Rob King

Director of Security Research

42 Published Articles

About Rob King

Rob King is the Director of Security Research at runZero. Over his career Rob has served as a senior researcher with KoreLogic, the architect for TippingPoint DVLabs, and helped get several startups off the ground. Rob helped design SC Magazine's Data Leakage Prevention Product of the Year for 2010, and was awarded the 3Com Innovator of the Year Award in 2009. He has been invited to speak at BlackHat, Shmoocon, SANS Network Security, and USENIX.

If your life had a soundtrack, what is one of the songs that would be on it?

"Knees Deep" - The Beths

What's the most interesting place you've ever visited, and what made it special?

Lady Elliot Island (that's my picture on its Wikipedia page!). It's a tiny island just on the tip of the Great Barrier Reef. You can fly out there on a tiny plane from the Australian mainland, dive on the Reef and be awed by its beauty, and then sit and have a drink on the beach and feel the wonderful isolation.

If you could time travel and say three words to yourself when you were 18 years old, what would they be?

Buy dang condo

Latest Stories

runZero Research

Attack Surface Challenges with OT/ICS and Cloud Environments

Learn why successfully navigating changes to operational technology and cloud attack surfaces is critical for successful asset security.

Webcasts

runZero Hour: Episode 8

The latest insights (and opinions!) on the impending US ban of Kaspersky products, the FBI's warning for threats against the renewable energy...

Rapid Response

How to find Siemens devices on your network

Siemens has disclosed a vulnerability in their SIMATIC S7-200 SMART Devices. Here's how to find potentially affected devices on your network.

Rapid Response

How to find MOVEit file transfer services on your network

Progress software disclosed two new vulnerabilities in their MOVEit Gateway product. Here's how to find affected services on your network.

Rapid Response

How to find Kaspersky products with runZero

The US government has banned the sale of Kaspersky products and services. Here's how to find Kaspersky products in your network.

Podcasts

Risky Biz Interview: Keeping Up With CISA's KEV List

Rob King talks about keeping up with the stream of vulnerabilities in the KEV list and OT devices and runZero’s research into the SSH protocol.

runZero Research

Evolving threat landscapes: a view through the lens of CAASM

See what our analysis of sample CAASM data reveals about the current threat landscape and how security teams are responding to challenges old and new.

Product Release

We remembered KEVin!

Accelerate CVE searches leveraging new integrations with the CISA and VulnCheck Known Exploited Vulnerabilities lists, as well as EPSS.

Rapid Response

How to find Westermo devices on your network

Westermo has disclosed several vulnerabilities regarding their Lynx Industrial Ethernet switches. Here's how to find them on your network.

Webcasts

Department of Energy Cyberforce Program: Operational Technology Threat Landscape

Rob King joins the Department of Energy Cyberforce Program to share his deep expertise on the operational technology (OT) threat landscape.

Rapid Response

How to find Microsoft Message Queuing (MSMQ) servers on your network

A new pre-auth use-after-free vulnerability in the Microsoft Message Queuing (MSMQ) service is rated critical. Find impacted systems now with runZero.

Webcasts

runZero Hour: Episode 7

Tune in for our monthly deep dive on the state of asset security. In Episode 7, we welcome a special guest, Brianna Cluck, from GreyNoise.

Webcasts

runZero Hour: Episode 6

Join the runZero Research team as they discuss highlights of their new research and share insights derived from analysis of nearly four million...

Podcasts

Risky Biz Podcast, Episode 748: New cyber rules for US healthcare are coming

runZero's Director of Research, Rob King, joins to talk about the weird and wonderful delights in the new runZero Research Report.

Webcasts

runZero Hour: Episode 5

On this episode, the runZero Research team dives into some hot topics including the XZ Utils Backdoor (CVE-2024-3094) and expert analysis of the...

Webcasts

Securing OT/ICS Environments: Lessons from the Field

Watch this lively discussion on the latest OT and ICS security challenges and how they are being addressed in the field by OT security experts.

Rapid Response

How to find Brocade Fabric OS

On April 4, 2024, Broadcom disclosed a vulnerability in their Fabric OS operating system used in their Brocade storage networking devices. Here's...

Rapid Response

How to find Progress Software Flowmon Packet Investigator

On April 2, 2024, Progress Software disclosed a vulnerability in Flowmon Packet Investigator. Here's how to find potentially vulnerable systems.

Rapid Response

How to find potentially vulnerable Ivanti VPN Gateways

On April 2 2024, Ivanti disclosed vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure product. Here's how to find potentially...

Rapid Response

How to find systems impacted by CVE-2024-3094 (XZ Utils backdoor)

Malicious code was pushed to the libxz-utils project that introduced a backdoor in SSH. Here's how to find potentially vulnerable systems.

Rapid Response

How to find Cisco IOS & IOS-XE devices

Cisco Systems has disclosed 14 vulnerabilities in their devices which run Cisco IOS & IOS XE software. Here's how to find potentially vulnerable...

Rapid Response

How to find FortiOS, FortiProxy, and FortiClient devices

On March 12th, 2024, Fortinet disclosed several vulnerabilities in their FortiOS, FortiProxy, and FortiClient products.

Rapid Response

How to find Fortra FileCatalyst installations

Fortra has disclosed a vulnerability in their FileCatalyst Workflow product which allows for attackers to write files to arbitrary locations in the...

Webcasts

runZero Hour: Episode 4

The fourth episode of runZero Hour, featuring the latest insights, anecdotes, and observations from the runZero Research team.

Rapid Response

How to find Apple iOS and iPadOS devices

On March 5th, 2024, Apple disclosed several vulnerabilities in its iOS and iPadOS operating systems used on its phones and tablets.

Rapid Response

How to find VMware ESXi installations

On March 5th, 2024, VMware disclosed several vulnerabilities in its ESXi, Workstation, and Fusion products.

Rapid Response

How to find TeamCity instances

On March 3rd, 2024, JetBrains disclosed two serious vulnerabilities in the TeamCity On-Premises product.

Rapid Response

How to find Progress OpenEdge Authentication Gateway and AdminServer installations

On February 27, 2024, Progress Software disclosed an authentication bypass vulnerability in its OpenEdge Authentication Gateway and AdminServer...

Rapid Response

How to find ScreenConnect installations

On February 19, 2024, ConnectWise disclosed two serious vulnerabilities in their ScreenConnect (formerly Control) remote-access product.

Rapid Response

How to find Microsoft Exchange Servers on your network

On February 13, 2024, Microsoft disclosed a vulnerability in Microsoft Exchange that would allow attackers to authenticate to Microsoft Exchange...

Podcasts

Risky Biz Interview: Breaking apart OT protocols

runZero's Rob King on the how and why of reverse engineering for active discovery

Webcasts

runZero Hour: Episode 3

Episode 3 of the runZero Hour webcast gave us a flavor of what it’s like to fingerprint OT protocols that aren’t as accessible if you aren’t part...

Rapid Response

How to find AnyDesk installations

On February 2, 2024, AnyDesk disclosed that they have been the victim of a cyber attack that has compromised production systems.

Rapid Response

How to find Fortra GoAnywhere MFT installs

On January 22nd, Fortra disclosed a serious vulnerability in its GoAnywhere Managed File Transfer (MFT) product.

Webcasts

runZero Hour: Episode 2

Episode 2 of the runZero Hour webcast took a quick survey of new IoT devices that showed up on the network over the holidays at the end of 2023....

Rapid Response

How to find Juniper SRX and EX devices

On January 12th, 2024, Juniper Networks disclosed a serious vulnerability in Juniper SRX firewalls and EX switches.

Webcasts

runZero Hour: Episode 1

This inaugural episode of runZero Hour features the latest insights, anecdotes, and observations from the runZero Research team.

Rapid Response

How to find NGINX Ingress Controllers

Today, three vulnerabilities in the NGINX Ingress Controller for Kubernetes were disclosed, as described in this article from The Hacker News....

Talks

BSidesLV 2023: Regular expressions are good, actually

A technical deep-dive into an ideal infosec regex implementation.

Rapid Response

How to find Ivanti EPMM (MobileIron Core)

On July 24th, Ivanti announced that their Endpoint Manager Mobile (EPMM, formerly MobileIron Core) product versions 11.10 and prior contain a...

Rapid Response

How to find Zyxel Network Devices

Last month, Zyxel disclosed a remote command execution vulnerability affecting a handful of their product families. This vulnerability has been...

Rapid Response

How to find Cisco Small Business switches

Cisco recently disclosed several highly critical vulnerabilities that affect some of their Ethernet switches designed for small businesses.