HD Moore's Avatar

HD Moore

@hdm.io

CEO and founder of runZero.com, previously the founder and lead developer of Metasploit, a CSO, a consultant, and the head of various security research teams. Contact info, presentations, and more at https://hdm.io/

2,046
Followers 1,429
Following 95
Posts 03.08.2023
Joined
Posts Following

Latest posts by HD Moore @hdm.io

Preview
New AirSnitch attack breaks Wi-Fi encryption in homes, offices, and enterprises That guest network you set up for your neighbors may not be as secure as you think.

New AirSnitch attack breaks Wi-Fi encryption in homes, offices, and enterprises: arstechnica.com/security/202...

AirSnitch resets WiFi security back to the bad-old-days of ARP spoofing and trivial MITM.

26.02.2026 17:26 πŸ‘ 7 πŸ” 4 πŸ’¬ 0 πŸ“Œ 0
Preview
ATX Golang Meetup - February 2026, Wed, Feb 11, 2026, 6:30 PM | Meetup Join us for an evening of information, networking, friendship, beer, and pizza! You are invited to come discuss our favorite programming language and meet other Go develope

Hello Austin Go hackers! Tonight (2026-02-11) is our next ATX Golang meetup, located in Station Austin (aka Capital Factory ). We will have pizza, drinks, and various short talks and discussions related to the Go ecosystem: www.meetup.com/atxgolang/ev...

11.02.2026 18:37 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
Run Internet speed tests from runZero Explorers Get an early signal into usability before you scan. Measure internet connectivity via runZero Explorers to remove uncertainty, with audit logs included.

runZero users get a new feature today (including Community Edition) - recurring internet speed tests for all deployed Explorers! This (very optional) capability lets you identify backhaul/connectivity issues for sites that you can't physically get to: www.runzero.com/blog/interne...

03.02.2026 16:20 πŸ‘ 3 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
ATX Golang Meetup - January 2026, Wed, Jan 14, 2026, 6:30 PM | Meetup Join us for an evening of information, networking, friendship, beer, and pizza! You are invited to come discuss our favorite programming language and meet other Go develope

It's time for our first ATX Gopher meetup of the year! If you are in Austin and write Go code (or would like to start), please join us at 6:30pm at Station Austin (co-located with Capital Factory). Charles and I will be providing pizza and drinks as usual:

www.meetup.com/atxgolang/ev...

14.01.2026 20:17 πŸ‘ 6 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
Synology Reverses Policy Banning Third-Party HDDs After NAS sales plummet Synology has backtracked on one of its most unpopular decisions in years. After seeing NAS sales plummet in 2025, the company has decided to lift restrictions that forced users to buy its own Synology...

they blinked: www.guru3d.com/story/synolo...

09.01.2026 19:19 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Video thumbnail

🎧 We collected some of our favorite podcasts of 2025 featuring @hdm.io for you to enjoy.

πŸ“Ί So go ahead and get yourself some coffee (or hot cocoa!) & watch here: www.runzero.com/blog/fun-pod...

22.12.2025 15:39 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Video thumbnail

Exposure is everywhere now β€” cloud, SaaS, IoT, shadow IT, unmanaged vendors.

Replay the SC Media webcast with @sawaba.bsky.social, @hdm.io & @todb.hugesuccess.org to learn why continuous discovery matters & how attackers exploit what you can’t see.

πŸ‘‰ www.runzero.com/resources/as...

09.12.2025 14:35 πŸ‘ 3 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0

heya! great community as always; easiest way to get in touch is the #atx channel on the gopher slack

04.12.2025 05:11 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Video thumbnail

πŸŽ™οΈ The Hacker's Cache: Kyser Clark talks with Metasploit creator @hdm.io on why CVEs won’t save you in 2025.

They get into non-CVE vulns, hidden SSH risks, attacker innovation, AI’s impact, and why exposing version numbers can improve security.

πŸ‘‰ www.runzero.com/resources/wh...

28.11.2025 14:20 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Video thumbnail

On the latest Risky Biz, @patrick.risky.biz, and @hdm.io talk about visualizing the attack surface with runZeroHound, why you can't synthesize what runZero delivers, & how we are leveraging AI to help predict risks and scan smarter.

πŸ“Ί Watch the full interview: www.runzero.com/resources/ri...

26.11.2025 14:54 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

πŸ“Ί Live webcast Dec 3 with SC Media!

Your attack surface doesn’t end at the firewall.

Join @hdm.io, @todb.hugesuccess.org, and @sawaba.bsky.social to learn how continuous discovery + attack path mapping keeps you ahead.

πŸ‘‰ www.scworld.com/cybercast/at...

24.11.2025 15:02 πŸ‘ 2 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Video thumbnail

🧭 Cybersecurity’s old rules are cracking.

In his SecTor keynote, @hdm.io breaks down the rules that shaped the 2000s: what survived, what failed us, and the new rules we’ll need next.

Missed it? πŸ‘€ Watch the keynote:
www.runzero.com/resources/on...

21.11.2025 14:51 πŸ‘ 1 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Preview
SO-CON 2026 - SpecterOps SO-CON 2026: Secure your spot for the conference and training.

The CFP for SO-CON 2026 closes in about 12 hours (11:59 2025-11-15)! Have a cool approach to attack path management (or awesome connector for BloodHound OpenGraph)? Submit ASAP:

specterops.io/so-con/

15.11.2025 18:54 πŸ‘ 8 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Preview
Be KVM, Do Fraud Hi Everyone! It’s me, your friendly Wav3.

The clever folks at Grumpy Goose Labs have published even more ways to identify unauthorized IP KVMs across your environment, with some great memes to boot! Be KVM, Do Fraud - blog.grumpygoose.io/be-kvm-do-fr...

15.11.2025 00:00 πŸ‘ 13 πŸ” 5 πŸ’¬ 0 πŸ“Œ 0
Post image

Your attack surface is sprawling & full of blind spots.

πŸŽ₯ On Dec 3 at 2 PM ET, SC Media brings together @hdm.io, @todb.hugesuccess.org, & @sawaba.bsky.social to reveal how to operationalize attack surface management without losing your mind.

πŸ‘‰ Register here: www.scworld.com/cybercast/at...

13.11.2025 14:53 πŸ‘ 3 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Post image

runZero Hour is one week away!

Join us on Nov 19: @todb.hugesuccess.org, Rob King, @hdm.io, and Jared Atkinson ( CTO @specterops.io ) break down attacker movement, graph analysis, runZeroHound, and this month’s top vulnerabilities.

πŸ‘‰ Register here: www.runzero.com/research/run...

12.11.2025 15:27 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Post image

🚨Your secure enclave? More of a suggestion than a guarantee.

If you were expecting TEEs to provide private computing in untrusted data centers, this latest article by @arstechnica.com featuring our Founder & CEO @hdm.io is a must-read:

arstechnica.com/security/202...

11.11.2025 14:52 πŸ‘ 0 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
Identify insecure TLS services with runZero Certificate Inventory The runZero Certificates Inventory is an essential tool for seeing and securing every certificate in your environment. Explore these essential use cases.

Identify insecure TLS services with the enhanced runZero Certificate Inventory: www.runzero.com/blog/identif...

06.11.2025 15:07 πŸ‘ 5 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
After VMware: Managing EOL for Proxmox Hypervisors Outdated Proxmox VE installs leave systems exposed as users migrate from VMware. With runZero you can easily identify EoL hosts and expiring TLS certs.

πŸŽƒ Happy Halloween! The end of #CybersecurityAwarenessMonth means it's time for our EoL-palooza grand finale!

The scariest find? A surge of End-of-Life Proxmox systems... software zombies attackers feast on.

πŸ§Ÿβ€β™‚οΈ @hdm.io has the guide to hunt them down: www.runzero.com/blog/managin...

31.10.2025 13:44 πŸ‘ 2 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Preview
AHA! Austin Hackers Anonymous!

Austin Hackers Anonymous (AHA) is TONIGHT (2025-10-30) takeonme.org - Have some zero-day to share? AHA is an official CNA and will issue CVEs for vulnerabilities disclosed at the meeting. I'm planning to demo more SSHamble.com findings along with BloodHound OpenGraph stuff. See yall soon!

30.10.2025 21:18 πŸ‘ 5 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0

So this story is super duper interesting for a whole ton of reasons, but one big one is its a very rare glimpse into the private valuation of high-end exploits held by major defense contractors

bsky.app/profile/lega...

29.10.2025 23:45 πŸ‘ 635 πŸ” 220 πŸ’¬ 8 πŸ“Œ 5
Preview
Uncovering network attack paths with runZeroHound runZeroHound converts runZero asset inventories into BloodHound OpenGraph imports, enabling Cypher-based analysis of real network attack paths.

Just like chocolate and peanut butter, runZero and BloodHound are an amazing combination. Today we are introducing runZeroHound - an open source toolkit for bringing runZero Asset Inventory data into BloodHound attack graphs: www.runzero.com/blog/introdu...

27.10.2025 16:34 πŸ‘ 6 πŸ” 1 πŸ’¬ 0 πŸ“Œ 1
Post image Post image Post image Post image

It's the spooky season, so several of my ebooks are on sale. πŸ’€πŸŽƒπŸͺ¦
Aloha from Hell appears to be $2.99 everywhere, and The Secrets of Insects is $6.99.
Dead Set and King Bullet are $1.99 each on Amazon.
US only

23.10.2025 17:03 πŸ‘ 53 πŸ” 15 πŸ’¬ 3 πŸ“Œ 3
Preview
Catching Credential Guard Off Guard - SpecterOps Uncovering the protection mechanisms provided by modern Windows security features and identifying new methods for credential dumping.

SpecterOps released "DumpGuard" along with a detailed article on how they were able to bypass Windows Credential Guard in both privileged and unprivileged contexts. I learned a ton about Isolated LSA and friends: specterops.io/blog/2025/10...

23.10.2025 19:19 πŸ‘ 3 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

Our new website has launched. We will continue to update the site with information as it becomes available.

https://bsidespyongyang.com/

20.10.2025 03:55 πŸ‘ 7 πŸ” 5 πŸ’¬ 0 πŸ“Œ 1
Post image

πŸŽ™οΈ Join @hdm.io, @todb.hugesuccess.org & @sawaba.bsky.social for a live SC Media webcast:

β€œFixing a Broken System: Why Legacy Vulnerability Management Tools Can’t Keep Up”

Learn what’s next for exposure & attack surface management.

πŸ“… Oct 29
⏰ 2 PM ET
πŸ”— www.scworld.com/cybercast/fi...

22.10.2025 13:59 πŸ‘ 2 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0

I β™₯️ encryption

21.10.2025 16:24 πŸ‘ 307 πŸ” 67 πŸ’¬ 4 πŸ“Œ 0
runZero Hour: Episode 23
runZero Hour: Episode 23 Join us for a scary episode of runZero Hour with Rob King, Tod Beardsley, and EOL expert and technology necromancer, captn3m0 (pronounced β€œnemo”). They will summon and explore runZero’s latest…

Today's runZero Hour is up with Rob King, Tod Beardsley, and EOL expert and technology necromancer, captn3m0 (pronounced β€œnemo”). They will summon and explore runZero’s latest research paper, β€œUndead by design: Benchmarking end-of-life operating systems”:

www.youtube.com/watch?v=BXBb...

15.10.2025 18:11 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
JawnCon closing session - stats on badges, speakers, bandwidth, and money raised for FU Cancer

JawnCon closing session - stats on badges, speakers, bandwidth, and money raised for FU Cancer

JawnCon (jawncon.org) 0x02 just wrapped! I wish I could make it this year, but settled for catching the talks on the live stream:

Main Stage Day 1: www.youtube.com/live/Cvf-mAd...

Man Stage Day 2: www.youtube.com/watch?v=bcr6...

Classroom Day 2: www.youtube.com/watch?v=1aML...

13.10.2025 20:43 πŸ‘ 5 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
ATX Golang Meetup - September 2025, Wed, Sep 10, 2025, 6:30 PM | Meetup Join us for an evening of information, networking, friendship, beer, and pizza! You are invited to come discuss our favorite programming language and meet other Go develope

Hello Austin Gophers! Join us tonight, Wednesday, October 8th, 2025 for two hours of lightning talks and discussion at the ATX Go meetup. This is hosted by Capital Factory and runs from 6:30 PM to 8:30 PM central (with pizza and drinks!): www.meetup.com/atxgolang/ev...

08.10.2025 16:46 πŸ‘ 3 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0