Securing your total attack surface has never been more challenging. We believe that applied research is fundamental to building better security solutions to address both new problems and the persistent ones that dog security teams. By sharing our research, tools, and knowledge with our community, we can help each other proactively improve our defenses and raise the bar on attackers.
SSHamble: Exploit SSH protocol vulnerabilities
The runZero research team discovered a range of weaknesses across SSH applications that impact critical network security devices and software. These long standing issues remained undiscovered due to the lack of tooling available – until now!
Divining Risk: Deciphering Signals From Vulnerability Scores
Vulnerability scores promise clarity, but too often just add to the noise.
We analyzed signals from over 270,000 CVEs to reveal what CVSS, EPSS, and SSVC actually tell us — and what they don’t.
Subscribe to our monthly runZero Hour series
Jump down the security rabbit hole with us every month as our research team unpacks risky exposures, attack surface anomalies, and the most random vulnerabilities lurking in your IT, OT, IoT, remote, cloud, and mobile environments.
Welcome aboard the CVSS Bonsecours!
runZero Founder & CEO HD Moore's first stop is the island of Vulnerability Management; a wild place first settled by hackers, now congested with warring tribes, each selling magick ointments that they claim will protect your ship from ghosts, whirlpools, termites, and giant squids alike.
We'll visit these tribes, compare their warez, identify the useful products, and highlight those that just leave you greasy and poor.
VP of Security Research Tod Beardsley will dig into the strengths, weaknesses, and absurdities of CVSS, EPSS, and SSVC, comparing them to the reality of how security teams actually handle vulnerabilities.
Tod will explore where these models help, where they mislead, and whether any of them are meaningfully better than rolling a D20 saving throw vs exploitation.
Expect debate, disagreements, and plenty of astrology jokes.
Tune in for the next runZero Hour on May 21 as vulnerability scoring expert Jay Jacobs joins us for a spicy debate about what CVSS, EPSS, and SSVC really tell us — and what they don’t.
We’ll also share highlights from new research on scoring systems, common misconceptions, and how to prioritize risk with context, not just scores.
Trust us, you won't want to miss this one!
The Secure Shell (SSH) has evolved from a remote shell service to a standardized secure transport that is second only to Transport Layer Security (TLS) in terms of exposure and popularity. SSH is no longer just for POSIX operating systems; SSH services can be found in everything from network devices, to source code forges, to Windows-based file transfer tools. While OpenSSH is still the most prominent implementation, it's now just one of dozens, and these include a handful of libraries that drive a wide range of applications. Watch HD Moore and Rob King talk on stage at DEF CON 32, dig deep into SSH, the lesser-known implementations, many of the surprising security issues found along the way, and how to exploit them. |
Research Report: Volume 1
The runZero research team analyzed millions of assets across hundreds of enterprise networks, including internal infrastructure, internet-facing assets, and cloud environments. We found alarming gaps, unexpected trends, and much more.
Watch recent episodes of our monthly research webcast exploring all things exposure and timely security topics.
Dive into the latest findings, insights, and observations on attack surfaces from our research team.
Get tips on addressing 0-day threats and see how to uncover them immediately with runZero prebuilt queries.
We are a group of industry veterans with decades of experience in information security, who are committed to runZero’s foundational principle that applied research makes for better asset discovery, and that better asset discovery is the foundation of modern exposure management.
The goal of the runZero research team is to discover incredibly efficient ways to pinpoint at-risk devices and quickly get this information into the hands of our customers and community. We achieve this through both precise fingerprinting and fast outlier analysis across IT, OT, IoT, cloud, mobile, and remote environments.Â
HD Moore is the founder and CEOÂ of runZero. Previously, he founded the Metasploit Project and served as the main developer of the Metasploit Framework, which is the world's most widely used penetration testing framework.
Rob King is the Director of Security Research at runZero. Over his career Rob has served as a senior researcher with KoreLogic, the architect for TippingPoint DVLabs, and helped get several startups off the ground. Rob helped...
Tom Sellers is a Principal Research Engineer at runZero. In his 25 years in IT and Security he has built, broken, and defended networks for companies in the finance, service provider, and security software industries. He has...
Tod Beardsley is VP of Security Research at runZero, where he "kicks assets and fakes frames." Prior to 2025, he was the Section Chief for the Vulnerability Response section for CSD/VM/VRC at CISA, the Cybersecurity and Infra...
Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.
Discover the new era of exposure management!