Research

June 14, 2022

One ping to find them: lean network discovery

Our engineering team focuses on getting the maximum amount of information from the network while sending as little traffic as possible. This lean approach to network discovery is driven by our goal of being fast and safe for all networks. The more we can learn about a system …

Read More

September 30, 2021

Fingerprinting Windows build numbers

Our goal at Rumble is to help customers identify everything on their networks, quickly, and without authentication. This process is driven by research, which often leads to dead ends, but sometimes we learn interesting things along the way. This post explores recent research …

Read More

August 19, 2021

BlackHat gems: HP iLO 5 vulnerabilities

Each year, August arrives with promises of hot weather and cool security research talks. The DEF CON, Black Hat, and BSidesLV security conferences bring people in from all over the world to share knowledge through conversations, villages, training, and talks. There are …

Read More

August 11, 2021

Fingerprinting Windows versions, AV, wireless cards over the network—all without authentication

Correctly identifying and categorizing network-connected systems without credentials is a tricky challenge and one of the fun parts of working at Rumble. This process of “fingerprinting” uses thousands of rules, pattern matches, and internal databases to take …

Read More

August 6, 2020

Recog development with runZero

Overview # Recog may be one of the most underrated open source security projects of all time. Recog started off in the early 2000s as the fingerprinting backend for Rapid7’s Nexpose (aka InsightVM) vulnerability scanner. It was released as open source in 2014 and …

Read More

June 30, 2020

Rumble for the Ripple20

The Ripple20 vulnerabilities identified by JSOF impact millions of devices running the Treck operating system, many of which have not and will not receive updates. Finding exposed devices can be tricky since many of the device types (battery backups, printers, etc) are often …

Read More

March 30, 2020

SMB2 Session Prediction & Consequences

Server Message Block Research # The Rumble scan engine received big updates this month for the HTTP, RDP, and SMB protocols. The SMB work was focused on improving protocol support for SMB1, SMB2, and SMB3, including better desktop/server detection, and reporting of available …

Read More

January 3, 2020

Security Surprises with SNMP v3

runZero SNMP scanning runZero supports SNMPv1, SNMPv2 (the SNMPv2c variant), and SNMPv3. Watch below to learn more about how runZero works, and discover what's on your network in minutes with a 21-day free trial. Updated on 2021-10-08: This issue was cited in an excellent …

Read More

November 12, 2019

Network Discovery Powered by Research

Refocusing on Research # Our mission is to empower our customers with amazing network visibility through applied research. With the v1.1.0 release behind us, we are excited to renew our focus on research. Last month, our founder and CEO HD Moore presented at Texas Cyber …

Read More

April 2, 2019

DNS Ping Scans via Open Resolvers

Our last post covered some of the ways that Rumble gathers information from DNS services.

While working on the tracer implementation, we identified a trick that other folks might find it useful. It turns out that most DNS resolvers do not filter the address ranges they will …

Read More