Tag: Hal Pomeranz

Anti-Cast | XFS Forensics with xfs_db

Despite being a common Linux file system, forensic support for XFS is still largely lacking. In this session, Hal will describe how to turn the humble xfs_db tool into a useful forensic application for examining XFS file system internals and finding critical evidence. Attackers aren’t the only ones who can “live off the land”!

Anti-Cast | Forensicating Linux LD_PRELOAD Rootkits

Widespread availability of PoC Linux LD_PRELOAD rootkits means that even trivial cryptomining attacks are starting to deploy them. This talk demonstrates a simple LD_PRELOAD rootkit and techniques for detecting them in a live response scenario and by memory analysis. Get the jump on your adversaries with this fast-paced, practical introduction.

Linux Forensics

One of the core disciplines of security is understanding how systems communicate over the Internet. This skill set is crucial to spotting abnormal behavior and attack patterns. In this class, we will go beyond the fundamentals of how IP communicates and dive into the subtle nuances. This will help the student identify anomalous patterns when they occur.

Anti-Cast | Linux Command Line Dojo

If you’ve been using the Linux command line for a long time, you may have missed out on some sweet new features of common commands that can make your life much better. Join Sensei Hal as we break down some practical examples and demonstrate some useful new functionality.