HD Moore
@hdm.infosec.exchange.ap.brid.gy
Founder & CEO of runZero (@runZeroInc - https://runzero.com), previously the founder and lead developer of Metasploit, a CSO, a consultant, and the head of […]
[bridged from https://infosec.exchange/@hdm on the fediverse by https://fed.brid.gy/ ]
[bridged from https://infosec.exchange/@hdm on the fediverse by https://fed.brid.gy/ ]
Identify insecure TLS services with the enhanced runZero Certificate Inventory: https://www.runzero.com/blog/identify-insecure-tls-services/
November 6, 2025 at 3:09 PM
Identify insecure TLS services with the enhanced runZero Certificate Inventory: https://www.runzero.com/blog/identify-insecure-tls-services/
Reposted by HD Moore
Something that started as a small curiosity and weekend project turned into a long article with several surprises for myself (including how bad I am at time estimates). I went down quite a few rabbit holes along the way.
EDNS Client Subnet in Practice: Evaluating Public Resolver Behaviors […]
EDNS Client Subnet in Practice: Evaluating Public Resolver Behaviors […]
Original post on unix.family
unix.family
November 3, 2025 at 2:13 PM
Something that started as a small curiosity and weekend project turned into a long article with several surprises for myself (including how bad I am at time estimates). I went down quite a few rabbit holes along the way.
EDNS Client Subnet in Practice: Evaluating Public Resolver Behaviors […]
EDNS Client Subnet in Practice: Evaluating Public Resolver Behaviors […]
Austin Hackers Anonymous (AHA) is TONIGHT (2025-10-30) https://takeonme.org/ - Have some zero-day to share? AHA is an official CNA and will issue CVEs for vulnerabilities disclosed at the meeting. I'm planning to demo more SSHamble.com findings along with BloodHound OpenGraph stuff. See yall soon!
October 30, 2025 at 9:19 PM
Austin Hackers Anonymous (AHA) is TONIGHT (2025-10-30) https://takeonme.org/ - Have some zero-day to share? AHA is an official CNA and will issue CVEs for vulnerabilities disclosed at the meeting. I'm planning to demo more SSHamble.com findings along with BloodHound OpenGraph stuff. See yall soon!
Just like chocolate and peanut butter, runZero and BloodHound are an amazing combination. Today we are introducing runZeroHound - an open source toolkit for bringing runZero Asset Inventory data into BloodHound attack graphs, using the brand new OpenGraph […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
October 27, 2025 at 4:35 PM
Just like chocolate and peanut butter, runZero and BloodHound are an amazing combination. Today we are introducing runZeroHound - an open source toolkit for bringing runZero Asset Inventory data into BloodHound attack graphs, using the brand new OpenGraph […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
SpecterOps released "DumpGuard" along with a detailed article on how they were able to bypass Windows Credential Guard in both privileged and unprivileged contexts. I learned a ton about Isolated LSA and friends. Its funny to see that DES-cracking of NTLMv1 […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
October 23, 2025 at 7:20 PM
SpecterOps released "DumpGuard" along with a detailed article on how they were able to bypass Windows Credential Guard in both privileged and unprivileged contexts. I learned a ton about Isolated LSA and friends. Its funny to see that DES-cracking of NTLMv1 […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
Today's runZero Hour is up with Rob King, Tod Beardsley, and EOL expert and technology necromancer, captn3m0 (pronounced “nemo”). They will summon and explore runZero’s latest research paper, “Undead by design: Benchmarking end-of-life operating systems” […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
October 15, 2025 at 6:12 PM
Today's runZero Hour is up with Rob King, Tod Beardsley, and EOL expert and technology necromancer, captn3m0 (pronounced “nemo”). They will summon and explore runZero’s latest research paper, “Undead by design: Benchmarking end-of-life operating systems” […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
JawnCon (https://jawncon.org/) 0x02 just wrapped! I wish I could make it this year, but settled for catching the talks on the live stream:
Main Stage Day 1: https://www.youtube.com/live/Cvf-mAdnPl0?lc=UgwMOtdPezSwFxO8Idx4AaABAg
Man Stage Day 2 […]
[Original post on infosec.exchange]
Main Stage Day 1: https://www.youtube.com/live/Cvf-mAdnPl0?lc=UgwMOtdPezSwFxO8Idx4AaABAg
Man Stage Day 2 […]
[Original post on infosec.exchange]
October 13, 2025 at 8:43 PM
JawnCon (https://jawncon.org/) 0x02 just wrapped! I wish I could make it this year, but settled for catching the talks on the live stream:
Main Stage Day 1: https://www.youtube.com/live/Cvf-mAdnPl0?lc=UgwMOtdPezSwFxO8Idx4AaABAg
Man Stage Day 2 […]
[Original post on infosec.exchange]
Main Stage Day 1: https://www.youtube.com/live/Cvf-mAdnPl0?lc=UgwMOtdPezSwFxO8Idx4AaABAg
Man Stage Day 2 […]
[Original post on infosec.exchange]
Reposted by HD Moore
Virtually every major remote access tech is under attack rn.
It's gonna be a truly unpleasant Q4, isn't it…
It's gonna be a truly unpleasant Q4, isn't it…
October 12, 2025 at 11:44 AM
Virtually every major remote access tech is under attack rn.
It's gonna be a truly unpleasant Q4, isn't it…
It's gonna be a truly unpleasant Q4, isn't it…
Hello Austin Gophers! Join us tonight, Wednesday, October 8th, 2025 for two hours of lightning talks and discussion at the ATX Go meetup. This is hosted by Capital Factory and runs from 6:30 PM to 8:30 PM central (with pizza and drinks!): https://www.meetup.com/atxgolang/events/305492512/
ATX Golang Meetup - October 2025, Wed, Oct 8, 2025, 6:30 PM | Meetup
Join us for an evening of information, networking, friendship, beer, and pizza! You are invited to come discuss our favorite programming language and meet other Go develope
www.meetup.com
October 8, 2025 at 4:46 PM
Hello Austin Gophers! Join us tonight, Wednesday, October 8th, 2025 for two hours of lightning talks and discussion at the ATX Go meetup. This is hosted by Capital Factory and runs from 6:30 PM to 8:30 PM central (with pizza and drinks!): https://www.meetup.com/atxgolang/events/305492512/
#sectorca 2025 is fantastic! I last attended in 2008 and holy cow has it grown. Great to see Brian and Bruce still involved. Excellent talks, really sharp crowd, zero attitude, and everyone is incredibly friendly. You can find the slides from my morning […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
October 2, 2025 at 4:13 PM
#sectorca 2025 is fantastic! I last attended in 2008 and holy cow has it grown. Great to see Brian and Bruce still involved. Excellent talks, really sharp crowd, zero attitude, and everyone is incredibly friendly. You can find the slides from my morning […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
Hello #sector! 🍁 runZero’s Rob King presentation starts NOW in Room 716B:
"Pay No Attention to the Device Behind the Curtain: Banned tech doesn’t always stay banned. Rob shows how to detect white-labeled and counterfeit gear using Internet-scale methods & protocol quirks."
👉 […]
"Pay No Attention to the Device Behind the Curtain: Banned tech doesn’t always stay banned. Rob shows how to detect white-labeled and counterfeit gear using Internet-scale methods & protocol quirks."
👉 […]
Original post on infosec.exchange
infosec.exchange
October 1, 2025 at 8:16 PM
Hello #sector! 🍁 runZero’s Rob King presentation starts NOW in Room 716B:
"Pay No Attention to the Device Behind the Curtain: Banned tech doesn’t always stay banned. Rob shows how to detect white-labeled and counterfeit gear using Internet-scale methods & protocol quirks."
👉 […]
"Pay No Attention to the Device Behind the Curtain: Banned tech doesn’t always stay banned. Rob shows how to detect white-labeled and counterfeit gear using Internet-scale methods & protocol quirks."
👉 […]
Hello Austin Gophers! Join us tonight, Wednesday, September 10th, 2025 for two hours of lightning talks and discussion at the ATX Go meetup. This meetup is hosted by Capital Factory and runs from 6:30 PM to 8:30 PM CDT (with pizza and drinks!): https://www.meetup.com/atxgolang/events/305492508/
September 10, 2025 at 4:12 PM
Hello Austin Gophers! Join us tonight, Wednesday, September 10th, 2025 for two hours of lightning talks and discussion at the ATX Go meetup. This meetup is hosted by Capital Factory and runs from 6:30 PM to 8:30 PM CDT (with pizza and drinks!): https://www.meetup.com/atxgolang/events/305492508/
Reposted by HD Moore
One of my favorite programs for the Mac is from a company called Objective Development -- Little Snitch -- and it's a host-based firewall that alerts you anytime something on your computer tries to reach the Internet for the first time (or you can set to always ask all the time, which I wouldn't […]
Original post on infosec.exchange
infosec.exchange
August 31, 2025 at 7:27 PM
One of my favorite programs for the Mac is from a company called Objective Development -- Little Snitch -- and it's a host-based firewall that alerts you anytime something on your computer tries to reach the Internet for the first time (or you can set to always ask all the time, which I wouldn't […]
Reposted by HD Moore
Three small announcements:
1. RFC 9839, a guide to which Unicode characters you should never use: https://www.rfc-editor.org/rfc/rfc9839.html
2. Blog piece with background and context, “RFC 9839 and Bad Unicode”: https://www.tbray.org/ongoing/When/202x/2025/08/14/RFC9839
3. A little Go library […]
1. RFC 9839, a guide to which Unicode characters you should never use: https://www.rfc-editor.org/rfc/rfc9839.html
2. Blog piece with background and context, “RFC 9839 and Bad Unicode”: https://www.tbray.org/ongoing/When/202x/2025/08/14/RFC9839
3. A little Go library […]
Original post on cosocial.ca
cosocial.ca
August 23, 2025 at 10:32 AM
Three small announcements:
1. RFC 9839, a guide to which Unicode characters you should never use: https://www.rfc-editor.org/rfc/rfc9839.html
2. Blog piece with background and context, “RFC 9839 and Bad Unicode”: https://www.tbray.org/ongoing/When/202x/2025/08/14/RFC9839
3. A little Go library […]
1. RFC 9839, a guide to which Unicode characters you should never use: https://www.rfc-editor.org/rfc/rfc9839.html
2. Blog piece with background and context, “RFC 9839 and Bad Unicode”: https://www.tbray.org/ongoing/When/202x/2025/08/14/RFC9839
3. A little Go library […]
I chased an intermittent DNS bug for two weeks and for once, it was not DNS:
"PF states limit reached"
If you use opnsense/pfsense, the default state table size of 1.6m can sneak up on you when your network is full of scans. Poking around with `pfctl -si` and setting a much healthier max with […]
"PF states limit reached"
If you use opnsense/pfsense, the default state table size of 1.6m can sneak up on you when your network is full of scans. Poking around with `pfctl -si` and setting a much healthier max with […]
Original post on infosec.exchange
infosec.exchange
August 20, 2025 at 1:22 AM
I chased an intermittent DNS bug for two weeks and for once, it was not DNS:
"PF states limit reached"
If you use opnsense/pfsense, the default state table size of 1.6m can sneak up on you when your network is full of scans. Poking around with `pfctl -si` and setting a much healthier max with […]
"PF states limit reached"
If you use opnsense/pfsense, the default state table size of 1.6m can sneak up on you when your network is full of scans. Poking around with `pfctl -si` and setting a much healthier max with […]
Hello Austin-area software engineers (or aspiring engineers)! Join us tonight, Wednesday, August 13, 2025 for two hours of lightning talks and discussion at the ATX Go meetup. The focus tonight is on infosec/cybersecurity/hacking tools written in Go, but all Go-related talks are welcome.
This […]
This […]
Original post on infosec.exchange
infosec.exchange
August 13, 2025 at 10:03 PM
Hello Austin-area software engineers (or aspiring engineers)! Join us tonight, Wednesday, August 13, 2025 for two hours of lightning talks and discussion at the ATX Go meetup. The focus tonight is on infosec/cybersecurity/hacking tools written in Go, but all Go-related talks are welcome.
This […]
This […]
If you missed this talk at BH/DC last week, it's worth a read: "From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion". Awesome work from Shu-Hao, Tung (123ojp) covering practical attacks on GRE and VxLAN tunnels […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
August 13, 2025 at 1:57 AM
If you missed this talk at BH/DC last week, it's worth a read: "From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion". Awesome work from Shu-Hao, Tung (123ojp) covering practical attacks on GRE and VxLAN tunnels […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
Blue Team Con (@BlueTeamCon) is only three weeks away! I'm excited to share "The Death and Rebirth of Vulnerability Management", an analysis of coverage, tradeoffs, and efficacy across vulnerability scanners, endpoint agents, and open source security tools […]
Original post on infosec.exchange
infosec.exchange
August 13, 2025 at 1:17 AM
Blue Team Con (@BlueTeamCon) is only three weeks away! I'm excited to share "The Death and Rebirth of Vulnerability Management", an analysis of coverage, tradeoffs, and efficacy across vulnerability scanners, endpoint agents, and open source security tools […]
Reposted by HD Moore
Newest OpenSSH (10.1) will now warn users if they are not utilizing post-quantum algorithms for the current session: https://www.openssh.com/pq.html #pqc
OpenSSH 后量子密码学
OpenSSH Post-Quantum Cryptography (www.openssh.com)
20:01 ↑ 100 HN Points
www.openssh.com
August 11, 2025 at 3:18 PM
Newest OpenSSH (10.1) will now warn users if they are not utilizing post-quantum algorithms for the current session: https://www.openssh.com/pq.html #pqc
Thank you to everyone who made it out for my DEF CON 33 presentation, "Shaking Out Shells With SSHamble", you can find the materials online at https://hdm.io/decks/MOORE%20-%20Shaking%20Out%20Shells%20With%20SSHamble.pdf
This deck includes some […]
[Original post on infosec.exchange]
This deck includes some […]
[Original post on infosec.exchange]
August 10, 2025 at 9:14 PM
Thank you to everyone who made it out for my DEF CON 33 presentation, "Shaking Out Shells With SSHamble", you can find the materials online at https://hdm.io/decks/MOORE%20-%20Shaking%20Out%20Shells%20With%20SSHamble.pdf
This deck includes some […]
[Original post on infosec.exchange]
This deck includes some […]
[Original post on infosec.exchange]
Reposted by HD Moore
And in the time it took me to fix the typo, trixie, aka Debian 13, as stable is now available for download.
Be sure to check the release notes. For example, I wouldn't be surprised if /tmp now being tmpfs catches some by surprise:
"The default is to allocate up to 50% of memory to /tmp (this […]
Be sure to check the release notes. For example, I wouldn't be surprised if /tmp now being tmpfs catches some by surprise:
"The default is to allocate up to 50% of memory to /tmp (this […]
Original post on infosec.exchange
infosec.exchange
August 9, 2025 at 6:30 PM
And in the time it took me to fix the typo, trixie, aka Debian 13, as stable is now available for download.
Be sure to check the release notes. For example, I wouldn't be surprised if /tmp now being tmpfs catches some by surprise:
"The default is to allocate up to 50% of memory to /tmp (this […]
Be sure to check the release notes. For example, I wouldn't be surprised if /tmp now being tmpfs catches some by surprise:
"The default is to allocate up to 50% of memory to /tmp (this […]
Are you an Austin-area software engineer who writes Go (or aspires to become one)? Join us Wednesday, August 13, 2025 for two hours of lightning talks and discussion, including recaps of awesome Go work presented at the Black Hat and DEF CON conferences […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
August 10, 2025 at 3:39 AM
Are you an Austin-area software engineer who writes Go (or aspires to become one)? Join us Wednesday, August 13, 2025 for two hours of lightning talks and discussion, including recaps of awesome Go work presented at the Black Hat and DEF CON conferences […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
Hello DEF CON! Tomorrow (Saturday/August 9th) I'll be speaking with Nicole Schwartz on Forging Strong Cyber Communities in Uncertain Times at 1pm in W205 (TDI) and then shortly after on Shaking Out Shells with SSHamble at 3pm in Track 2 (LV1), with even more […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
August 9, 2025 at 6:36 AM
Hello DEF CON! Tomorrow (Saturday/August 9th) I'll be speaking with Nicole Schwartz on Forging Strong Cyber Communities in Uncertain Times at 1pm in W205 (TDI) and then shortly after on Shaking Out Shells with SSHamble at 3pm in Track 2 (LV1), with even more […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
BSides Las Vegas 2025 is incredible. Amazing turn-out, fantastic staff, and the sheer variety of content, speakers, and activities sets the bar for what a hacker con should be. You can find the slides from my talk, Turbo Tactical Exploitation: 22 Tips for […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
August 5, 2025 at 6:02 AM
BSides Las Vegas 2025 is incredible. Amazing turn-out, fantastic staff, and the sheer variety of content, speakers, and activities sets the bar for what a hacker con should be. You can find the slides from my talk, Turbo Tactical Exploitation: 22 Tips for […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
Reposted by HD Moore
@0xabad1dea Time for everyone to start increasing the costs by deploying something like Anubis I guess.
https://github.com/TecharoHQ/anubis
https://github.com/TecharoHQ/anubis
GitHub - TecharoHQ/anubis: Weighs the soul of incoming HTTP requests to stop AI crawlers
Weighs the soul of incoming HTTP requests to stop AI crawlers - TecharoHQ/anubis
github.com
August 5, 2025 at 5:07 AM
@0xabad1dea Time for everyone to start increasing the costs by deploying something like Anubis I guess.
https://github.com/TecharoHQ/anubis
https://github.com/TecharoHQ/anubis