The rundown on becoming runZero: What I learned rebranding a company - Part 3

(updated ), by Chris Kirsch

This is part three of our rebrand journey. Be sure to check out part one, part two, and part four.

Executive decision made - and revoked #

At this point, we were running out of time. Over the weekend, I talked with my co-founder about who really needs to sign off on the decision. We decided we had enough data points and specific scores for domain candidates from the team, were running out of time, and needed to make a decision. Sticking with the theme of light, we bought and all similar domains with common TLDs. The price of the primary domain had gone up from about $4,000 that morning to about $6,000 by the time we bought it because my co-founder and I both visited the domain a couple of times. We informed the team and wanted to move into execution mode as soon as Monday.

Monday morning, I saw a “Quick Sync” meeting on my calendar at 8:30am. Our VP of Sales, Jay, had slept on our decision and thought that the name was too gimmicky and childish. He couldn’t see himself representing a company called NeonRay to a big government agency or Fortune 500 company. Jess, who runs branding, shared Jay’s opinion. If I needed two people to support the new brand apart from my co-founder, it was these two. Lesson learned about executive decisions and time for another naming round.

Learning #5: Determine the critical decision-makers early and ensure alignment on all possibilities. Check back in before the final decision to ensure they support it.

Reviving other avenues #

At this point, I received good news from ACME Corporation: they had gotten approval from the marketing department to sell LightOptionB, plus a dozen of adjacent domains with different TLDs. All they needed to proceed was a number to put this in front of the pipeline committee, which approved M&A activities.

That meant I had to come up with a price that was acceptable to us, would incentivize them to move, and base the prices on hard data.

How to price a domain #

Determining the right price for a domain can be seen through the eyes of the seller and the buyer. It’s hard to put a number to it, but ultimately you have to do it and defend it if you want to make a deal happen. The closest analogy I found was the housing market: look at features of the house, location, and comps.

Here are some things that increase the value of a domain:

  • Dot com domains
  • Short names
  • Common English words
  • Things that you can buy (e.g. vs.

These attributes lower the value of a domain:

  • Misspellings (think
  • Word combinations
  • Negative connotations
  • Alternative spellings (grey vs. gray)
  • Newer TLDs, e.g. dot run

To price out (an alias to protect the identity of the owner of the website), I used the website, which lists past public sales of domains on public sites like BuyDomains, GoDaddy, and DropCatch. The domain was a combination of a common and a less common English word. I entered each separate word into, filtered by .com only and looked at two-word combinations for these words.

Because I wanted to incentivize the seller to move, I picked the top end of the range for each, doubled it, and made that my offer. I did this for all of the dozen similar domains that ACME Corporation was willing to sell, giving them a package price for the domain. The offer was at a reasonable level where it was still their time but still low in comparison to their multi-million dollar company acquisitions. I provided all comp data to support my offer, which they accepted without questions as our first offer.

The unfortunate events resurface #

The clock was ticking, and we were far enough down the road with ACME Corporation that we felt comfortable starting to plan execution of the naming change. We broadened the inner circle to the entire marketing team and conducted a three-day offsite where we talked through visual branding, brand language, and logistics of executing on the change. Everyone was excited about this new name, and we made huge progress.

At the end of the final planning day, I received an email from ACME Corporation with an update. The security team had blocked the deal. They weren’t comfortable with another company controlling the domain because it would enable the new owner to reset any passwords with third-party services ever set up with a email address, as well as other more advanced attack scenarios. The deal was dead.

Brute forcing the problem #

At this point, my co-founder HD Moore took a different approach. Availability of the dot com domains was the gating factor, so we should test for this as early as possible in the process and at scale.

He downloaded the DNS zone transfer files for dot com, dot biz and dot net. Next, he wrote a script that combined all starting words we had come up with in the initial brainstorming round, plus variations and associations, a list of common English words with positive connotations, plus a list of possible suffixes (think go- and -ly), and generated potential domains that we may want to register. The script tested all names offline against the list of known registered domains and created output files of all unregistered dot com domains that were available for $12 a piece.

Going through the list of tens of thousands of auto-generated domains was a chore. We listed the viable choices and scored them against the SMILE and SCRATCH tests. The team members then scored each top contestant individually as we had done in previous rounds (more often than not we were not on the same page).

When we found an auto-generated name that was almost right but not quite, we checked if a slightly better name was available as a buy now domain and added it to the sheet, scoring it in the same way.

The automated search also surfaced some interesting facts. There were significantly fewer domains available containing words associated with the theme “light”, only surpassed by the theme “network”.

Follow the story #

Part four was published on Friday, September 16, so be sure to follow the story. Also, don’t forget to subscribe for regular blog notifications.

Want to join our team?

Explore our open positions and find the perfect fit for you. Discover why runZero is the best place to build your career.

View open roles
Join our team
Chris Kirsch
Written by Chris Kirsch

Chris Kirsch is the CEO and co-founder of runZero. Chris started his career at an InfoSec startup in Germany and has since worked for PGP, nCipher, Rapid7, and Veracode. He has a passion for OSINT and Social Engineering. In 2017, he earned the Black Badge for winning the Social Engineering Capture the Flag competition at DEF CON, the world’s largest hacker conference.

Similar Content

February 15, 2023

Get to full asset inventory by combining active scanning with API integrations - Part 4

A dual approach is the best way to make sure you meet the requirements outlined by CISA BOD 23-01. Learn why you need more than just API integrations, agent installs, or passive monitoring for compliance.

February 8, 2023

Why an integrations-only approach isn't enough for full asset inventory - Part 3

Your CAASM may not be enough to help you meet the requirements outlined by CISA BOD 23-01. Learn why you need more than just API integrations for compliance.

January 30, 2023

Speed up pentesting with runZero

runZero may not be the first tool you think of when you talk about penetration testing but we have several ways of helping with reconnaissance. Learn more about the ways runZero can help with your next engagement.