HD Moore

When Security Is ‘Hot’

HD Moore is probably best known for his creation of the game-changing open source Metasploit penetration testing toolkit in 2003 that has shaped the career of many a security expert – and black hat.

But Moore also undertook a project that ultimately led to more secure browsers: Ten years ago in July, Moore launched the Month of Browser Bugs project, where he disclosed a new browser vulnerability each day in Internet Explorer, Mozilla, Safari, and Opera, some of which exposed flaws in the underlying operating systems and APIs of the web tools. The browser bug-shaming ultimately led to major improvements in browser security, and inspired a few other, but not so successful, months of bugs by other researchers.

Moore’s most recent work scanning the public Internet in search of wide-open and vulnerable devices and systems began in 2012, and is now a community effort called Project Sonar. Over the years, his scans have led to the discovery of major holes in embedded devices, home routers, corporate videoconferencing systems, web servers, and other equipment on the public Internet, all of which harbor weaknesses such as default backdoor-type access, default passwords, exposed ports, broken firewall rules, and other security holes ripe for the picking by bad guys.

It might come as a surprise that the widely respected Moore was once called “spawn of the devil” by an ex-Microsoftie in the early 2000s for his research that sniffed out some systemic security problems in the software giant’s wares. He’s considered one of the most accomplished, and humble, rock stars in the industry. As his former colleague at BreakingPoint Systems Dennis Cox once said: "HD makes security hot. Everybody wants to take him to the prom."

Moore recently left his post of six years as chief security scientist at Rapid7. But he’s certainly not done yet: he’s working on some as-yet undisclosed new projects, as well as on his baby, Metasploit.