runZero Research

🚀 runZero 4.9 is here: Map the unmappable. Secure every path. More

Start Free Book Demo

Platform
- Exposure Management Platform
  Complete security visibility across IT, OT, IoT, cloud, mobile, and remote assets.
  
  Total Attack Surface Visibility
  
  Full-Spectrum Exposure Detection
  
  Risk Prioritization & Insights
  
  Compliance, Reporting, & KPIs
  
  Fast Deployment & Scalability
- Asset Fingerprinting & Contextualization
  runZero employs a multi-faceted approach to perform high-fidelity fingerprinting for IT, OT, and IoT assets – no agents or credentials required.
- Integrations
  runZero seamlessly integrates with a wide variety of tools, enhancing network visibility, enriching asset data, and uncovering control gaps.
- Community Edition
  Our completely free version of the runZero Platform is ideal for home use and environments with fewer than 100 assets.
Advanced toplogy, attack path mapping & deep OT intelligence!

With our latest release you can see exactly how an attacker could move through your network, allowing you to harden critical choke points and remediate exposures before they are exploited. Plus we expanded our OT telemetry to provide deep insights into the role and risk profile of every device.

Learn More
Solutions
- Solutions
  Gain visibility, control the unknowns, and ensure compliance with confidence.
  
  Incident Response
  
  Unmanaged & Unknowns
  
  Vulnerability Management
  
  Mergers & Acquisitions
  
  Compliance & Insurance
- Regulatory Compliance
  Ensure compliance and stay resilient against evolving cyber threats.
  
  CSRB
  
  DORA
  
  NIST CSF & 800-171
  
  NIS2
  
  NYDFS
  
  PCI DSS
Join HD Moore on June 25 for a conversation on securing the modern IT/OT attack surface.

runZero Founder & CEO HD Moore and GigaOm Analyst Chris Ray will explore new methods for hardening OT defenses & share key insights from the just-released OT Radar.

Register Now
Resources
- Resource Center
  Dive into a treasure trove of resources to expand your exposure management knowledge.
  
  Reports
  
  Webcasts
  
  Solution Briefs
- runZero Research
  Explore the world of exposure management through the runZero lens.
  
  Research Blogs
  
  Rapid Responses
  
  runZero Hour
- runZero Blog
  See what's happening at runZero and read up on the latest ideas, opinions, and articles from our experts and researchers.
- Support Resources
  Everything you need to maximize your experience with the runZero Platform.
  
  Documentation
  
  REST API
  
  Open Source
Watch the runZero Day replay!

The inaugural runZero Day livestream was one for the books! From the inner workings of the CVE program and modern cyber journalism to the realities of OT security and the startup investment ecosystem, our wonderful guests helped us cover the trends that are defining our industry.

Watch the Replay
Customers
- Our Customers
  Our customers are everything. We're super proud to be trusted by leading organizations around the globe to help them improve their security.
- Case Studies
  See how runZero has empowered security teams to take control of their networks, uncover their unknowns, and save significant time and money.
  
  North Carolina K-12
  
  Topcon
  
  Capgemini
  
  Presidio
  
  York University
- Testimonials
  Read reviews of the runZero Platform and see how teams have improved their security with our technology.
Case Study: How runZero established North Carolina’s K–12 exposure management program

Learn how runZero became the foundation for exposure management across 343 North Carolina Public School Units.

Read the Case Study
Partners
- Infinity Partner Program
  See how we can work together to provide best-in-class security solutions and outcomes for our joint customers.
- Partner Directory
  Explore our directory of trusted (and awesome) partners.
- Partner Sign In
  Sign in to our Infinity Partner Portal.
Join our Infinity Partner Program

Designed with a partner-first mindset, the runZero Infinity Partner Program offers incredibly valuable resources, relationships, and rewards to partners who choose to grow their business with us.

Become a runZero Partner
About
- About Us
  Wondering who the heck are these people? Meet the team and get the story behind runZero... once upon a time called Rumble.
- Events
  Track down runZero Yetis in the wild! Join us in-person or virtually at one of our upcoming events.
- Investors
  Meet the cybersecurity investors, trailblazers, and innovators who help us navigate our journey and the evolving security landscape.
- Newsroom
  Read the latest articles, announcements, and press releases from runZero.
- Careers
  Want to join our forces? We're looking for bright minds and passionate souls who want to write the next chapter in exposure management.
Meet runZero at Infosecurity Europe 2026!

Join us June 2-4 in London for Infosec! If you plan to be there, we’d love you to meet with our executive team and technical experts. We're ready to explore security challenges, provide customized product demos, chat about our product roadmap, hear about your experience with runZero, and more!

Book a Meeting
Pricing
Support
Contact Us
Sign In

🚀 runZero 4.9 is here: Map the unmappable. Secure every path. More

Exposure Management Platform
Complete security visibility across IT, OT, IoT, cloud, mobile, and remote assets.
Asset Fingerprinting & Contextualization
runZero employs a multi-faceted approach to perform high-fidelity fingerprinting for IT, OT, and IoT assets – no agents or credentials required.
Integrations
runZero seamlessly integrates with a wide variety of tools, enhancing network visibility, enriching asset data, and uncovering control gaps.
Community Edition
Our completely free version of the runZero Platform is ideal for home use and environments with fewer than 100 assets.

Advanced toplogy, attack path mapping & deep OT intelligence!

With our latest release you can see exactly how an attacker could move through your network, allowing you to harden critical choke points and remediate exposures before they are exploited. Plus we expanded our OT telemetry to provide deep insights into the role and risk profile of every device.

Learn More

Solutions
Gain visibility, control the unknowns, and ensure compliance with confidence.
Regulatory Compliance
Ensure compliance and stay resilient against evolving cyber threats.
- CSRB
- DORA
- NIST CSF & 800-171
- NIS2
- NYDFS
- PCI DSS

Join HD Moore on June 25 for a conversation on securing the modern IT/OT attack surface.

runZero Founder & CEO HD Moore and GigaOm Analyst Chris Ray will explore new methods for hardening OT defenses & share key insights from the just-released OT Radar.

Register Now

Resource Center
Dive into a treasure trove of resources to expand your exposure management knowledge.
runZero Research
Explore the world of exposure management through the runZero lens.
runZero Blog
See what's happening at runZero and read up on the latest ideas, opinions, and articles from our experts and researchers.
Support Resources
Everything you need to maximize your experience with the runZero Platform.

Watch the runZero Day replay!

The inaugural runZero Day livestream was one for the books! From the inner workings of the CVE program and modern cyber journalism to the realities of OT security and the startup investment ecosystem, our wonderful guests helped us cover the trends that are defining our industry.

Watch the Replay

Our Customers
Our customers are everything. We're super proud to be trusted by leading organizations around the globe to help them improve their security.
Case Studies
See how runZero has empowered security teams to take control of their networks, uncover their unknowns, and save significant time and money.
Testimonials
Read reviews of the runZero Platform and see how teams have improved their security with our technology.

Case Study: How runZero established North Carolina’s K–12 exposure management program

Learn how runZero became the foundation for exposure management across 343 North Carolina Public School Units.

Read the Case Study

About Us
Wondering who the heck are these people? Meet the team and get the story behind runZero... once upon a time called Rumble.
Events
Track down runZero Yetis in the wild! Join us in-person or virtually at one of our upcoming events.
Investors
Meet the cybersecurity investors, trailblazers, and innovators who help us navigate our journey and the evolving security landscape.
Newsroom
Read the latest articles, announcements, and press releases from runZero.
Careers
Want to join our forces? We're looking for bright minds and passionate souls who want to write the next chapter in exposure management.

Meet runZero at Infosecurity Europe 2026!

Join us June 2-4 in London for Infosec! If you plan to be there, we’d love you to meet with our executive team and technical experts. We're ready to explore security challenges, provide customized product demos, chat about our product roadmap, hear about your experience with runZero, and more!

Book a Meeting

Infinity Partner Program
See how we can work together to provide best-in-class security solutions and outcomes for our joint customers.
Partner Directory
Explore our directory of trusted (and awesome) partners.
Partner Sign In
Sign in to our Infinity Partner Portal.

Join our Infinity Partner Program

Designed with a partner-first mindset, the runZero Infinity Partner Program offers incredibly valuable resources, relationships, and rewards to partners who choose to grow their business with us.

Become a runZero Partner

Exposure management needs a reboot. Great research is the key to innovating new solutions.

Securing your total attack surface has never been more challenging. We believe that applied research is fundamental to building better security solutions to address both new problems and the persistent ones that dog security teams. By sharing our research, tools, and knowledge with our community, we can help each other proactively improve our defenses and raise the bar on attackers.

KEVology: an analysis of exploits, scores, & timelines on the CISA KEV

CISA’s Known Exploited Vulnerabilities (KEV) catalog is one of the most influential and misunderstood signals in vuln management.

This new report by former CISA KEV Section Chief Tod Beardsley, breaks down how KEV entries behave and reveals what you should prioritize for real-world risk management.

Read the Report

Missed our livestream? Watch the runZero Day replay!

The inaugural runZero Day livestream was one for the books!

From the inner workings of the CVE program and modern cyber journalism to the realities of OT security and the startup investment ecosystem, our wonderful guests helped us cover the trends that define our industry.

Hardening attack surfaces against AI-powered exploits

The window between vulnerability discovery and weaponization has collapsed into mere hours.

Learn to find rogue IoT, multi-homed devices, and hidden attack paths. HD Moore shares a blueprint for total attack surface management in the age of AI.

Live Webcast

Join us for the next exciting episode of runZero Hour!

Every month, our research team does a deep dive into the ones and zeros behind all things exposure, from new threats and risky devices to the most secretive, silent, and unheard of vulnerabilities hiding in IT, OT, IoT, remote, cloud, and mobile environments – see you there!

Register for the Series Watch the Latest Episode

Tools built by the Research team

Practical tools to help you find, visualize, and prioritize the exposures that put your network at risk.

Developed and hosted by runZero, KEV Collider is a daily-updated web app built on open-source data, layering the CISA KEV catalog with the metadata and context required to prioritize real-world risk over hypothetical exploits.

Launch KEV Collider

runZeroHound is an open-source toolkit that converts runZero asset inventories (JSONL format) into BloodHound OpenGraph import files, enabling Cypher-based analysis of real network attack paths.

EPSS Pulse monitors daily score changes so you can zero in on the vulnerabilities that truly matter. Get the context you need to confidently prioritize what poses the greatest risk to your environment.

SSHamble v3: Exploit SSH protocol vulnerabilities

SSHamble uncovers a range of weaknesses in SSH applications that affect critical network security devices and software.

Research Reports

In-depth analysis and data-driven insights to help you prioritize risk and strengthen your exposure management program.

Undead by Design

End-of-life (EOL) operating systems remain an underestimated risk for enterprise networks.

This report uncovers EOL operating systems still shambling through U.S. enterprises and millions of assets, revealing the risks that haunt our networks.

Read the Report

Divining Risk: Deciphering Signals From Vulnerability Scores

Vulnerability scores promise clarity, but too often just add to the noise.

We analyzed signals from over 270,000 CVEs to reveal what CVSS, EPSS, and SSVC actually tell us — and what they don’t.

Read the Report

Research Report: Volume 1

Uncovering Alarming Gaps & Unexpected Exposures

The runZero research team analyzed millions of assets across hundreds of enterprise networks, including internal infrastructure, internet-facing assets, and cloud environments. We found alarming gaps, unexpected trends, and much more.

Read the Report

Latest Research Blogs

Dive into the latest findings, insights, and observations on attack surfaces from our research team.

Product

Announcing runZero 4.9: Unmask attack paths and segmentation gaps with advanced topology and deep OT device intelligence

With runZero 4.9, visualize attacker lateral movement, harden network choke points, gain deep OT telemetry to secure converged environments, and more.

runZero Research

Making the CISA KEV actionable for real-world risk

If you want to understand what the KEV is actually telling you, read our new KEVology report, then take the analysis into the lab with the KEV...

runZero Research

The runZero CNA is the newest CVE Numbering Authority!

runZero is now officially a CVE Numbering Authority!

runZero Research

Winpocalypse: One month later, the zombies are multiplying

We’re just over a month out from the Winpocalypse, where all Windows 10 operating systems technically went end-of-life. Let's talk about it.

runZero Research

runZero Hour recap: Beyond the veil with end-of-life OSes

In this episode, we talk about everything from current programming languages to mysterious firmware to, of course, the natural process of degrading...

runZero Research

Windows 10 EOL: A Winpocalypse just like Y2K

The end of Windows 10 is here, and with it comes a surge of exploitable systems. Move fast and find your exposures before attackers do with runZero.

runZero Research

From legacy to liability: New research report on end-of-life assets

End-of-life (EOL) operating systems don’t just fade away. They linger in enterprise networks like the undead — unchanging, unpatched, and...

runZero Research

Fast ≠ careless: cutting exposure time without breaking things

This month’s runZero Hour wasn’t just another CVE rundown. We went deeper to uncover what it means to move fast without breaking things.

runZero Research

Grappling with a post-CVE world

The writing is on the wall: an over-reliance on CVEs and agent-based approaches won’t keep you safe. So what else can you do to regain the upper hand?

runZero Research

Webcast recap: see + secure everything in your OT environment

A recap of last week’s webcast, where the runZero research team dug into the hard-earned lessons of managing sensitive OT environments.

runZero Research

runZero Hour, ep. 21 recap: highlights from Hacker Summer Camp

Our top insights, tools and stories from Hacker Summer Camp 2025.

runZero Research

Introducing EPSS Pulse: monitoring volatility in vulnerability risk

Learn about the origins of EPSS Pulse — the free tool that highlights recent 'fast movers' among EPSS-evaluated, CVE-identified vulnerabilities.

Latest runZero Hour Episodes

Watch recent episodes of our monthly research webcast exploring all things exposure and timely security topics.

Webcasts

runZero Hour, Ep. 30: Segmentation - stop assuming & start verifying with runZero 4.9

See runZero 4.9 in action! Join HD Moore and Tod Beardsley to learn how interactive attack path mapping and advanced OT intelligence expose hidden...

Webcasts

runZero Hour, Ep. 29: Live, Laugh, Malware: LLMs in Cybersecurity

Join Tod Beardsley and Rob King as they welcome guest Caroline Wong, author of The AI Cybersecurity Handbook.

Webcasts

runZero Hour, Ep. 28: Deep dive into OT retroencabulation

Tod Beardsley and Rob King were joined by special guest Ulises Fuentes Venado, Senior OT Pre-Sales Engineer at GuidePoint Security, for a thorough...

Webcasts

runZero Hour, Ep. 27: KEVology 101 – observing exploit trajectories in the KEV Collider

In this episode or runZero Hour, Tod Beardsley, Rob King, and special guest Wade Sparks (CISA and VulnCheck KEV veteran) explore the science of...

Webcasts

runZero Hour, Ep. 26: Exploring offseason resorts and OT networks with Brianna Cluck

In the first 2026 episode of runZero Hour, Rob King and Tod Beardsley chat it up with fan-favorite OT expert Brianna Cluck from GreyNoise...

Webcasts

runZero Hour, Ep. 25: The Holiday Hackstravaganza!

Tod Beardsley, Rob King, (and special guests!) look back at 2025’s wildest vulnerabilities, standout research, and make bold predictions for 2026.

Webcasts

runZero Hour, Ep. 24: Attack graphs with runZero and BloodHound!

In this episode, runZero's Tod Beardsley, Rob King, HD Moore and Jared Atkinson, CTO of SpecterOps, dive into the tangled world of modern attack...

Webcasts

runZero Hour, Ep. 23: Beyond the veil with end-of-life OSes

In this episode of runZero Hour Rob King, Tod Beardsley, and captn3m0 (creator of endoflife.date) summon insights from runZero’s latest research...

Webcasts

runZero Hour, Ep. 22: Poking the bear (safely) - our expanded vuln checks

We just added hundreds of new critical remote vulnerability checks to runZero that run safely across all your environments and are way faster than...

Webcasts

runZero Hour, Ep. 21: Hacker Summer Camp recap!

In this post-Hacker Summer Camp recap, Tod Beardsley, Rob King, HD Moore, and Matthew Kienow break down the most practical insights from BSidesLV,...

Webcasts

runZero Hour, Ep. 20: Reshaping security with open source: Insights from ProjectDiscovery & runZero

On this episode, we celebrate open source collaboration with the minds behind ProjectDiscovery: Rishiraj Sharma and Sandeep Singh, the co-founders...

Webcasts

runZero Hour, Ep. 19: Mission contextualize – LLMs, MCP, and the future of vulnerability intelligence

Jerry Gamblin joins us for a deep dive into today’s vulnerability landscape — from CVE trends and statistics to the launch of his new MCP (Model...

Latest Rapid Responses

Get tips on addressing 0-day threats and see how to uncover them immediately with runZero prebuilt queries.

Rapid Response

How to find Vercel Next.js instances on your network

Self-hosted Next.js applications using the built-in Node.js server are vulnerable to SSRF within the WebSocket upgrade handling mechanism.

Rapid Response

How to find Cisco Catalyst SD-WAN installations on your network

Cisco disclosed versions of Cisco Catalyst SD-WAN Controller & Manager contain a vulnerability in the peering auth mechanism. How to find affected...

Rapid Response

How to find Exim mail servers on your network

Certain versions of Exim are susceptible to a critical RCE vulnerability caused by a use-after-free condition in the BDAT body parsing path.

Rapid Response

How to find F5 NGINX installations on your network

F5 published a security advisory that a high vulnerability was identified in multiple versions of NGINX products. Here's how to find NGINX...

Rapid Response

How to find Fortinet FortiAuthenticator on your network

Fortinet disclosed in an advisory that a critical vulnerability was identified in versions of FortiAuthenticator.

Rapid Response

How to find Fortinet FortiSandbox on your network

Fortinet disclosed in an advisory that a critical vulnerability was identified in versions of FortiSandbox.

Rapid Response

How to find Ollama instances on your network

Certain versions of Ollama are susceptible to a heap out-of-bounds read vulnerability within the GGUF model loader. Here's how to locate affected...

Rapid Response

How to find Palo Alto Networks devices running PAN-OS

PAN released a security advisory for a high buffer overflow vulnerability in the IKEv2 processing. Here's how to find PAN devices on your network.

Rapid Response

How to find Android Debug Bridge (ADB) on your network

Google disclosed that certain Android versions are susceptible to an authentication bypass vulnerability within the wireless ADB mutual...

Rapid Response

How to find Progress MOVEit Automation installations on your network

Progress has disclosed that versions of MOVEit Automation are susceptible to two vulnerabilities within the service backend command port interfaces.

Rapid Response

How to find LiteLLM instances on your network

LiteLLM has disclosed that certain versions of LiteLLM Proxy are susceptible to multiple vulnerabilities that can be chained together to achieve RCE.

Rapid Response

How to find Apache HTTP Server instances

The Apache Software Foundation recently announced a path traversal vulnerability present in version 2.4.49 of the Apache HTTP Server software.

Revisit Hacker Summer Camp!

Relive the highlights of our epic week at Hacker Summer Camp 2025 with talks and interviews across BSides, Black Hat, and DEF CON.

Talks

DEF CON 33 - Shaking out shells with SSHamble (HD Moore)

This session is an extension of our 2024 work and includes new research as well as big updates to our open source research and assessment tool,...

Talks

DEF CON 33 - There and back again: detecting OT devices across protocol gateways (Rob King)

Presented by Rob King at DEF CON 33, this talk discusses techniques for detecting devices on the "other side" of protocol gateways.

Podcasts

The often-overlooked truth in cybersecurity: seeing the unseen in vulnerability management

Sean Martin (ITSPmagazine) speaks with HD Moore about an overlooked truth in cybersecurity: the greatest risks are usually the things you don’t...

Podcasts

You can’t get there from here: why we need a new way to manage exposure

At Black Hat 2025, CyberRisk TV sits down with HD Moore for a no-BS conversation on why vulnerability management is still failing enterprises.

Talks

Charting the SSH multiverse with HD Moore (BSidesSF 2025)

Watch runZero founder HD Moore, explore the multitude of SSH implementations, their specific weaknesses, and real-world exposures.

Talks

Forging strong cyber communities in uncertain times

HD Moore and Nicole Schwartz explore what it takes to create and foster robust cybersecurity communities and why we should all get involved in...

Webcasts

runZero Hour, Ep. 21: Hacker Summer Camp recap!

In this post-Hacker Summer Camp recap, Tod Beardsley, Rob King, HD Moore, and Matthew Kienow break down the most practical insights from BSidesLV,...

Explorers, innovators, & experts

Meet the team behind our research.

We are a group of industry veterans with decades of experience in information security, who are committed to runZero’s foundational principle that applied research makes for better asset discovery, and that better asset discovery is the foundation of modern exposure management.

The goal of the runZero research team is to discover incredibly efficient ways to pinpoint at-risk devices and quickly get this information into the hands of our customers and community. We achieve this through both precise fingerprinting and fast outlier analysis across IT, OT, IoT, cloud, mobile, and remote environments.

HD Moore

Founder & CEO, runZero

HD Moore is the founder and CEO of runZero. Previously, he founded the Metasploit Project and served as the main developer of the Metasploit Framework, which is the world's most widely used penetration testing framework.

More from HD Moore

Tom Sellers

Principal Research Engineer

Tom Sellers is a Principal Research Engineer at runZero. In his 25 years in IT and Security he has built, broken, and defended networks for companies in the finance, service provider, and security software industries. He has...

More from Tom Sellers

todb

VP, Security Research, runZero

Tod Beardsley is VP of Security Research at runZero, where he "kicks assets and fakes frames." Prior to 2025, he was the Section Chief for the Vulnerability Response section for CSD/VM/VRC at CISA, the Cybersecurity and Infra...

Matthew Kienow

Vulnerability Researcher

Matthew Kienow is a software engineer and security researcher. Matthew previously worked on the Recog recognition framework, AttackerKB as well as Metasploit's MSF 5 APIs. He has also designed, built, and successfully deploye...

More from Matthew Kienow

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

Try it Free

runZero CAASM

© Copyright 2026 runZero, Inc. All Rights Reserved