, although power has been out since this morning. The storm ended up crossing the state well south of us—very unpredictable storm track on this one.
Replying to @jeffmcjunkin
If you have on-prem Exchange, assume breach
1
3
Replying to @johullrich
We lost power this morning after the storm had passed us to the south. Looks like most of the greater Orlando area is without power.
Let me add that a lot of these folks come in from out of state to support us during these disasters. They leave their homes and families and head into harm’s way to get the lights back on. Bravo!
Barstool Sports
 @barstoolsports
29 Sep 2022
40k+ linemen are waiting by in Florida right now ready to go to work when they can. Legit superstars.
3
4
31
Replying to @hal_pomeranz @WWHackinFest
Daily Linux Forensics Trivia #24 - You look at a directory listing and there are two subdirectories named “..”. How is this possible?
3
1
8
Replying to @hal_pomeranz @rvandenbrink @DfirNotes @jtsylve
If you’re in a virtual environment that doesn’t pre-allocate disks, this also has the side-effect of increasing the storage used by your instance and making it more costly to get a forensic copy.
1
Trivia Answer #23 - Lots of responses, including @rvandenbrink, @DfirNotes, and @jtsylve. The dd command will create a file called junk that will consume all unallocated blocks and overwrite them with random data. This should obliterate any evidence in unallocated.
2
Replying to @darthsaac
Good so far— just a lot of rain and wind here. You all OK?
1
Replying to @bettersafetynet
I have to explain to my dog that it’s going to be windy and rainy for the next 48 hours and the bathroom is still OUTSIDE
1
2
Nice!
Also can we take a moment to recognize your mom's badass koala socks!
This panel was a lot of fun!
Wild West Hackin' Fest @WWHackinFest
28 Sep 2022
Here's more good stuff from Way West 2022...it's "Everything Old is New Again" with @hal_pomeranz , @edskoudis , @AlyssaM_InfoSec, and Tony Sager! youtube.com/watch?v=cT3YXCqe…
2
Load more