runZero (Official Account)

Legacy OT didn’t disappear...it went underground.
Catch Rob King at the #DEFCON ICS Village:

🗓 Today @ 11am PDT
🎤 There and Back Again: Detecting OT Devices Across Protocol Gateways
📍 Las Vegas Convention Center

🔗 www.runzero.com/def-con-33-r...

See HD Moore at DEF CON 33! This session is an extension of our 2024 work and includes new research as well as big updates to our open source research and assessment tool, SSHamble.

🔐 @hdm.io Moore takes the DEF CON Main Stage today!
📍 3PM PDT | “Shaking Out Shells with SSHamble”

Learn What’s new with SSHamble, what’s improved, and where it’s headed.

👉 Join us live: www.runzero.com/def-con-33-h...

🗣 Today at The Diana Initiative!

@hdm.io & Nicole Schwartz explore what it takes to build lasting cyber communities.

🕐 1pm PDT | LVCC W205
📍 The Diana Initiative Village (LVCC room: W205) | DEF CON 33
🎙️ Forging Strong Cyber Communities in Uncertain Times

🔗 www.runzero.com/summer-camp-...

EPSS Pulse: Find the vulnerabilities that matter EPSS Pulse is a free tool that tracks shifts and recent trends in EPSS data, giving you the context you need to prioritize vulnerabilities with confidence.

Risk scores shift constantly. But which ones actually matter?

@todb.hugesuccess.org is sharing our new tool, EPSS Pulse, with the Black Hat crowd today. It tracks daily CVE volatility so you can prioritize smarter.

🔎 Tool: www.runzero.com/epss-pulse/
📖 Blog: www.runzero.com/blog/introdu...

See Tod Beardsley at Black Hat USA 2025! This talk digs into the strengths, weaknesses, and absurdities of CVSS, EPSS, & SSVC, comparing them to the reality of how teams actually handle vulns.

🗣️ CVSS, EPSS, SSVC: Science or Security Theater?

Join @todb.hugesuccess.org at Black hat as he unpacks the absurdities of vuln scoring frameworks and what actually helps defenders.

🎙️ Aug 7 @ 2:30pm PDT
📍 Islander E & I, Level 0 - North Convention Center
🔗 www.runzero.com/black-hat-us...

🧊 The Yeti’s hacker lair is heating up at #BlackHat! Last shot to try the Master Hacker challenge, snag cool keychains & stickers, and grab one of our final 100 Caesar cipher coins!

⚡Headed to #DEFCON? Swing by for a light-up badge + play our game! 🏆 Find us in Mandalay Bay!

HD Moore joins CyberRisk TV

🎥 Live now from Black Hat!

runZero founder HD Moore joins CyberRisk TV to talk exposure management, legacy scanner gaps & why real visibility matters.

Big ideas. Strong opinions. No fluff.

📺 Watch here: www.scworld.com/blackhat

See Matthew Kienow at Black Hat Arsenal 2025! See how to capture, decode, replay, and fuzz serial communications flowing between microprocessors on an embedded device circuit board in real time.

🗣️ Today at Black Hat!

Join Matthew Kienow & Deral Heiland at 11am PDT for a live demo of Akheron Proxy, a tool for bridging, capturing, replaying, and manipulating UART inter-chip communications.

📍 Business Hall, Arsenal Station 9
🕚 11am PDT
🔗 www.runzero.com/black-hat-ar...

See HD Moore at Black Hat USA 2025! This panelist discussion will highlight how bootstrapping enables cybersecurity founders to develop battle-tested solutions and share practical strategies.

Join @hdm.io today at Black Hat 🛠

💸 Self-Funded Security
🗓 Aug 5 @ 3pm PT | Mandalay Bay GH, Level 2

Why bootstrapped beats VC — real feedback, faster pivots, no fluff.

🔗 www.runzero.com/black-hat-us...

#BlackHat2025 #HSC2025

🎙️ What Should CVE Be When It Grows Up?
🗓️ Today, Aug 5 | 1PM PDT | 255 E Flamingo Rd

Funding cuts. Global rivals. Can CVE evolve?

Tod Beardsley of @runZero breaks it down today at BSides LV.
👉 www.runzero.com/bsides-las-v...

🦄 Coming up at @dianainitiative.bsky.social: How do we build resilient, inclusive networks that last? Join @hdm.io & TDI board member @circuitswan.bsky.social at 3pm PDT for:

🎙️ Forging Strong Cyber Communities in Uncertain Times
📍 UNLV Student Union
🕒 3pm PDT
🔗 www.runzero.com/summer-camp-...

See HD Moore at BSidesLV 2025! This rapid-fire session delivers 22 practical tips to help you find juicy targets faster, pivot cleaner, and avoid wasting time on noise. See you there!

Kicking off Hacker Summer Camp with a 🔥 session at @bsideslv.org! @hdm.io takes the stage for a turbo-charged talk. Take a whirlwind tour through 22 practical exploitation tips faster than you can say SYN/ACK-ACK.

📍 The Tuscany, Ground Floor
🕚 11am
🔗 www.runzero.com/bsides-las-v...

🚨 Chinese-made surveillance gear is under fire.

🇺🇸 Section 889 prohibits US agencies & contractors from using certain devices. But what if they’re mislabeled or buried in your network?

👁️ runZero can help you find them. See how in our latest blog.

www.runzero.com/blog/section...

👾 Hacker Summer Camp is almost here! runZero Research has 6⃣ talks lined up across @bsideslv.org, @dianainitiative.bsky.social, @blackhatevents.bsky.social & @defcon.bsky.social. From new SSH bugs to slicing open scoring systems, we're here for it!

Details 👉
www.runzero.com/blog/six-cou...

Why we must go beyond tooling and CVEs to illuminate security blind spots - Help Net Security Incomplete visibility across the attack surface leads to unmanaged exposure. Defense demands context-aware discovery.

Why we must go beyond tooling and CVEs to illuminate security blind spots

📖 Read more: www.helpnetsecurity.com/2025/07/18/a...

#cybersecurity #cybersecuritynews #CVE #vulnerabilitymanagement @runzero.com @todb.hugesuccess.org

YouTube video by runZero, Inc runZero Hour: Episode 20

🎙️ Live at the top of the hour: open source + exposure management magic on today's runZero Hour. Project Discovery joins @todb.hugesuccess.org @hdm.io and Rob King to talk about how we're working together to build safer, smarter scanning.

📺 Stream it live: www.youtube.com/watch?v=kLyu...

🎙️ runZero Hour Recap: CVE chaos, MCPs, and the fight for better vulnerability data! In Episode 19, @todb.hugesuccess.org sat down with Rob King and @jgamblin.bsky.social to dissect the state of vulnerability data.

🧠 Read the recap and watch the full episode here: www.runzero.com/blog/runzero...

🎙️Just dropped! Our own @hdm.io joins @paulasadoorian.bsky.social + the rest of the crew on Paul's Security Weekly to discuss finding all the things and why vuln management is dead as we know it.

📺 Full episode:
www.runzero.com/resources/is...

More on default creds:
www.runzero.com/blog/integra...

YouTube video by runZero, Inc runZero Hour: Episode 19

🎙️ What happens when you mix CVEs with LLMs, MCP, and a little ingenuity? Find out today at 1 PM ET! @jgamblin.bsky.social joins @todb.hugesuccess.org and Rob King on runZero Hour to talk about his new MCP server!

📺 Watch:
www.youtube.com/watch?v=CjKN...

📌 Subscribe: www.runzero.com/research/run...

Join us this Wednesday for the next episode of runZero Hour.

🧠 CVEs need context—and @jgamblin.bsky.social has ideas.
Catch him live on #runZeroHour this Wed, June 18 @ 1PM ET with @todb.hugesuccess.org. We’ll talk LLMs, MCP, and the future of vulnerability intelligence.
🔗 runzero.com/research/run...

runZero Loves Open Source: Integrating Nuclei runZero now integrates with Nuclei scanner to detect default logins across IoT, OT, IT, and DevOps apps like Tomcat, Jenkins, SolarWinds, and more.

We 🩵 open source and are beyond excited to announce that we have added initial support for ProjectDiscovery’s open source Nuclei scanner — kicking off with safe, targeted checks for default and weak web credentials across IT, OT, IoT, and cloud environments. More 👇
www.runzero.com/blog/integra...

🎙️ Just dropped: From Vulnerability to Visibility

@todb.hugesuccess.org shares how runZero takes an attacker’s view of IT, OT & IoT environments—treating them like a black box to uncover hidden risks.

🎧 Full episode: www.runzero.com/resources/fr...

Recorded at #Infosec2025 with @itspmagazine.com

🏆 Big news: runZero is a 2025 Rising in Cyber winner! It's an honor to be acknowledged by CISOs who are in the trenches every day and know that we are having a meaningful impact for defenders. Thank you Notable Capital and NYSE for this recognition!

www.runzero.com/newsroom/ris...

runZero is headed to InfoSec Europe! London will never be the same. Join us for:

☕ Free coffee
🧊 Cool Yeti gear
🔍 Instant visibility into IT, OT, IoT, mobile, & cloud
🌐 Total attack surface management
🛠️ No agents. No authentication. No gaps.

Come see us in Stand D108!

YouTube video by runZero, Inc runZero Hour: Episode 18

🔴 Live at 1pm ET today! Join vulnerability expert Jay Jacobs, along with @todb.hugesuccess.org and Rob King for a special runZero Hour. We’re debating all things CVSS, EPSS, and SSVC.

📺 Tune in on YouTube:
www.youtube.com/watch?v=348L...

🎥 Register via Zoom: www.runzero.com/research/run...

📷 We have an awesome runZero Hour teed up for you this week! Tune in LIVE as @todb.hugesuccess.org & Rob King welcome special guest Jay Jacobs on Wednesday, May 21st @ 1PM ET for a spicy debate on vulnerability scoring methodologies.

📷 Register for the webcast:
www.runzero.com/research/run...

YouTube video by NorthSec NorthSec 2025 - Salle Ville-Marie - Day 2

It's almost time! @todb.hugesuccess.org takes the stage at 11:30 ET at @northsec.io to dissect the three most-used vulnerability scoring systems — CVSS, EPSS & SSVC. He'll be unpacking what they reveal, where they mislead, & how to read between the scores. Tune in:
www.youtube.com/watch?v=9IT6...

YouTube video by NorthSec NorthSec 2025 - Salle Ville-Marie - Day 1

What do ghosts, squids, and scoring systems have in common? Find out at 9:15 ET! Join us live at NorthSec or tune in virtually on YouTube for @hdm.io's keynote: A Pirate’s Guide to Snake Oil and Security.

www.youtube.com/watch?v=J4rG...

Divining Risk: Deciphering Signals From Vulnerability Scores Vuln scores aim to clarify but often create noise. We analyzed 270k+ CVEs to see what CVSS, EPSS & SSVC reveal – and what they don't.

⚡ New Report⚡ Divining risk isn’t just for mystics. Defenders do it every day — reading signals, spotting patterns, & deciding what really matters. @todb.hugesuccess.org analyzed the scoring systems at the core of modern triage: CVSS, EPSS, & SSVC. See what he found: www.runzero.com/resources/de...

Uncovering Risky Protocols in Unexpected Places We shine a light on the strange, surprising, and dangerous services hiding in your environment — and how to use runZero to uncover them all.

Protocol-port mismatches are everywhere. SSH on 443. RDP on 8080. And plenty more.

Our latest blog post shares real examples from the field and shows how teams are using runZero to uncover risky services before they become entry points for attackers.

👉 Read more: www.runzero.com/blog/risky-p...