research

June 14, 2022

One ping to find them: lean network discovery

Our engineering team focuses on getting the maximum amount of information from the network while sending as little traffic as possible. This lean approach to network discovery is driven by our goal of being fast and safe for all networks. The more we can learn about a system …

Read More

September 30, 2021

Fingerprinting Windows build numbers

Rumble Network Discovery is now runZero! Our goal at Rumble is to help customers identify everything on their networks, quickly, and without authentication. This process is driven by research, which often leads to dead ends, but sometimes we learn interesting things along …

Read More

August 19, 2021

BlackHat gems: HP iLO 5 vulnerabilities

Rumble Network Discovery is now runZero! Each year, August arrives with promises of hot weather and cool security research talks. The DEF CON, Black Hat, and BSidesLV security conferences bring people in from all over the world to share knowledge through conversations, …

Read More

August 11, 2021

Fingerprinting Windows versions, AV, wireless cards over the network—all without authentication

Rumble Network Discovery is now runZero! Correctly identifying and categorizing network-connected systems without credentials is a tricky challenge and one of the fun parts of working at Rumble. This process of “fingerprinting” uses thousands of rules, pattern …

Read More

August 6, 2020

Recog Development with Rumble

Rumble Network Discovery is now runZero! Overview Recog may be one of the most underrated open source security projects of all time. Recog started off in the early 2000s as the fingerprinting backend for Rapid7’s Nexpose (aka InsightVM) vulnerability scanner. It was …

Read More

June 30, 2020

Rumble for the Ripple20

Rumble Network Discovery is now runZero! The Ripple20 vulnerabilities identified by JSOF impact millions of devices running the Treck operating system, many of which have not and will not receive updates. Finding exposed devices can be tricky since many of the device types …

Read More

March 30, 2020

SMB2 Session Prediction & Consequences

Rumble Network Discovery is now runZero! Server Message Block Research The Rumble scan engine received big updates this month for the HTTP, RDP, and SMB protocols. The SMB work was focused on improving protocol support for SMB1, SMB2, and SMB3, including better …

Read More

January 3, 2020

Security Surprises with SNMP v3

Rumble Network Discovery is now runZero! Update (2021-10-08): This issue was cited in an excellent paper on SNMP v3 discovery by Taha Albakour, Oliver Gasser, Robert Beverly, and Georgios Smaragdakis. If you are interested in this type of research, please check out our …

Read More

November 12, 2019

Network Discovery Powered by Research

Rumble Network Discovery is now runZero! Refocusing on Research Our mission is to empower our customers with amazing network visibility through applied research. With the v1.1.0 release behind us, we are excited to renew our focus on research. Last month, our founder and CEO …

Read More

April 2, 2019

DNS Ping Scans via Open Resolvers

Our last post covered some of the ways that Rumble gathers information from DNS services. While working on the tracer implementation, we identified a trick that other folks might find it useful. It turns out that most DNS resolvers do not filter the address ranges they will …

Read More