'Tis the season for all things merry and bright. 

Happy holidays! The eggnog is flowing, lights are twinkling, and airports are utter chaos. We wish all of you a very merry holiday season and a happy new year!

With last-minute deliveries arriving on doorsteps and in inboxes, we've rounded up a few of our favorite things from 2024 as our gift to you. Here's a peek at what's inside this month's edition:

• New research from HD Moore on inside-out attack surface management
• A full year of on-demand runZero Hours (and a link to subscribe to the 2025 research webcast series!)
  
• Our inaugural research report
• Our first open source tool
• Our favorite webcasts
• Rapid Responses to help you tackle zero-day threats into the New Year

As we look ahead to 2025, we’re grateful for your support. This edition also marks one year of runZero Minutes; we truly hope these newsletters have offered helpful tools and insights to help you stay secure.

The runZero Team

HD Moore’s Latest Research: Inside Out Attack Surface Management

We've got new research that will forever redefine how you approach attack surface management. See how flipping external approaches inside-out overcomes common challenges like attribution accuracy and false positives, and why starting with a deep understanding of your internal attack surface delivers significant improvements in external defenses.

Tune in now to learn:

• How to find hidden risks that other solutions miss: Uncover high-risk exposures, cloned servers, exposed encryption keys, duplicated certificates, misconfigurations, and other vulnerabilities that traditional EASM tools often miss.
  
  
• Why asset fingerprinting is key: Understand why an accurate view of your external attack surface starts with detailed asset fingerprinting—not just IPs and domain names—enabling you to determine if any assets discovered within your internal networks are also visible on the public internet.
  
  
• Inside-out techniques in action: See a live demonstration of how inside-out methods, powered by the runZero Platform, can reveal what’s truly at risk and how everything is connected.

Check out this novel approach to bridge amazing internal visibility with external defenses.

Our first year of runZero Hour is a wrap!

Cozy up with your favorite holiday beverage and watch all thirteen episodes of runZero Hour on-demand! Jump down the security rabbit hole to investigate risky exposures and attack surface anomalies, and get the lowdown from our expert researchers who have been unpacking them for decades.

Watch on-demand ›

Gear up for 2025 and ensure you don't miss an episode by subscribing to the runZero Hour series. Tap into novel insights, pioneering research, and practical strategies to help you stay secure... plus some good old-fashioned cybersecurity fun and entertainment!

Register for the 2025 series ›

Check out our inaugural research report! 

The runZero research team analyzed tens of millions of data points to better understand today’s attack surfaces, exposure patterns, and emerging threats—and the results were surprising!

Download "The State of Asset Security: Uncovering Alarming Gaps & Unexpected Exposures" to see what we found, including:

• Unusual assets are risky assets—and how to find the “outliers” on your network
• OT/ICS devices are increasingly connected to the public Internet—and what to look for in your environment
• More than half of physical devices are invisible or offer “limited visibility” to security teams—and methods for uncovering this “dark matter”
• Network segmentation is decaying—and ways to visualize and verify segmentation quickly
• Zero-day attacks at the network edge are surging—and how you can better defend yourself

Get our first open source tool: SSHamble.

SSHamble simulates potential attack scenarios, including unauthorized remote access due to unexpected state transitions, remote command execution in post-session login implementations, and information leakage through unlimited high-speed authentication requests.

The SSHamble interactive shell provides raw access to SSH requests in the post-session (but pre-execution) environment, allowing for simple testing of environment controls, signal processing, port forwarding, and more.

Ready to dive in?

Popular webcasts of 2024

runZero Hour, Ep. 13: Anniversary episode reflecting on 2024 through the lens of IT-OT/IoT convergence
On-Demand runZero Hour, Ep. 11: A CISA insider's perspective on managing the KEV catalog
On-Demand
Ever wondered how CISA tackles its crucial role in protecting the nation’s cyber and physical infrastructure? Tod Beardsley, Section Chief for Vulnerability Analysis and Operations, at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), joined us to share an insider’s perspective into CISA’s mission and the management of the  Known Exploited Vulnerabilities (KEV) catalog.

Safeguarding OT/ICS Assets: Insights from the U.S. Department of Energy
On-Demand
Hear an insightful discussion on asset identification, attack surface enumeration, and configuration management of OT/ICS devices through the lens of a new, groundbreaking research report from the National Renewable Energy Lab’s (NREL) Clean Energy Cybersecurity Accelerator™ (CECA) program.

Dangerous Dark Matter: Confronting the Creepy Unknowns in Your Network
On-Demand
Explore “network dark matter” and zero-day threats, with real-world examples of how these unknowns have been exploited. Learn strategies to illuminate and secure the dark corners of your network.

Did you know runZero can help you respond to zero-day threats without security probes or a rescan? It’s true!

Check out our Rapid Response posts for tips from our runZero Research team and pre-built queries that can help you identify potential exposures in your environment — and that includes free trial users!

---

See all Rapid Responses ›