Fresh from Hacker Summer Camp in Las Vegas, our latest episode of runZero Hour brought together stories from the stage, new research tools, and some hard truths about vulnerability management. If you missed it live, here’s a look at what we covered and why it matters.
The hidden entry points that matter most #
The team had a strong showing this year, with (eight!!) talks across BSides, Black Hat, and DEF CON. HD Moore opened the episode by sharing highlights from his Turbo Tactical Exploitation talk, which boiled down years of pentesting experience into rapid-fire techniques. He reminded us that attackers don’t always storm the front gates. Instead, they target the systems that control access (like network management consoles, administrator workstations, or even forgotten printers) because those often open faster and wider doors into an environment than direct attacks on hardened endpoints.
It was a reminder that the weakest link isn’t always the most obvious one, and that defenders need to think more broadly about what “critical systems” really are.
Digging deeper with Akheron Proxy #
Making his runZero Hour debut, Matthew Kienow introduced Akheron Proxy, a tool (developed with Deral Heiland) for bridging, capturing, replaying, and manipulating UART inter-chip communications.
In practice, this kind of tool lets you find flaws in devices that seem locked down from the outside. Matthew demonstrated how something as ordinary as a garage door sensor can be reverse engineered at the hardware level, revealing hidden weaknesses in its communication patterns. It’s not a tool for the faint of heart. It requires soldering irons, wires, and patience..But it opens up a new dimension of analysis for embedded devices.
Detecting hidden OT assets #
Rob King presented highlights from his DEF CON talk, which shares tips on how to detect OT devices across protocol gateways. Rob walked through recursive enumeration techniques that let researchers uncover the full landscape of OT assets, not just the obvious endpoints. The takeaway was simple but important: in converged IT/OT environments, you can’t secure what you don’t know exists.
Making sense of vulnerability scores #
Tod Beardsley revisited his Black Hat talk and report, Divining Risk: Deciphering Signals from Vulnerability Scores. He compared CVSS, EPSS, and SSVC, the three different systems for measuring vulnerability risk.
Like haruspices, today’s defenders are trying to interpret patterns in imperfect data. Each scoring system offers a different lens, but no single one should dictate security priorities. To help make sense of fast-changing exploit predictions, Tod presented EPSS Pulse, a new tool from runZero for tracking daily shifts in EPSS scores and identifying vulnerabilities gaining traction with attackers.
Rapid response rundown #
We closed with a look at the latest rapid response updates, vulnerabilities that defenders should act on quickly. As always, runZero customers can find ready-to-run queries in the console to help identify impacted systems.
Watch the episode #
You can catch the full episode on demand below – be sure to register to join us next month!
