hdm.io

Howdy!

My name is HD Moore, I am the founder and CEO of runZero, the first step in security risk management and the best way for organizations to understand their exposure through comprehensive asset inventory. I love network protocols, device fingerprinting, and security research. Prior to starting runZero, I was best known as the founder of Metasploit.

Contact & Verification

This is a comprehensive list of the accounts I use to communicate. If you see an account claiming to be me that is not on this list, it's likely an impersonator. If they offer to help you recover cryptocurrency funds, break into someone else's systems, or offer commercial services, it is almost certainly a scam.

email (personal)xhdmio
email (work)hdmrunZerocom
mastodon@hdm@infosec.exchange [mirror]
signalhdm.01
bluesky@hdm.bsky.social
discord_hdm_
twitter@hdmoore
github@hdm
linkedin@hdmoore
blogrunZero.com

Upcoming Presentations

Big MAC AttackHacker Hoedown - November 20th, 2024

Previous Presentations

Hacker Numerology RowdyCon - October 2024
Hacker Numerology LASCON - October 2024
A Pebble Down the Well: Network Exploration JawnCon 0x1 - October 2024
SSHamble: Unexpected Exposures in the Secure Shell DEF CON 32 - August 2024
Secure Shells in Shambles Black Hat USA - August 2024
25 Years of Vulnerability Mismanagement CypherCon - April 2024
Wires & Outliers Texas Cyber Summit - September 2023
Modern Network Discovery Duo Tech Talks - December 2019
Modern Internet Scale Reconnaissance BSides Las Vegas 2017
Internet of Threats United Summit 2015
The Security Space Age HouSecCon 2013
Scanning Darkly DerbyCon 2013
The Threat Landscape United Summit 2013
Untangling Windows 8 Web Services OWASP Austin 2013
Serial Offenders InfoSecSouthwest 2013
Serial Offenders AusCERT 2013 SCADA Forum
Global Network Security AusCERT 2013
Global Vulnerability Analysis Queensland Police Workshop 2013
Serial Offenders AISA 2013
Using Metasploit on Kali Linux Rapid7 Webcast 2013
Global Vulnerability Analysis RSA USA 2013
Security Flaws in Universal Plug and Play Rapid7 Webcast 2013
The Wild West DerbyCon 2012
Validating Risks in Your Security Program Rapid7 Webcast 2012
Empirical Exploitation SANS Pen-test Summit 2012
The Root Shell Index OWASP Austin 2012
Terrible Things in Network Security Secure360 2012
Easy Network Intrusion with Java Rapid7 Webcast 2012
How Automated Security Assessments Stop Untargeted Attacks Rapid7 Webcast 2012
Identifying IPv6 Security Risks in IPv4 Networks Rapid7 Webcast 2012
Effective Password Testing using Metasploit Rapid7 Webcast 2012
Metasploit Community Edition Rapid7 Webcast 2011
Acoustic Intrusions DerbyCon 2011
Something Awesome (WarVOX) BSides Las Vegas 2011
Fixing the Right Vulnerabilities Rapid7 Webcast 2011
Metasploit 4.0 Rapid7 Webcast 2011
Oil Fields, Quake Live, and Metasploit BSides Austin 2011
When CSOs Attack BSides San Francisco 2011
Board Room Spy Cams Rapid7 Webcast 2011
Beyond Exploits Secure360 2010
Cyber Weaponry MIL-OSS 2010
Fun with VxWorks Defcon SkyTalks 2010
Metasploit 3.4 and Beyond Rapid7 Webcast 2010
Network Time Bandits BSides San Francisco 2010
Metasploit and Money Black Hat DC 2010
Death by 32 Bits SOURCE Boston 2010
WarVOX Defcon 2009
Metasploit Evolved Defcon 2009
WarVOX BSides Las Vegas 2009
The Future of Metasploit SANS Pen-test Summit 2009
Exploiting IPv6 SecTor 2008
Metasploit Prime SecTor 2008
Keynote SANS Penetration Testing Summit 2008
Tactical Exploitation Defcon 2007
Tactical Exploitation Black Hat Briefings 2007
Live Free or Hack Hard: Metasploit 2007 CanSecWest 2007
Metasploit FOSDEM 2007
Metasploit 3 IT-ISAC October 2006
Metasploit Reloaded Black Hat Briefings 2006
Thermoptic Camouflage Black Hat Briefings 2006
Six Degrees of XSSPloitation Black Hat Briefings 2006
Metasploitation Cansecwest 2006
Metasploit v3.0 Microsoft Blue Hat 2006
Bitten on the ASP Microsoft Blue Hat 2006
Abusing Disaster Recovery Systems InterzoneWest 2005
Abusing Disaster Recovery Systems FIRST 2005
The Art of Blue Teaming UTSA CIAS 2005
We Have the Technology Microsoft Blue Hat 2005
Advances in Exploit Technology Cansecwest 2005
Hacking Like in the Movies Defcon 2004
Hacking Like in the Movies Black Hat Briefings 2004
Modern ASP.NET Caveats Cansecwest 2004
Exploiting the Metasploit Framework Cansecwest 2004
Advanced Exploit Development Hack-in-the-Box 2003
Breaking ASP.NET Cansecwest 2002
SQL Injection SANS Bootcamp 2002
Smashing Windows SANS Bootcamp 2002
Making NT Bleed SANS I/O Wargames 2001
Making NT Bleed Cansecwest 2001

Papers

runZero Research Report: Volume 1 with Rob King & Tom Sellers at RSA Conference 2024
Balkanization from Above with Dan Geer in USENIX ;login: (August 2015)
The Security Setup: HD Moore TheSecuritySetup.com
Mitigating Service Account Credential Theft on Windows with Joe Bialek & Ashwath Murthy
Security Flaws in Universal Plug and Play: Unplug, Don’t Play Rapid7 Research
Tactical Exploitation with Valsmith at Black Hat USA 2010
Metasploit and Money Black Hat DC 2010
Exploiting Tomorrow’s Internet Today: Penetration testing with IPv6 Uninformed Journal v10
Exploiting 802.11 Wireless Driver Vulnerabilities on Windows Uninformed Journal v6
Mac OS X PPC Shellcode Tricks Uninformed Journal v1
Terminal Emulation Security Issues Bugtraq