HD Moore, renowned for his work in network security and the founder of the Metasploit Project, has embarked on a new venture with his startup runZero. Unlike his previous career focused on external network scanning, Moore’s work at runZero revolves around internal enterprise asset discovery. The startup aims to apply the same approach he used for external network discovery to the internal side of companies, including their cloud connections, VPNs, and multi-site and regional links.
Moore’s fascination with discovering unexplored connections between devices dates back to his childhood. He was intrigued by the idea that by dialing a random number, he could be connected to a whole new person. As he delved into the Internet, his curiosity for exploration only grew. Moore explains, “You make up any random 32-bit number and there’s probably something there, which is really cool. The whole world is just a series of numbers.”
Throughout his career, Moore has made numerous discoveries of critical security flaws and exposed devices. His work on open source tools like Metasploit, WarVOX, and AxMan has enabled other security researchers and penetration testers to do the same. About a decade ago, Moore’s Critical IO project at Rapid7 revealed that millions of network devices were wide open to attacks. This shed light on the insecure nature of open network connectivity and resulted in threats from federal law enforcement. Moore continued his development work but eventually stepped back from Rapid7 to take a break.
In 2017, Moore joined Atredis Partners, a security assessment firm, in a research and development role. This position allowed him to continue exploring networks in tightly scoped engagements. During this time, Moore noticed a recurring trend among companies that could afford boutique security assessment firms—they tended to secure the assets they knew about but overlooked vulnerable assets in their quarterly pen tests. This realization led to the inception of runZero.
Founded in 2019 as Rumble, the startup focused on asset discovery through active scanning, moving away from the conventional nmap scanning tool. Moore explains, “While nmap is great… it changes how you approach network discovery if everyone is using the same tooling.” RunZero aimed to identify assets more effectively, not just in terms of their technical specifications but also their categorization—for example, discerning whether a box on the wall is a Roku media player or a printer.
The company’s latest release integrates passive discovery into its platform, expanding discoverability and adapting to operational technology (OT) environments like power plants. In such environments, active scanning can disrupt uptime, making passive discovery a more viable option. By inverting the scanner, runZero utilizes its packet parsing engine to analyze passive network flows and provide the same output as an active scan.
Moore hopes to make the runZero platform more accessible and functional by applying the lessons he learned throughout his career. The company has introduced a free version of the platform for small businesses, individuals, and security researchers with 100 or fewer assets. This move aims to democratize tooling and encourage more people to use and engage with the platform.
In a world where digital connectivity is increasingly prevalent, the need for robust security measures is paramount. Through runZero, HD Moore continues to contribute to the protection and discovery of assets within internal enterprise networks, helping to secure companies’ digital infrastructure.