runZero Hour, Ep. 7: Fascinating Payloads & New Revelations in Threat Intelligence

In Episode 7 of runZero Hour, we welcome our first guest, Brianna Cluck, Security Research and Detection Engineer, from GreyNoise Labs!

Brianna shared insights on her fascinating work using honeypots to hunt and tag CVE-related traffic in the wild, flagging potential threats for defenders. She is a passionate cyber detective and enthusiastically cracked open the vault to reveal vexing, unsolved security mysteries. Tune in for a live brainstorming session to see how GreyNoise Labs and the runZero research team worked together to solve the 'x-files' mysteries that Brianna has collected in her cybersecurity travels.

The runZero research team also uses honeypots; however, instead of searching for threat activity like GreyNoise Labs, honeypots are goldmines for CAASM-related research, revealing new types of attacker techniques that can then be applied to asset discovery protocols. Learn how HD Moore sets up small honeypots to collect traffic and classify unknown packets quickly, aka 'the lazy way.'

Next, Tom Sellers takes a deep dive into his recent work probing Microsoft servers via TLS and explains how direct customer feedback can help the runZero research team develop more precise fingerprinting for improved asset discovery.

Last, but not least, we shared the most recent Rapid Response highlights. Find potentially vulnerable systems using queries in posts below; fun fact, you can use these with our free trial and Community Edition, along with our licensed Platform. Enjoy!

• How to find Westermo EDW-100 devices
• How to find Check Point devices
• How to find Uniview NVR301-04S2-P4 devices
  
• How to find Johnson Controls Software House iStar Pro Door Controller devices with runZero
  
• How to find Citrix NetScaler ADCs and Gateways