Tom Sellers


Principal Research Engineer

28 Published Articles

About Tom Sellers

Tom Sellers is a Principal Research Engineer at runZero. In his 25 years in IT and Security he has built, broken, and defended networks for companies in the finance, service provider, and security software industries. He has built and operated Internet scale scanning and honeypot projects. He is credited on many patents for network deception techonology. A strong believer in Open Source he has contributed to projects such as Nmap, Metasploit, and Recog.

Latest Stories

Rapid Response
How to find Siemens devices on your network
Siemens disclosed ten vulnerabilities in a variety of products, including their RUGGEDCOM, SENTRON, and others. Here's how to find impacted devices.
Webcasts
runZero Hour, Ep. 13: Anniversary episode reflecting on 2024 through the lens of IT-OT/IoT convergence
In this special anniversary episode we gathered an all-star panel of cybersecurity experts to look back on 2024 through the lens of IT-OT/IoT...
Webcasts
runZero Hour, Ep. 12: A deep-dive into OT devices, protocols, and vulnerabilities
In this month’s episode of runZero Hour, we take a deep dive into new research insights on OT devices, protocols, and vulnerabilities.
Rapid Response
How to find Rockwell Automation devices
Rockwell Automation has disclosed multiple vulnerabilities in their ControlLogix, GuardLogix, CompactLogix, and Compact GuardLogix products.
Webcasts
runZero Hour, Ep. 10: RDP security, ATG & PC-WORX OT protocols
We dug into the details of three different protocols, and explored how our exceptionally creative customers help drive innovation in our platform.
runZero Research
RDP security: The impact of secure defaults and legacy protocols
Explore the evolution of the Remote Desktop Protocol to become secure by default and learn how to audit your environment for risky RDP configurations.
runZero Research
Proven fingerprinting techniques for effective CAASM
Precise asset identification is critical for effective cyber asset attack surface management. See how runZero’s techniques are unmatched.
runZero Research
How to detect SSH key reuse
Unmanaged SSH keys leaves networks vulnerable to cyber attacks. Learn how Zero helps with auditing SSH keys to reduce unnecessary exposures on your...
Rapid Response
How to find Versa Director installations with runZero
How to find Versa Director (targeted by Volt Typhoon) installations using runZero
runZero Research
End-of-life assets: managing risks in outdated technology
Outdated assets create a more accessible entry point for attackers to exploit your attack surface. Learn how the runZero Platform effectively...
runZero Research
Cyber asset management in the era of segmentation decay
Network segmentation faces limitations with modern equipment. See how a CAASM approach can improve asset discovery and threat protection.
Rapid Response
How to find OpenSSH systems on your network
On August 7, 2024, a high-severity vulnerability in OpenSSH running on FreeBSD OS was assigned a CVSS score of 7.4. Here's how to find affected...
runZero Research
Unusual Assets: The Riskiest Factor in Attack Surface Management
runZero’s research finds outlier assets, even if just slightly unusual, are often significantly riskier than others. The outlier score gives...
runZero Research
AI in CAASM: The Risks of LLM Data in Security-Critical Workflows
Current generation AI tools provide appealing answers but struggle with a crucial challenge: knowing the truth, which poses great security risks.
Webcasts
runZero Hour, Ep. 8: Kaspersky Ban, Energy Sector & regreSSHion
The latest insights (and opinions!) on the impending US ban of Kaspersky products, the FBI's warning for threats against the renewable energy...
Rapid Response
How to find MOVEit file transfer services on your network
Progress software disclosed two new vulnerabilities in their MOVEit Gateway product. Here's how to find affected services on your network.
Rapid Response
How to find PKIX-SSH services on your network
A fork of OpenSSH called PKIX-SSH was impacted by the recently discovered regreSSHion vulnerability. Here's how to find impacted services on your...
Rapid Response
How to find Westermo devices on your network
Westermo has disclosed several vulnerabilities regarding their Lynx Industrial Ethernet switches. Here's how to find them on your network.
Webcasts
runZero Hour, Ep. 7: Fascinating Payloads & New Revelations in Threat Intelligence
Tune in for our monthly deep dive on the state of asset security. In Episode 7, we welcome a special guest, Brianna Cluck, from GreyNoise.
Rapid Response
How to find Citrix NetScaler ADCs and Gateways
A new vulnerability was disclosed in NetScaler ADC and Gateway products for version 13.1-50.23.
Rapid Response
How to find Check Point devices
Check Point disclosed a serious vulnerability in Check Point Security Gateway devices with certain remote access software blades enabled. See how...
Webcasts
runZero Hour, Ep. 5: XZ Utils Backdoor
On this episode, the runZero Research team dives into some hot topics including the XZ Utils Backdoor (CVE-2024-3094) and expert analysis of the...
Rapid Response
How to find outdated lighttpd services
Outdated versions of the open source lighttpd web server are vulnerable to a handful of security vulnerabilities
Rapid Response
How to find systems impacted by CVE-2024-3094 (XZ Utils backdoor)
Malicious code was pushed to the libxz-utils project that introduced a backdoor in SSH. Here's how to find potentially vulnerable systems.
Webcasts
runZero Hour, Ep. 4: Network Lookalikes and Fingerprinting Challenges
The fourth episode of runZero Hour, featuring the latest insights, anecdotes, and observations from the runZero Research team.
Webcasts
runZero Hour, Ep. 3: Fingerprinting OT Protocols
Episode 3 of the runZero Hour webcast gave us a flavor of what it’s like to fingerprint OT protocols that aren’t as accessible if you aren’t part...
Webcasts
runZero Hour, Ep. 2: Deep dive into Transport Layer Security (TLS)
Episode 2 of the runZero Hour webcast took a quick survey of new IoT devices that showed up on the network over the holidays at the end of 2023....
Webcasts
runZero Hour, Ep. 1: Hunting Outliers to Strengthen Security Defense
This inaugural episode of runZero Hour features the latest insights, anecdotes, and observations from the runZero Research team.
© Copyright 2024 runZero, Inc. All Rights Reserved