My name is HD Moore, I am the founder and CEO of runZero, the first step in security risk management and the best way for organizations to understand their exposure through comprehensive asset inventory. I love network protocols, device fingerprinting, and security research. Most folks know me best as the founder of the Metasploit Project

This is a comprehensive list of the accounts I use to communicate. If you see an account claiming to be me that is not on this list, it's likely an impersonator. If they offer to help you recover cryptocurrency funds, break into someone else's systems, or offer commercial services, it is almost certainly a scam.

• emailx[at]hdm.io (AGE - PGP)

• mastodon@hdm@infosec.exchange

• signalhdm.01

• bluesky@hdm.bsky.social

• discord_hdm_

• twitter@hdmoore

• github@hdm

• linkedin@hdmoore

• Microblogging at Infosec.Exchange Short posts mostly related to security research (local mirror)

• The runZero Blog Posts related to runZero and related research

• runZero Research Report: Volume 1 with Rob King & Tom Sellers at RSA Conference 2024

• Balkanization from Above with Dan Geer in USENIX ;login: (August 2015)

• The Security Setup: HD Moore TheSecuritySetup.com

• Mitigating Service Account Credential Theft on Windows with Joe Bialek & Ashwath Murthy

• Security Flaws in Universal Plug and Play: Unplug, Don’t Play Rapid7 Research

• Tactical Exploitation with Valsmith at Black Hat USA 2010

• Metasploit and Money Black Hat DC 2010

• Exploiting Tomorrow’s Internet Today: Penetration testing with IPv6 Uninformed Journal v10

• Exploiting 802.11 Wireless Driver Vulnerabilities on Windows Uninformed Journal v6

• Mac OS X PPC Shellcode Tricks Uninformed Journal v1

• Terminal Emulation Security Issues Bugtraq

• Hacker Numerology LASCON - October 2024

• A Pebble Down the Well: Network Exploration JawnCon 0x1 - October 2024

• SSHamble: Unexpected Exposures in the Secure Shell DEF CON 32 - August 2024

• Secure Shells in Shambles Black Hat USA - August 2024

• 25 Years of Vulnerability Mismanagement CypherCon - April 2024

• Wires & Outliers Texas Cyber Summit - September 2023

• Modern Network Discovery Duo Tech Talks - December 2019

• Modern Internet Scale Reconnaissance BSides Las Vegas 2017

• Internet of Threats United Summit 2015

• The Security Space Age HouSecCon 2013

• Scanning Darkly DerbyCon 2013

• The Threat Landscape United Summit 2013

• Untangling Windows 8 Web Services OWASP Austin 2013

• Serial Offenders InfoSecSouthwest 2013

• Serial Offenders AusCERT 2013 SCADA Forum

• Global Network Security AusCERT 2013

• Global Vulnerability Analysis Queensland Police Workshop 2013

• Serial Offenders AISA 2013

• Using Metasploit on Kali Linux Rapid7 Webcast 2013

• Global Vulnerability Analysis RSA USA 2013

• Security Flaws in Universal Plug and Play Rapid7 Webcast 2013

• The Wild West DerbyCon 2012

• Validating Risks in Your Security Program Rapid7 Webcast 2012

• Empirical Exploitation SANS Pen-test Summit 2012

• The Root Shell Index OWASP Austin 2012

• Terrible Things in Network Security Secure360 2012

• Easy Network Intrusion with Java Rapid7 Webcast 2012

• How Automated Security Assessments Stop Untargeted Attacks Rapid7 Webcast 2012

• Identifying IPv6 Security Risks in IPv4 Networks Rapid7 Webcast 2012

• Effective Password Testing using Metasploit Rapid7 Webcast 2012

• Metasploit Community Edition Rapid7 Webcast 2011

• Acoustic Intrusions DerbyCon 2011

• Something Awesome (WarVOX) BSides Las Vegas 2011

• Fixing the Right Vulnerabilities Rapid7 Webcast 2011

• Metasploit 4.0 Rapid7 Webcast 2011

• Oil Fields, Quake Live, and Metasploit BSides Austin 2011

• When CSOs Attack BSides San Francisco 2011

• Board Room Spy Cams Rapid7 Webcast 2011

• Beyond Exploits Secure360 2010

• Cyber Weaponry MIL-OSS 2010

• Fun with VxWorks Defcon SkyTalks 2010

• Metasploit 3.4 and Beyond Rapid7 Webcast 2010

• Network Time Bandits BSides San Francisco 2010

• Metasploit and Money Black Hat DC 2010

• Death by 32 Bits SOURCE Boston 2010

• WarVOX Defcon 2009

• Metasploit Evolved Defcon 2009

• WarVOX BSides Las Vegas 2009

• The Future of Metasploit SANS Pen-test Summit 2009

• Exploiting IPv6 SecTor 2008

• Metasploit Prime SecTor 2008

• Keynote SANS Penetration Testing Summit 2008

• Tactical Exploitation Defcon 2007

• Tactical Exploitation Black Hat Briefings 2007

• Live Free or Hack Hard: Metasploit 2007 CanSecWest 2007

• Metasploit FOSDEM 2007

• Metasploit 3 IT-ISAC October 2006

• Metasploit Reloaded Black Hat Briefings 2006

• Thermoptic Camouflage Black Hat Briefings 2006

• Six Degrees of XSSPloitation Black Hat Briefings 2006

• Metasploitation Cansecwest 2006

• Metasploit v3.0 Microsoft Blue Hat 2006

• Bitten on the ASP Microsoft Blue Hat 2006

• Abusing Disaster Recovery Systems InterzoneWest 2005

• Abusing Disaster Recovery Systems FIRST 2005

• The Art of Blue Teaming UTSA CIAS 2005

• We Have the Technology Microsoft Blue Hat 2005

• Advances in Exploit Technology Cansecwest 2005

• Hacking Like in the Movies Defcon 2004

• Hacking Like in the Movies Black Hat Briefings 2004

• Modern ASP.NET Caveats Cansecwest 2004

• Exploiting the Metasploit Framework Cansecwest 2004

• Advanced Exploit Development Hack-in-the-Box 2003

• Breaking ASP.NET Cansecwest 2002

• SQL Injection SANS Bootcamp 2002

• Smashing Windows SANS Bootcamp 2002

• Making NT Bleed SANS I/O Wargames 2001

• Making NT Bleed Cansecwest 2001