Join us on Wednesday, September 18, for the next exciting episode of runZero Hour. Register Now

Catch up on the latest episode of runZero Hour, tinker with SSHamble, or dive into one of many articles that explore the world of exposure management through the runZero lens.

Let's Get Ready to SSHamble!

SSHamble is now available! Get the tool and save your spot for our deep-dive webcast all about it, demonstrating how to identify exposures in SSH implementations and the applications behind them.

Register Now

Volume 1

Check out the Research Report

Delve into our findings on the state of security in enterprise infrastructure, revealing alarming gaps and unexpected trends, from network segmentation decay to dark matter accumulation.

Download the Report

runZero Hour

Join our monthly deep dive series on the state of cyber asset security.

Webcasts
runZero Hour: Episode 9 (SSHamble Edition)
Didn't make it to DEF CON 32? We got you! This episode of runZero Hour explores all things SSH, including our new open-source tool: SSHamble.
Watch Now
Webcasts
runZero Hour, Episode 8: Kaspersky Ban, Energy Sector & regreSSHion
The latest insights (and opinions!) on the impending US ban of Kaspersky products, the FBI's warning for threats against the renewable energy...
Watch Now
Webcasts
runZero Hour, Episode 7: Fascinating Payloads & New Revelations in Threat Intelligence
Tune in for our monthly deep dive on the state of asset security. In Episode 7, we welcome a special guest, Brianna Cluck, from GreyNoise.
Watch Now
Webcasts
runZero Hour, Episode 6: The Research Report Deep Dive
Join the runZero Research team as they discuss highlights of their new research and share insights derived from analysis of nearly four million...
Watch Now
Webcasts
runZero Hour, Episode 5: XZ Utils Backdoor
On this episode, the runZero Research team dives into some hot topics including the XZ Utils Backdoor (CVE-2024-3094) and expert analysis of the...
Watch Now
Webcasts
runZero Hour, Episode 4: Network Lookalikes and Fingerprinting Challenges
The fourth episode of runZero Hour, featuring the latest insights, anecdotes, and observations from the runZero Research team.
Watch Now
Webcasts
runZero Hour, Episode 3: Fingerprinting OT Protocols
Episode 3 of the runZero Hour webcast gave us a flavor of what it’s like to fingerprint OT protocols that aren’t as accessible if you aren’t part...
Watch Now
Webcasts
runZero Hour, Episode 2: Deep dive into Transport Layer Security (TLS)
Episode 2 of the runZero Hour webcast took a quick survey of new IoT devices that showed up on the network over the holidays at the end of 2023....
Watch Now
Webcasts
runZero Hour, Episode 1: Hunting Outliers to Strengthen Security Defense
This inaugural episode of runZero Hour features the latest insights, anecdotes, and observations from the runZero Research team.
Watch Now

Latest Research Blogs

Dive into the latest insights, observations, and opinions on CAASM.

runZero Research
How to detect SSH key reuse
Unmanaged SSH keys leaves networks vulnerable to cyber attacks. Learn how Zero helps with auditing SSH keys to reduce unnecessary exposures on your...
Read More
runZero Research
End-of-life assets: managing risks in outdated technology
Outdated assets create a more accessible entry point for attackers to exploit your attack surface. Learn how the runZero Platform effectively...
Read More
runZero Research
Cyber asset management in the era of segmentation decay
Network segmentation faces limitations with modern equipment. See how a CAASM approach can improve asset discovery and threat protection.
Read More
runZero Research
How runZero speaks to the TwinCAT 3 Automation Device Specification (ADS) Protocol
In industrial automation, TwinCAT 3’s Automation Device Specification (ADS) protocol ensures seamless communication between components and systems....
Read More
runZero Research
Unusual Assets: The Riskiest Factor in Attack Surface Management
runZero’s research finds outlier assets, even if just slightly unusual, are often significantly riskier than others. The outlier score gives...
Read More
runZero Research
Active Asset Discovery in OT networks: runZero and the NREL/CECA Report
The Cohort 2 report describes how runZero safely discovers devices in a large, complex OT/ICS environment. Learn more about runZero's discovery...
Read More
runZero Research
AI in CAASM: The Risks of LLM Data in Security-Critical Workflows
Current generation AI tools provide appealing answers but struggle with a crucial challenge: knowing the truth, which poses great security risks.
Read More
runZero Research
SSHamble: Unexpected exposures in the Secure Shell
We conducted a deep dive into the SSH ecosystem and identified vulnerabilities across a wide range of implementations. During the research process,...
Read More
runZero Research
Attack Surface Challenges with OT/ICS and Cloud Environments
Learn why successfully navigating changes to operational technology and cloud attack surfaces is critical for successful asset security.
Read More
runZero Research
Evolving threat landscapes: a view through the lens of CAASM
See what our analysis of sample CAASM data reveals about the current threat landscape and how security teams are responding to challenges old and new.
Read More
runZero Research
One ping to find them: lean network discovery
Our engineering team focuses on getting the maximum amount of information from the network while sending as little traffic as possible.
Read More
runZero Research
Fingerprinting Windows build numbers
Our goal at Rumble is to help customers identify everything on their networks, quickly, and without authentication. This process is driven by...
Read More

Rapid Response

Uncover 0-day threats immediately with runZero prebuilt queries.

Rapid Response
How to find D-Link DIR-846W routers on your network
D-Link has disclosed several vulnerabilities regarding their DIR-846W routers. Here's how to find them on your network.
Read More
Rapid Response
How to find Zyxel devices on your network
Zyxel disclosed a vulnerability in several Zyxel Wireless Access Point (WAP) and router devices. CVE-2024-7261 is rated extremely critical with...
Read More
Rapid Response
How to find AVTECH cameras on your network
Akamai disclosed a 0-day vulnerability in the AVTECH AVM1203 network camera. CVE-2024-7029 is rated high with CVSS score of 8.7.
Read More
Rapid Response
How to find MOBOTIX IP cameras on your network
MOBOTIX has disclosed several vulnerabilities in its P3 and Mx6 cameras. Here's how to find them on your network.
Read More
Rapid Response
How to find Versa Director installations with runZero
How to find Versa Director (targeted by Volt Typhoon) installations using runZero
Read More
Rapid Response
How to find VMware ESXi installations
On March 5th, 2024, VMware disclosed several vulnerabilities in its ESXi, Workstation, and Fusion products.
Read More
Rapid Response
How to find Samba instances on your network
How to find Samba v4 instances # On October 10th, the Samba team announced an interesting vulnerability that could allow a remote attacker to...
Read More
Rapid Response
How to find outdated lighttpd services
Outdated versions of the open source lighttpd web server are vulnerable to a handful of security vulnerabilities
Read More
Rapid Response
How to find Citrix NetScaler ADCs and Gateways
A new vulnerability was disclosed in NetScaler ADC and Gateway products for version 13.1-50.23.
Read More
Rapid Response
How to find Siemens devices on your network
Siemens has disclosed multiple vulnerabilities for a variety of products and devices, including the SCALANCE and RUGGEDCOM product lines.
Read More
Rapid Response
How to find Rockwell Automation devices
Rockwell Automation has disclosed multiple vulnerabilities in their ControlLogix, GuardLogix, CompactLogix, and Compact GuardLogix products.
Read More
Rapid Response
How to find IPv6-exposed Microsoft Windows systems on your network
On August 13, 2024, Microsoft disclosed a vulnerability affecting a number of different versions of the Windows operating system. Here's how to...
Read More
Background Image

Customer Focused

Meet the runZero Research Team!

We are a group of industry veterans with decades of experience in information security, who are committed to runZero’s foundational principle that applied research makes for better asset discovery, and that better asset discovery is the foundation of modern exposure management.

The goal of the runZero research team is to discover incredibly efficient ways to pinpoint at-risk devices and quickly get this information into the hands of our customers and community. We achieve this through both precise fingerprinting and fast outlier analysis across IT, OT, IoT, cloud, mobile, and remote environments. 

HD Moore

Founder & CEO

HD Moore is the founder and CEO of runZero. Previously, he founded the Metasploit Project and served as the main developer of the Metasploit Framework, which is the world's most widely used penetration testing framework.

More from HD Moore

Rob King

Director of Security Research

Rob King is the Director of Security Research at runZero. Over his career Rob has served as a senior researcher with KoreLogic, the architect for TippingPoint DVLabs, and helped get several startups off the ground. Rob helped...

More from Rob King

Tom Sellers

Principal Research Engineer

Tom Sellers is a Principal Research Engineer at runZero. In his 25 years in IT and Security he has built, broken, and defended networks for companies in the finance, service provider, and security software industries. He has...

More from Tom Sellers

Blain Smith

Security Research Engineer

Blain Smith is a Security Research Engineer at runZero. He spent most of his career in cloud and distributed systems for AAA gaming, entertainment, and networking working on some of the most popular games and systems millions...

More from Blain Smith

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

Try it Free
© Copyright 2024 runZero, Inc. All Rights Reserved