Join Us At Hacker Summer Camp

Self-Funded Security: Bootstrapping Your Way to Success in Cyber

August 5 @ 3pm PDT (Mandalay Bay GH, Level 2)
lanyard-rope
lanyard-clip

Presented by:

HD Moore

Founder and CEO

In an era where venture funding dominates cybersecurity startup narratives, this panel explores the strategic advantages of building security companies through customer revenue first. 

The discussion will highlight how bootstrapping enables cybersecurity founders to develop battle-tested solutions with direct customer feedback, establish stronger product-market fit, and build operational resilience that becomes increasingly valuable in uncertain economic conditions.

Panelists will share practical strategies unique to the security industry, including how to leverage open-source contributions and security community relationships to gain traction without significant capital investment.


More Great Things From HD

Talks
DEF CON 32: SSHamble: Unexpected Exposures in SSH (Video)
This talk digs deep into SSH, the lesser-known implementations, many of the surprising security issues found along the way, and how to exploit them.
Podcasts
DEF CON 2023: The Art of Hacking
If you identify as a hacker or aspire to join the ranks of these digital pioneers, listen to the replay of this livestream from DEFCON 31: “The Art...
Webcasts
runZero Hour, Ep. 9: (SSHamble Edition)
Didn't make it to DEF CON 32? We got you! This episode of runZero Hour explores all things SSH, including our new open-source tool: SSHamble.
runZero Research
Out-of-Band, Part 1: The new generation of IP KVMs and how to find them
We begin the series exploring security risks of OoB management devices like BMCs, serial console servers, and IP-enabled KVMs, and share how to...

More Summer Camp Talks!

BSides • August 4 @ 11am PDT
Turbo Tactical Exploitation: 22 Tips for Tricky Targets
Take a whirlwind tour through 22 practical exploitation tips fast than you can say SYN/ACK-ACK.

From recon to lateral movement (and everything in between), these techniques are built for speed and getting the most out of every packet, port, and pivot.

Whether you’re on a red team or just want to better understand your exposure, you’ll leave with new ways to spot weak links fast — and exploit them even faster.
Learn More
Diana Initiative • August 4 @ 3pm PDT
Forging Strong Cyber Communities in Uncertain Times
HD Moore and Nicole Schwartz explore what it takes to create and foster robust cybersecurity communities and why we should all get involved in these important initiatives — now more than ever. HD will share insights from developing the open-source Metasploit Project, drawing parallels with the enduring principles of in-person community building that Nicole and her fellow board members rely upon to grow and sustain The Diana Initiative.

Learn strategies for initiating and scaling these networks, discover ways to contribute regardless of skillset, and see why participation is crucial to building collective resilience against evolving cyber threats.
Learn More
BSides • August 5 @ 1pm PDT
What Should CVE Be When It Grows Up?
The CVE Program is a pillar of the cybersecurity ecosystem.

Over the past 18 months, the CVE Program and U.S. National Vulnerability Database have faced funding challenges, while the EU has launched its own vulnerability database. In June, Congress called for a formal audit of the program.

This panel at BSides, featuring runZero's own Tod Beardsley, will discuss the future of the CVE Program, how it should effectively communicate its value to policymakers, and how to preserve its role without fracturing the broader vulnerability disclosure ecosystem.
Learn More
Black Hat Arsenal • August 6 @ 11am PDT
Akheron Proxy - Interchip communication serial proxy
Matthew Kienow and Deral Heiland will be at Black Hat Arsenal Station 9 diving into Akheron Proxy, a serial communication proxy application tool designed to connect and proxy serial communication between microprocessors on a hardware circuit board.

See how to capture, decode, replay, and fuzz serial communications flowing between microprocessors on an embedded device circuit board in real time.
Learn More
Black Hat • August 7 @ 2:30pm PDT
Vulnerability Haruspicy: Picking Out Risk Signals from Scoring System Entrails
Join Tod Beardsley, runZero VP of Security Research, as he digs into the strengths, weaknesses, and absurdities of CVSS, EPSS, and SSVC, comparing them to the reality of how security teams actually handle vulnerabilities.

Tod will explore where these models help, where they mislead, and whether any of them are meaningfully better than rolling a D20 saving throw vs exploitation. Plus, we'll be unveiling a new tool to help you stay on top of the dynamic and sometimes surprising nature of these scoring systems!
Learn More
DEF CON ICS Village • August 9 @ 11am PDT
There and Back Again: Detecting OT Devices Across Protocol Gateways
Join Rob King, Director of Applied Research, for a discussion on legacy protocols that are still widely used in the OT world and how devices that speak them are often hidden behind protocol gateways.

Rob will also share creative methodologies for discovering devices on the other side of these gateways safely and effectively. Come jump down the OT rabbit hole with us!
Learn More
DEF CON Main Stage • August 9 @ 3pm PDT
Shaking Out Shells with SSHamble
Secure Shell (SSH) is finally fun again! After a wild two years, including a near-miss backdoor, clever cryptographic failures, unauthenticated remote code execution in OpenSSH, and piles of state machine bugs and authentication bypass issues, the security of SSH implementations has never been more relevant.

This session is an extension of our 2024 work (Unexpected Exposures in the Secure Shell) and includes new research as well as significant updates to our open source research and assessment tool, SSHamble.
Learn More

Book some 1:1 time

Meet with us during Summer Camp