hal_pomeranz

@hal_pomeranz@infosec.exchange

Computer Forensics and Information Security, often with a spicy Linux flavor. Expert Witness. Trainer.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

hal_pomeranz, to random

This is not a “woe is me” post, but rather a “canary in the coal mine.”

I’ve now been dealing with debilitating bronchial symptoms for five solid weeks. All COVID/RSV/flu tests have come back negative throughout this time. But I’m currently in my second period of being unable to taste or smell anything. The standard medical interventions—antibiotics and steroids—are not fixing the problem.

I think we need to start being honest about a few things. People face a real risk of contracting a respiratory disease that can have significant, long-term consequences. We lack effective tests for this syndrome. We do not have effective therapies. The true impact of this situation is being suppressed. Proper resources are not being devoted to these issues.

Please take care of yourselves, my friends. You do not want this in your lives. Vaccinate, mask up, stay away from people if you can. I will be OK. I hope the same for you and yours.

hal_pomeranz, to random

Vulnerability after vulnerability on Fortinet products. At what point does your risk assessment turn to, “Rip that gear out and replace it with another vendor!”

hal_pomeranz,

@BryanTheSnail Or on-prem Exchange

hal_pomeranz,

@rajnr @nopatience If we were to count CVEs, my gut feeling is that Fortinet would come up the winner by a large margin.

Does that mean there are fewer vulnerabilities remaining in Fortinet products compared to the other two? Or does it mean that the security tooling on their platforms is hopelessly lacking?

hal_pomeranz, to random

Just a reminder that I will be talking about Systemd Timers today at 12:00 US/Eastern on the Antisyphon Anticast https://www.antisyphontraining.com/event/anti-cast-all-about-linux-systemd-timers-w-hal-pomeranz/

How are timers configured? What forensic artifacts do they leave behind? Who the heck thought this was a good idea?

Actually, I’m not sure I have a good answer for that last question…

hal_pomeranz, (edited )

@steve The recording should be available in the Antisyphon Youtube channel before too long.

Here it is right now — https://www.youtube.com/watch?v=rAe9Iw08Fn0

hal_pomeranz, to random

The trite life advice about “being your authentic self” comes from a place of incredible privilege.

It presumes your “authentic self” is not too neurodivergent, queer, kinky, sad, angry, disabled, ethnic, sick, poor, unhoused, phobic, self-medicating, or any of a million other things that can send unwanted signals when interacting with people in a largely homogenous society in the real world. Either that or you are wealthy enough that you can simply not GAF.

So quit giving out this life advice and recognize that many people have to hide who they are just to get themselves through life. And they have to deal with the constant stream of negative feelings that result from that. Have empathy, because people really are fighting hard battles out there.

And if people feel safe enough around you to reveal even a small fraction of their authentic selves to you, take it as a high honor. Embrace them and show love. Strive to make the world a safer place for all.

hal_pomeranz,

@hackadaisical That’s an interesting conversation, but one which requires building up a lot of trust. You can start more slowly by asking things like, “Can you remember the last time you felt joy?” Questions like this which can spark authentic conversations are so much more interesting than the usual impersonal chit-chat.

Lockdownyourlife, to tech

deleted_by_author

    •
    hal_pomeranz,

    @Lockdownyourlife Was it Marilyn Monroe who said, “If you can’t take me at my worst, then you don’t deserve me at my best!”

    hal_pomeranz, to random

    I’m looking for recommendations for traditional Chinese medicine practitioners in the Central Florida USA (I-4 corridor) area. Any leads appreciated.

    hal_pomeranz, to random

    Hey folks the phrase is “wracked your brain” or “nerve-wracking” NOT “racked” or “racking”. Thanks for attending my TED talk.

    hal_pomeranz,

    @chileannick Exactly

    hal_pomeranz, to random

    Despite repeatedly testing negative for flu, COVID, and RSV, I spent a couple days in the hospital and even more time at home recovering from some very nasty respiratory stuff. Be careful, keep up on your shots, and mask up as appropriate. There’s a lot of stuff floating around out there that you definitely don’t want to get.

    hal_pomeranz,

    Inexpensive pulse oximeters are widely available, and I recommend getting one. We headed for the ER when my oxygen saturation dropped below 90%. Don’t mess around.

    Also if you have a sustained high fever and OTC meds aren’t helping, get thee to a doctor!

    hal_pomeranz, to random

    After seeing “Godzilla: Minus One” in the theater, I shared the 1964 classic “Godzilla vs Mothra” with my sons (age 15 and 18) last night. Their minds were boggled because they’d never seen such low-budget visual effects before. I feel I’ve been remiss in my parenting somehow.

    Btw, if you are at all a kaiju fan you really should see “Minus One” on a big screen. The monster effects are awesome!

    hal_pomeranz,

    @paul_ipv6 Absolutely one of my favorite shows growing up

    hal_pomeranz, to random

    Late notice, but I’ll be one of the presenters on Thursday’s (Jan 18th) Dark Reading webinar on DNS Security https://dr-resources.darkreading.com/free/w_ingg186/?p=w_ingg186

    Hope you can join us at 1pm US/Eastern time!

    FlagrantError, to random
    @FlagrantError@beige.party avatar

    “Just because I’m yelling doesn’t mean I’m tired!”

    — 6yo at bedtime.

    hal_pomeranz,

    @FlagrantError If you haven’t seen it, grab a copy of Mo Willems’ “Don’t Let the Pigeon Stay Up Late!” Then get the other books in the series.

    mhoye, to random
    @mhoye@mastodon.social avatar

    Why would a prominent tech company move an office to a place without a reliable power grid?

    hal_pomeranz,

    @mhoye It’s closer to the big boss’ bachelor pad?

    AbandonedAmerica, to random
    @AbandonedAmerica@mastodon.social avatar

    The projectionist's booth at the abandoned Lansdowne Theater, currently being renovated for reuse as a concert venue.

    Check out the rest at https://www.abandonedamerica.us/historic-lansdowne-theater

    hal_pomeranz,

    @AbandonedAmerica They also saved the old Holmdel Bell Labs building you did a shoot in. Now https://bell.works/new-jersey/explore

    hal_pomeranz, to linux

    My first public training of 2024 will be Linux Forensics at Black Hat Asia, Apr 16-19 https://www.blackhat.com/asia-24/training/schedule/#linux-forensics-virtual-35826

    This is a fully virtual class and I won't actually be in Singapore. I'll be flipping my day/night cycle and teaching from East Coast USA. This could get interesting in many different ways.

    chrissanders88, to random

    Investigation Scenario 🔎

    You discover an unusual scheduled task named "UpdateCheck" on a Windows system. The task triggers a PowerShell script located at "C:\Windows\Temp\update[.]ps1

    What do you look for to investigate whether an incident occurred?

    You don't have immediate file system access (you can't grab the file quickly), but assume you have access to whatever other digital evidence source you need (system logs, network data, and so on).

    hal_pomeranz,

    @chrissanders88 I'm going for the event logs next, particularly if PowerShell script block auditing is on and Sysmon is collecting process information.

    TaskScheduler-Operational is going to be another useful log in this context-- when was the job created? Try to correlate that with a user login.

    paulasadoorian, to random

    I feel like this is an improved (meaning more evil) version of "rm -fr /"...

    hal_pomeranz,

    @paulasadoorian /dev/urandom is fine for this and MUCH faster

    mhoye, to random
    @mhoye@mastodon.social avatar

    I'd like some sort of tracking service that just follows the executives from Boeing wherever their careers take them and alerts me just before I'm about to buy or travel in anything they've ever touched.

    hal_pomeranz,

    @mhoye I’d like to see them forced to fly only on aircraft designs approved and produced under their administration.

    hal_pomeranz, to random

    Snowman down!

    hal_pomeranz,

    @BryanTheSnail That’s a narrative I hadn’t considered. Interesting.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • thenastyranch
  • DreamBathrooms
  • ethstaker
  • InstantRegret
  • Youngstown
  • magazineikmin
  • osvaldo12
  • slotface
  • khanakhh
  • rosin
  • kavyap
  • everett
  • tacticalgear
  • provamag3
  • ngwrru68w68
  • GTA5RPClips
  • cisconetworking
  • mdbf
  • cubers
  • Durango
  • anitta
  • modclub
  • normalnudes
  • tester
  • Leos
  • megavids
  • lostlight
  • All magazines
    •