Join Us At Hacker Summer Camp

See HD Moore at DEF CON!

We'll be at Summer Camp all week long, shaking things out at DEF CON 33.

lanyard-rope
lanyard-clip

DEF CON 33

Shaking Out Shells with SSHamble

August 9th — 5pm PDT

Presented by:
HD Moore

Secure Shell (SSH) is finally fun again! After a wild two years, including a near-miss backdoor, clever cryptographic failures, unauthenticated remote code execution in OpenSSH, and piles of state machine bugs and authentication bypass issues, the security of SSH implementations has never been more relevant. This session is an extension of our 2024 work (Unexpected Exposures in the Secure Shell) and includes new research as well as big updates to our open source research and assessment tool, SSHamble.

Add to Calendar

More Great Things From HD

Talks
DEF CON 32: SSHamble: Unexpected Exposures in SSH (Video)
This talk digs deep into SSH, the lesser-known implementations, many of the surprising security issues found along the way, and how to exploit them.
Podcasts
DEF CON 2023: The Art of Hacking
If you identify as a hacker or aspire to join the ranks of these digital pioneers, listen to the replay of this livestream from DEFCON 31: “The Art...
Webcasts
runZero Hour, Ep. 9: (SSHamble Edition)
Didn't make it to DEF CON 32? We got you! This episode of runZero Hour explores all things SSH, including our new open-source tool: SSHamble.

More Summer Camp Talks!

August 4
The Diana Initiative
We’re proud to sponsor The Diana Initiative and support their mission to drive diversity and inclusion in cybersecurity.

Join us at their annual conference, where runZero founder and CEO HD Moore will be speaking about the power of community building.

Stop by our table to connect with the runZero team, pick up some fun swag (including our signature blinky badge), and maybe even meet our mascot, Zeti!

We look forward to seeing you!
Learn More
August 4 — 11am PDT
Turbo Tactical Exploitation: 22 Tips for Tricky Targets
Join HD Moore as he delivers rapid-fire, practical tips to help you spot valuable targets faster, pivot smarter, and skip the noise. From recon to lateral movement (and everything in between), these techniques are built for speed and getting the most out of every packet, port, and pivot.

Whether you’re on a red team or just want to better understand your exposure, you’ll leave with new ways to spot weak links fast — and exploit them even faster.

Don’t miss this session!
Learn More
TBA
Vulnerability Haruspicy: Picking Out Risk Signals from Scoring System Entrails
Join Tod Beardsley VP of Security Research, as he digs into the strengths, weaknesses, and absurdities of CVSS, EPSS, and SSVC, comparing them to the reality of how security teams actually handle vulnerabilities.

Tod will explore where these models help, where they mislead, and whether any of them are meaningfully better than rolling a D20 saving throw vs exploitation.

Expect debate, disagreements, and plenty of astrology jokes!
Learn More
TBD
There and Back Again: Detecting OT Devices Across Protocol Gateways

Join Rob King, Director of Security Research, as he explores the security implications of IT/OT convergence, with deep dives into OT protocols and device discovery — even behind legacy protocol gateways.

If your organization uses operational technology, you won’t want to miss this session.

Book some 1:1 time

Meet with us during Summer Camp