HD Moore
LightNews LightNews
banner
hdm.infosec.exchange.ap.brid.gy
HD Moore
@hdm.infosec.exchange.ap.brid.gy
680 followers 3 following 140 posts
Founder & CEO of runZero (@runZeroInc - https://runzero.com), previously the founder and lead developer of Metasploit, a CSO, a consultant, and the head of […]

[bridged from https://infosec.exchange/@hdm on the fediverse by https://fed.brid.gy/ ]
Posts Replies Media Videos
hdm.infosec.exchange.ap.brid.gy
Identify insecure TLS services with the enhanced runZero Certificate Inventory: https://www.runzero.com/blog/identify-insecure-tls-services/
November 6, 2025 at 3:09 PM
hdm.infosec.exchange.ap.brid.gy
Austin Hackers Anonymous (AHA) is TONIGHT (2025-10-30) https://takeonme.org/ - Have some zero-day to share? AHA is an official CNA and will issue CVEs for vulnerabilities disclosed at the meeting. I'm planning to demo more SSHamble.com findings along with BloodHound OpenGraph stuff. See yall soon!
AHA logo
October 30, 2025 at 9:19 PM
hdm.infosec.exchange.ap.brid.gy
Just like chocolate and peanut butter, runZero and BloodHound are an amazing combination. Today we are introducing runZeroHound - an open source toolkit for bringing runZero Asset Inventory data into BloodHound attack graphs, using the brand new OpenGraph […]

[Original post on infosec.exchange]
October 27, 2025 at 4:35 PM
hdm.infosec.exchange.ap.brid.gy
SpecterOps released "DumpGuard" along with a detailed article on how they were able to bypass Windows Credential Guard in both privileged and unprivileged contexts. I learned a ton about Isolated LSA and friends. Its funny to see that DES-cracking of NTLMv1 […]

[Original post on infosec.exchange]
October 23, 2025 at 7:20 PM
hdm.infosec.exchange.ap.brid.gy
Today's runZero Hour is up with Rob King, Tod Beardsley, and EOL expert and technology necromancer, captn3m0 (pronounced “nemo”). They will summon and explore runZero’s latest research paper, “Undead by design: Benchmarking end-of-life operating systems” […]

[Original post on infosec.exchange]
October 15, 2025 at 6:12 PM
hdm.infosec.exchange.ap.brid.gy
JawnCon (https://jawncon.org/) 0x02 just wrapped! I wish I could make it this year, but settled for catching the talks on the live stream:

Main Stage Day 1: https://www.youtube.com/live/Cvf-mAdnPl0?lc=UgwMOtdPezSwFxO8Idx4AaABAg

Man Stage Day 2 […]

[Original post on infosec.exchange]
JawnCon closing session - stats on badges, speakers, bandwidth, and money raised for FU Cancer
October 13, 2025 at 8:43 PM
hdm.infosec.exchange.ap.brid.gy
#sectorca 2025 is fantastic! I last attended in 2008 and holy cow has it grown. Great to see Brian and Bruce still involved. Excellent talks, really sharp crowd, zero attitude, and everyone is incredibly friendly. You can find the slides from my morning […]

[Original post on infosec.exchange]
SecTor Briefings: The Once and Future Rules of Cybersecurity - day two keynote by HD Moore
October 2, 2025 at 4:13 PM
hdm.infosec.exchange.ap.brid.gy
Hello Austin Gophers! Join us tonight, Wednesday, September 10th, 2025 for two hours of lightning talks and discussion at the ATX Go meetup. This meetup is hosted by Capital Factory and runs from 6:30 PM to 8:30 PM CDT (with pizza and drinks!): https://www.meetup.com/atxgolang/events/305492508/
September 10, 2025 at 4:12 PM
hdm.infosec.exchange.ap.brid.gy
If you missed this talk at BH/DC last week, it's worth a read: "From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion". Awesome work from Shu-Hao, Tung (123ojp) covering practical attacks on GRE and VxLAN tunnels […]

[Original post on infosec.exchange]
DEF CON title slide for "From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion"
August 13, 2025 at 1:57 AM
hdm.infosec.exchange.ap.brid.gy
Thank you to everyone who made it out for my DEF CON 33 presentation, "Shaking Out Shells With SSHamble", you can find the materials online at https://hdm.io/decks/MOORE%20-%20Shaking%20Out%20Shells%20With%20SSHamble.pdf

This deck includes some […]

[Original post on infosec.exchange]
A top-level overview of the presentation presented as a grid of thumbnails, showing 42 slides.
August 10, 2025 at 9:14 PM
hdm.infosec.exchange.ap.brid.gy
Are you an Austin-area software engineer who writes Go (or aspires to become one)? Join us Wednesday, August 13, 2025 for two hours of lightning talks and discussion, including recaps of awesome Go work presented at the Black Hat and DEF CON conferences […]

[Original post on infosec.exchange]
August 10, 2025 at 3:39 AM
hdm.infosec.exchange.ap.brid.gy
Hello DEF CON! Tomorrow (Saturday/August 9th) I'll be speaking with Nicole Schwartz on Forging Strong Cyber Communities in Uncertain Times at 1pm in W205 (TDI) and then shortly after on Shaking Out Shells with SSHamble at 3pm in Track 2 (LV1), with even more […]

[Original post on infosec.exchange]
August 9, 2025 at 6:36 AM
hdm.infosec.exchange.ap.brid.gy
BSides Las Vegas 2025 is incredible. Amazing turn-out, fantastic staff, and the sheer variety of content, speakers, and activities sets the bar for what a hacker con should be. You can find the slides from my talk, Turbo Tactical Exploitation: 22 Tips for […]

[Original post on infosec.exchange]
August 5, 2025 at 6:02 AM
hdm.infosec.exchange.ap.brid.gy
runZero Hour #20 is LIVE NOW - This is an amazing episode that includes Rishi & Sandeep of https://projectdiscovery.io/; here to give us the backstory on their company and the Nuclei open source vulnerability scanner (already bigger and more popular than […]

[Original post on infosec.exchange]
This is an amazing episode that includes Rishi & Sandeep of https://projectdiscovery.io/; here to give us the backstory on their company and the Nuclei open source vulnerability scanner (already bigger and more popular than Metasploit!). Hit our YT live stream to hear about PD, Nuclei, and how runZero is working with PD and the community on open source security tools!
July 16, 2025 at 5:14 PM
hdm.infosec.exchange.ap.brid.gy
Hello Austin Gophers! The July ATX Go Meetup is TONIGHT (July 9th). The meetup includes lightning talks, pizza, beverages, and general discussion. Have a neat idea? A quick talk related to Go? Something to show-and-tell? […]

[Original post on infosec.exchange]
July 9, 2025 at 7:45 PM
hdm.infosec.exchange.ap.brid.gy
I'm excited to announce our "Out-of-Band" series; these articles focus on the security risks of management devices like BMCs, serial servers, and IP-enabled KVMs. "Out-of-Band, Part 1: The new generation of IP KVMs and how to find them" is now live at:
https://www.runzero.com/blog/oob-p1-ip-kvm/
A photo showing five models of the PiKVM, including the original in the case-less Raspberry Pi configuration. A photo showing the four types of BliKVM hardware (v1 CM4, v2 PCIe, v3 Hat, v4 AllWinner) A photo showing two models of the NanoKVM, including the Lite and Cube A photo of the JetKVM device
June 26, 2025 at 2:51 PM
hdm.infosec.exchange.ap.brid.gy
Do you enjoy guzzling real-time TLS certificate allocations, but don't want to use a third-party service (crt.sh, CertStream, etc.)? Drink straight from the Certificate Transparency log firehose using ctail:

$ go run github.com/hdm/ctail@latest -f -m '^autodiscover\\.'

https://github.com/hdm/ctail
June 21, 2025 at 5:58 AM
hdm.infosec.exchange.ap.brid.gy
Hello Austin Gophers! The ATX Go Meetup is THIS WEDNESDAY (April 9th). The meetup includes lightning talks, pizza, beverages, and general discussion. Have a neat idea? A quick talk related to Go? Something to show-and-tell? Running into a weird bug? Swing on […]

[Original post on infosec.exchange]
April 8, 2025 at 1:38 AM
hdm.infosec.exchange.ap.brid.gy
Tired of using boring web browsers to manage your exposure with runZero? Nostalgic for the days of clean, MS-DOS terminal graphics? Ditch your modern trappings and visualize your network map using the best visualization tool of all time, ToneLoc:

https://www.runzero.com/blog/subnet-grid-report/
A screenshot of ToneLoc, a wardialing program from the 1990s, displaying network scan data from the 2020s
April 1, 2025 at 1:42 PM
hdm.infosec.exchange.ap.brid.gy
Wondering how and why your vulnerability management tools are failing you? My talk
"Your Next Incident Won't Have a CVE" is now live at https://www.runzero.com/resources/your-next-incident-wont-have-a-cve/

PS. runZero shipped coverage for Nutanix this week
March 27, 2025 at 8:39 PM
hdm.infosec.exchange.ap.brid.gy
Hoping this helps someone else. When setting up a Supermicro AS-1015A-MT 1U w/H13SAE-MF & Ryzen processor, trying to boot Debian 12 or Proxmox 8.3 media results in "Welcome to Grub" and the machine stalling, sometimes also showing "error: no such device: / […]

[Original post on infosec.exchange]
March 25, 2025 at 10:52 PM
hdm.infosec.exchange.ap.brid.gy
Jacob Sandum posted a detailed and well-written PoC for the IngressNightmare (CVE-2025-1974 ) vulnerability found in the Kubernetes ingress-nginx Admission Controller by Wiz (Woogle!). If you are looking for a quick way to reproduce the issue or validate […]

[Original post on infosec.exchange]
Interact with the admission web server, sending an AdmissionRequest containing an nginx configuration. This results in RCE. curl --insecure -v -H "Content-Type: application/json" --data poc.json https://localhost:1337/fake/path Observe logs for successful execution.
March 25, 2025 at 7:58 PM
hdm.infosec.exchange.ap.brid.gy
Today, Wiz (Woogle?) released an advisory detailing an attack chain they’ve dubbed IngressNightmare, which, if left exposed and unpatched, can be exploited to achieve remote code execution by unauthenticated attackers. The advisory, covering five separate […]

[Original post on infosec.exchange]
March 25, 2025 at 12:51 AM
hdm.infosec.exchange.ap.brid.gy
Good morning from Bootstrap`25[1] in Austin, Texas! Haroon Meer kicks us off with "Security Products Don't Have To Suck", which makes many great points, but among those that most security industry "awards" are hot garbage play-to-win trophies, run by the […]

[Original post on infosec.exchange]
A photo from the UT Thompson Center auditorium with banners on the right for the ringzer0 conference and Trend Micro ZDI (a top sponsor). On the project screen is the text "If you build it, they will not come" with a picture of a baseball on a field. Haroon Meer can be seen in a cut-out of the bottom right, wearing a green Thinkst Canary hat, speaking truth to power.
March 22, 2025 at 2:58 PM
hdm.infosec.exchange.ap.brid.gy
Pat Gray, Founder of Risky Business, Joins Decibel as Founder Advisor. Great interview at
https://www.decibel.vc/articles/pat-gray-founder-of-risky-business-joins-decibel-as-founder-advisor
March 18, 2025 at 4:26 PM