home > posts
  • August 20, 2025
    HD Moore
    @hdm

    I chased an intermittent DNS bug for two weeks and for once, it was not DNS:

    "PF states limit reached"

    If you use opnsense/pfsense, the default state table size of 1.6m can sneak up on you when your network is full of scans. Poking around with `pfctl -si` and setting a much healthier max with aggressive expiration made everything happy again.

    Related, runZero handles this problem by actively tearing down middle-box state tables during SYN scans, which ironically means sending twice as many packets, but having a much lower impact on the network as a result.

    ↪ reply
  • August 13, 2025
    HD Moore
    @hdm

    Hello Austin-area software engineers (or aspiring engineers)! Join us tonight, Wednesday, August 13, 2025 for two hours of lightning talks and discussion at the ATX Go meetup. The focus tonight is on infosec/cybersecurity/hacking tools written in Go, but all Go-related talks are welcome.

    This meetup is hosted by Capital Factory and runs from 6:30 PM to 8:30 PM CDT (with pizza and drinks): https://www.meetup.com/atxgolang/events/305492505/?slug=atxgolang&eventId=305492505

    ↪ reply
  • August 13, 2025
    HD Moore
    @hdm

    If you missed this talk at BH/DC last week, it's worth a read: "From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion". Awesome work from Shu-Hao, Tung (123ojp) covering practical attacks on GRE and VxLAN tunnels: https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Shu-Hao%20Tung%20-%20From%20Spoofing%20to%20Tunneling%20New%20Red%20Team%27s%20Networking%20Techniques%20for%20Initial%20Access%20and%20Evasion.pdf (repo: https://github.com/123ojp/GREtunnel-scanner & wp https://i.blackhat.com/BH-USA-25/Presentations/USA-25-Tung-From-Spoofing-To-Tunneling-New-wp.pdf)

    ↪ reply
  • August 13, 2025
    HD Moore
    @hdm

    Blue Team Con (@BlueTeamCon) is only three weeks away! I'm excited to share "The Death and Rebirth of Vulnerability Management", an analysis of coverage, tradeoffs, and efficacy across vulnerability scanners, endpoint agents, and open source security tools.

    https://blueteamcon.com/directory/the-death-and-rebirth-of-vulnerability-management/

    ↪ reply
  • August 10, 2025
    HD Moore
    @hdm

    Thank you to everyone who made it out for my DEF CON 33 presentation, "Shaking Out Shells With SSHamble", you can find the materials online at https://hdm.io/decks/MOORE%20-%20Shaking%20Out%20Shells%20With%20SSHamble.pdf

    This deck includes some lightly-censored zero-day and I recommend tossing `sshamble scan -u root,admin,guest 22,24442,2222,70,222,10022,10399,2022,22222 --interact=all` at your local network to see what shakes out =D

    (PS. You can find most of my presentations at https://hdm.io/)

    ↪ reply
  • August 10, 2025
    HD Moore
    @hdm

    Are you an Austin-area software engineer who writes Go (or aspires to become one)? Join us Wednesday, August 13, 2025 for two hours of lightning talks and discussion, including recaps of awesome Go work presented at the Black Hat and DEF CON conferences. Have a short talk on Go (with or without security focus)? Bring it!

    This meetup is hosted by Capital Factory and runs from 6:30 PM to 8:30 PM CDT: https://www.meetup.com/atxgolang/events/305492505/?slug=atxgolang&eventId=305492505

    Please RSVP so we can accurately order enough pizza and drinks.

    ↪ reply
  • August 9, 2025
    HD Moore
    @hdm

    Hello DEF CON! Tomorrow (Saturday/August 9th) I'll be speaking with Nicole Schwartz on Forging Strong Cyber Communities in Uncertain Times at 1pm in W205 (TDI) and then shortly after on Shaking Out Shells with SSHamble at 3pm in Track 2 (LV1), with even more shells. Hope to see you there!

    1. https://calendar.google.com/calendar/u/0/r/month/2025/8/9?eid=NDBmOWhyMzZsaDBsYWU0MjRudHBkbHBjZ2ggY184YmI1ODdmNzM0NGNmNTJjNTIzY2Y2NWE1MGM4YzU3ODlhY2VlZDVlMGVkZTQyYWQzNjE4YjI2MzUwOTg4YjVmQGc
    2. https://defcon.org/html/defcon-33/dc-33-speakers.html#content_60360

    ↪ reply
  • August 5, 2025
    HD Moore
    @hdm

    BSides Las Vegas 2025 is incredible. Amazing turn-out, fantastic staff, and the sheer variety of content, speakers, and activities sets the bar for what a hacker con should be. You can find the slides from my talk, Turbo Tactical Exploitation: 22 Tips for Tricky Targets, online at https://hdm.io/decks/BSidesLV%202025%20-%20%20Turbo%20Tactical%20Exploitation_%2022%20Tips%20for%20Tricky%20Targets.pdf

    It looks at least a bit of the video is on YT as well at https://www.youtube.com/watch?v=goERQMqAv50 (Ground Floor at 11am). Thank you to everyone who attended and to the BSides team for a wonderful experience!

    ↪ reply
  • July 16, 2025
    HD Moore
    @hdm

    runZero Hour #20 is LIVE NOW - This is an amazing episode that includes Rishi & Sandeep of https://projectdiscovery.io/; here to give us the backstory on their company and the Nuclei open source vulnerability scanner (already bigger and more popular than Metasploit!). Hit our YT live stream to hear about PD, Nuclei, and how runZero is working with PD and the community on open source security tools!

    https://www.youtube.com/watch?v=kLyukzprtDo

    ↪ reply
  • July 9, 2025
    HD Moore
    @hdm

    Hello Austin Gophers! The July ATX Go Meetup is TONIGHT (July 9th). The meetup includes lightning talks, pizza, beverages, and general discussion. Have a neat idea? A quick talk related to Go? Something to show-and-tell? https://www.meetup.com/atxgolang/events/305492502/

    The weather outside is lousy, you might as well hang out in a conference room with us nerds! =D

    ↪ reply
  • View older posts >>

Copyright 1998-2025 HD Moore