In this session, Tod Beardsley (runZero) is joined by Kimber Duke and Patrick Garrity from VulnCheck to discuss the critical intersection of end-of-life (EOL) hardware and cybersecurity exploitation. The conversation centers on a recent VulnCheck report revealing that network edge devices — such as consumer routers and enterprise firewalls — are the most targeted assets for exploitation. The speakers highlight a stark divide in attacker motives: botnets almost exclusively target consumer-grade devices for DDoS attacks, while ransomware campaigns focus on enterprise-level edge infrastructure for high-value breaches.
The discussion also dives into the zombie cycle of the internet, where unpatched, unsupported devices remain online indefinitely, creating a massive, static attack surface. This problem is exacerbated by ISPs that continue to issue EOL hardware to new customers and a lack of consumer awareness regarding router updates. The VulnCheck team also shares insights into their work as a CVE Numbering Authority (CNA), noting a massive spike in vulnerability reports — from 3,000 in March of the previous year to over 5,200 in the current month — driven in part by the use of AI and fuzzing tools to discover new flaws in both open-source and proprietary code.
Watch more sessions from runZero Day
| Session Title | Guests | |
|---|---|---|
| Watch Session | A CVE quagmire: Quality versus quantity | Jerry Gamblin, RogoLabs |
| Watch Session | Predicting exploitation: A practitioner's guide | Jay Jacobs, Empirical Security |
| Watch Session | Signal vs slop: Journalists on the evolution of research-driven reporting | Bill Brenner, CYBER.SEC.Community Dennis Fisher, Decipher Steve Ragan, 1Password |
| Watch Session | On the frontlines of investigative journalism in cybersecurity: An insider's perspective | Joseph Menn, Author & Investigative Journalist |
| Watch Session | From risk to resilience: Navigating OT security in a converged world | Mary Gannon, GuidePoint Security Patrick Gillespie, GuidePoint Security |
| Watch Session | Force multiplied: Community-powered vuln detection | Rishi Sharma, ProjectDiscovery |
| Watch Session | Mute the sirens: Prioritizing vulnerability noise | Mark Lambert, ArmorCode |
| Watch Session | The network edge: EOL and exploitation | Kimber Duke, VulnCheck Patrick Garrity, VulnCheck |
| Watch Session | Bug bounties in the age of AI | Casey Ellis, Bugcrowd |
| Watch Session | Perimeters and pathways: Protecting the complete attack surface | HD Moore, runZero Jared Atkinson, SpecterOps Zakir Durumeric, Censys |
| Watch Session | The infinite eye: How AI threat intelligence gives defenders an asymmetric edge | HD Moore, runZero Jonathan Cran, Mallory |
Meet Our Speakers
todb
VP of Security Research, runZero
Get the latest news and expert insights delivered in your inbox.
