🗓️ Sign up for the 2025 runZero Hour webcast series and never miss a new episode! Register Now

Rob King

Director of Security Research

65 Published Articles

About Rob King

Rob King is the Director of Security Research at runZero. Over his career Rob has served as a senior researcher with KoreLogic, the architect for TippingPoint DVLabs, and helped get several startups off the ground. Rob helped design SC Magazine's Data Leakage Prevention Product of the Year for 2010, and was awarded the 3Com Innovator of the Year Award in 2009. He has been invited to speak at BlackHat, Shmoocon, SANS Network Security, and USENIX.

Latest Stories

Rapid Response
How to find Siemens devices on your network
Siemens disclosed ten vulnerabilities in a variety of products, including their RUGGEDCOM, SENTRON, and others. Here's how to find impacted devices.
Read More
Webcasts
runZero Hour, Ep. 13: Anniversary episode reflecting on 2024 through the lens of IT-OT/IoT convergence
In this special anniversary episode we gathered an all-star panel of cybersecurity experts to look back on 2024 through the lens of IT-OT/IoT...
Watch Now
Rapid Response
How to find Ivanti Cloud Services Appliance on your network
Ivanti has disclosed multiple critical vulnerabilities in their products. Here's how to find them on your network.
Read More
Rapid Response
How to find potentially vulnerable Ivanti Connect Secure and Policy Secure installations
Ivanti has disclosed vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure products. Here's how to find potentially vulnerable systems.
Read More
Rapid Response
How to find Cleo Harmony, LexiCom, and VLTransfer installations on your network
Cleo Software has disclosed CVE-2024-50623 affecting installations of Cleo Harmony, VLTransfer, and LexiCom on your network. Here's how to find...
Read More
Webcasts
runZero Hour, Ep. 12: A deep-dive into OT devices, protocols, and vulnerabilities
In this month’s episode of runZero Hour, we take a deep dive into new research insights on OT devices, protocols, and vulnerabilities.
Watch Now
Rapid Response
How to find Fortinet assets on your network
Fortinet has issued advisories for its FortiAnalyzer, FortiAnalyzer-BigData, FortiManager, and FortiOS products.
Read More
Rapid Response
How to find Rockwell Automation devices
Rockwell Automation has disclosed multiple vulnerabilities in their ControlLogix, GuardLogix, CompactLogix, and Compact GuardLogix products.
Read More
Rapid Response
How to find FortiManager instances on your network
How to find FortiManager instances on your network using runZero
Read More
Talks
DEF CON 32: SSHamble: Unexpected Exposures in SSH (Video)
This talk digs deep into SSH, the lesser-known implementations, many of the surprising security issues found along the way, and how to exploit them.
Watch Now
Webcasts
runZero Hour, Ep. 11: A CISA insider's perspective on managing the KEV catalog
Tod Beardsley, CISA cybersecurity expert offers an insider’s look into CISA’s mission and management of the Known Exploited Vulnerabilities (KEV)...
Watch Now
Rapid Response
How to find Cisco IOS & IOS-XE devices
Cisco Systems has disclosed 14 vulnerabilities in their devices which run Cisco IOS & IOS XE software. Here's how to find potentially vulnerable...
Read More
Webcasts
runZero Hour, Ep. 10: RDP security, ATG & PC-WORX OT protocols
We dug into the details of three different protocols, and explored how our exceptionally creative customers help drive innovation in our platform.
Watch Now
runZero Research
Proven fingerprinting techniques for effective CAASM
Precise asset identification is critical for effective cyber asset attack surface management. See how runZero’s techniques are unmatched.
Read More
Rapid Response
How to find Zyxel devices on your network
Zyxel disclosed a vulnerability in several Zyxel Wireless Access Point (WAP) and router devices. CVE-2024-7261 is rated extremely critical with...
Read More
runZero Research
How to detect SSH key reuse
Unmanaged SSH keys leaves networks vulnerable to cyber attacks. Learn how Zero helps with auditing SSH keys to reduce unnecessary exposures on your...
Read More
Talks
DEF CON 32: SSHamble: Unexpected Exposures in SSH (PDF)
This presentation digs deep into SSH, the lesser-known implementations, many of the surprising security issues found along the way, and how to...
Download Presentation
Webcasts
runZero Hour, Ep. 9: (SSHamble Edition)
Didn't make it to DEF CON 32? We got you! This episode of runZero Hour explores all things SSH, including our new open-source tool: SSHamble.
Watch Now
Rapid Response
How to find Versa Director installations with runZero
How to find Versa Director (targeted by Volt Typhoon) installations using runZero
Read More
runZero Research
End-of-life assets: managing risks in outdated technology
Outdated assets create a more accessible entry point for attackers to exploit your attack surface. Learn how the runZero Platform effectively...
Read More
runZero Research
Cyber asset management in the era of segmentation decay
Network segmentation faces limitations with modern equipment. See how a CAASM approach can improve asset discovery and threat protection.
Read More
Rapid Response
How to find IPv6-exposed Microsoft Windows systems on your network
On August 13, 2024, Microsoft disclosed a vulnerability affecting a number of different versions of the Windows operating system. Here's how to...
Read More
Rapid Response
How to find OpenSSH systems on your network
On August 7, 2024, a high-severity vulnerability in OpenSSH running on FreeBSD OS was assigned a CVSS score of 7.4. Here's how to find affected...
Read More
runZero Research
Unusual Assets: The Riskiest Factor in Attack Surface Management
runZero’s research finds outlier assets, even if just slightly unusual, are often significantly riskier than others. The outlier score gives...
Read More
runZero Research
Active Asset Discovery in OT networks: runZero and the NREL/CECA Report
The Cohort 2 report describes how runZero safely discovers devices in a large, complex OT/ICS environment. Learn more about runZero's discovery...
Read More
runZero Research
AI in CAASM: The Risks of LLM Data in Security-Critical Workflows
Current generation AI tools provide appealing answers but struggle with a crucial challenge: knowing the truth, which poses great security risks.
Read More
Webcasts
Safeguarding OT/ICS Assets: Insights from the U.S. Department of Energy
Security experts from the National Renewable Energy Lab’s (NREL) Clean Energy Cybersecurity Accelerator™ (CECA) program join runZero to discuss...
Watch Now
runZero Research
SSHamble: Unexpected exposures in the Secure Shell
We conducted a deep dive into the SSH ecosystem and identified vulnerabilities across a wide range of implementations. During the research process,...
Read More
runZero Research
Attack Surface Challenges with OT/ICS and Cloud Environments
Learn why successfully navigating changes to operational technology and cloud attack surfaces is critical for successful asset security.
Read More
Webcasts
runZero Hour, Ep. 8: Kaspersky Ban, Energy Sector & regreSSHion
The latest insights (and opinions!) on the impending US ban of Kaspersky products, the FBI's warning for threats against the renewable energy...
Watch Now
Rapid Response
How to find MOVEit file transfer services on your network
Progress software disclosed two new vulnerabilities in their MOVEit Gateway product. Here's how to find affected services on your network.
Read More
Rapid Response
How to find Kaspersky products with runZero
The US government has banned the sale of Kaspersky products and services. Here's how to find Kaspersky products in your network.
Read More
Podcasts
Risky Biz Interview: Keeping Up With CISA's KEV List
Rob King talks about keeping up with the stream of vulnerabilities in the KEV list and OT devices and runZero’s research into the SSH protocol.
Read More
runZero Research
Evolving threat landscapes: a view through the lens of CAASM
See what our analysis of sample CAASM data reveals about the current threat landscape and how security teams are responding to challenges old and new.
Read More
Product Release
We remembered KEVin!
Accelerate CVE searches leveraging new integrations with the CISA and VulnCheck Known Exploited Vulnerabilities lists, as well as EPSS.
Read More
Rapid Response
How to find Westermo devices on your network
Westermo has disclosed several vulnerabilities regarding their Lynx Industrial Ethernet switches. Here's how to find them on your network.
Read More
Webcasts
Department of Energy Cyberforce Program: Operational Technology Threat Landscape
Rob King joins the Department of Energy Cyberforce Program to share his deep expertise on the operational technology (OT) threat landscape.
Read More
Rapid Response
How to find Microsoft Message Queuing (MSMQ) servers on your network
A new pre-auth use-after-free vulnerability in the Microsoft Message Queuing (MSMQ) service is rated critical. Find impacted systems now with runZero.
Read More
Webcasts
runZero Hour, Ep. 7: Fascinating Payloads & New Revelations in Threat Intelligence
Tune in for our monthly deep dive on the state of asset security. In Episode 7, we welcome a special guest, Brianna Cluck, from GreyNoise.
Watch Now
Webcasts
runZero Hour, Ep. 6: The Research Report Deep Dive
Join the runZero Research team as they discuss highlights of their new research and share insights derived from analysis of nearly four million...
Watch Now
Podcasts
Risky Biz Podcast, Episode 748: New cyber rules for US healthcare are coming
runZero's Director of Research, Rob King, joins to talk about the weird and wonderful delights in the new runZero Research Report.
Read More
Webcasts
runZero Hour, Ep. 5: XZ Utils Backdoor
On this episode, the runZero Research team dives into some hot topics including the XZ Utils Backdoor (CVE-2024-3094) and expert analysis of the...
Watch Now
Webcasts
Securing OT/ICS Environments: Lessons from the Field
Watch this lively discussion on the latest OT and ICS security challenges and how they are being addressed in the field by OT security experts.
Read More
Rapid Response
How to find Brocade Fabric OS
On April 4, 2024, Broadcom disclosed a vulnerability in their Fabric OS operating system used in their Brocade storage networking devices. Here's...
Read More
Rapid Response
How to find Progress Software Flowmon Packet Investigator
On April 2, 2024, Progress Software disclosed a vulnerability in Flowmon Packet Investigator. Here's how to find potentially vulnerable systems.
Read More
Rapid Response
How to find systems impacted by CVE-2024-3094 (XZ Utils backdoor)
Malicious code was pushed to the libxz-utils project that introduced a backdoor in SSH. Here's how to find potentially vulnerable systems.
Read More
Rapid Response
How to find Fortra FileCatalyst installations
Fortra has disclosed a vulnerability in their FileCatalyst Workflow product which allows for attackers to write files to arbitrary locations in the...
Read More
Webcasts
runZero Hour, Ep. 4: Network Lookalikes and Fingerprinting Challenges
The fourth episode of runZero Hour, featuring the latest insights, anecdotes, and observations from the runZero Research team.
Watch Now
Rapid Response
How to find Apple iOS and iPadOS devices
On March 5th, 2024, Apple disclosed several vulnerabilities in its iOS and iPadOS operating systems used on its phones and tablets.
Read More
Rapid Response
How to find VMware ESXi installations
On March 5th, 2024, VMware disclosed several vulnerabilities in its ESXi, Workstation, and Fusion products.
Read More
Rapid Response
How to find TeamCity instances
On March 3rd, 2024, JetBrains disclosed two serious vulnerabilities in the TeamCity On-Premises product.
Read More
Rapid Response
How to find Progress OpenEdge Authentication Gateway and AdminServer installations
On February 27, 2024, Progress Software disclosed an authentication bypass vulnerability in its OpenEdge Authentication Gateway and AdminServer...
Read More
Rapid Response
How to find ScreenConnect installations
On February 19, 2024, ConnectWise disclosed two serious vulnerabilities in their ScreenConnect (formerly Control) remote-access product.
Read More
Rapid Response
How to find Microsoft Exchange Servers on your network
On February 13, 2024, Microsoft disclosed a vulnerability in Microsoft Exchange that would allow attackers to authenticate to Microsoft Exchange...
Read More
Podcasts
Risky Biz Interview: Breaking apart OT protocols
runZero's Rob King on the how and why of reverse engineering for active discovery
Read More
Webcasts
runZero Hour, Ep. 3: Fingerprinting OT Protocols
Episode 3 of the runZero Hour webcast gave us a flavor of what it’s like to fingerprint OT protocols that aren’t as accessible if you aren’t part...
Watch Now
Rapid Response
How to find AnyDesk installations
On February 2, 2024, AnyDesk disclosed that they have been the victim of a cyber attack that has compromised production systems.
Read More
Rapid Response
How to find Fortra GoAnywhere MFT installs
On January 22nd, Fortra disclosed a serious vulnerability in its GoAnywhere Managed File Transfer (MFT) product.
Read More
Webcasts
runZero Hour, Ep. 2: Deep dive into Transport Layer Security (TLS)
Episode 2 of the runZero Hour webcast took a quick survey of new IoT devices that showed up on the network over the holidays at the end of 2023....
Watch Now
Rapid Response
How to find Juniper SRX and EX devices
On January 12th, 2024, Juniper Networks disclosed a serious vulnerability in Juniper SRX firewalls and EX switches.
Read More
Webcasts
runZero Hour, Ep. 1: Hunting Outliers to Strengthen Security Defense
This inaugural episode of runZero Hour features the latest insights, anecdotes, and observations from the runZero Research team.
Watch Now
Rapid Response
How to find NGINX Ingress Controllers
Today, three vulnerabilities in the NGINX Ingress Controller for Kubernetes were disclosed, as described in this article from The Hacker News....
Read More
Talks
BSidesLV 2023: Regular expressions are good, actually
A technical deep-dive into an ideal infosec regex implementation.
Read More
Rapid Response
How to find Ivanti EPMM (MobileIron Core)
On July 24th, Ivanti announced that their Endpoint Manager Mobile (EPMM, formerly MobileIron Core) product versions 11.10 and prior contain a...
Read More
Rapid Response
How to find Cisco Small Business switches
Cisco recently disclosed several highly critical vulnerabilities that affect some of their Ethernet switches designed for small businesses.
Read More
icon-bluesky
© Copyright 2024 runZero, Inc. All Rights Reserved