Black Hat 2024: How CAASM Opens Eyes to Stealth Assets on a Network

HD Moore, CEO and founder of runZero, joins Dark Reading's Terry Sweeney at News Desk during Black Hat USA to talk about cyber asset attack surface management (CAASM) and a new open-source tool.

Terry Sweeney, Contributing Editor

August 14, 2024

6 Min View
Source: Dark Reading

As runZero CEO and founder HD Moore observes, prevention is a big part of risk management that frequently gets overlooked. But when cyber asset attack surface management (CAASM) software gets deployed, it typically reveals plenty of stealth assets the organization didn't know were there, Moore Dark Reading's Terry Sweeney in a conversation at News Desk during Black Hat USA. "The hunting-discovery aspect of CAASM is obviously a big selling point," he says. "Customers care about preventing a breach, being able to respond quickly to a breach. We're focused on one of those two problems."

Organizations can only protect devices that have an endpoint agent and some kind of security control installed, and these discovered stealth devices typically lack any security controls, Moore adds.

But assets need more than security controls, so runZero decided to take a hard look at the secure shell ecosystem and its regression capabilities. "We found a long tail of problems that no one else had run across yet because it requires really kind of deep testing and the protocol stack and library," Moore explains. "So we built a tool that we call Shamble, which pokes and prods various parts of the protocol and stack" to gauge their security strength. Consequently, runZero's teams discovered a lot of industrial control devices that would approve a remote shell before authorizing or authenticating the device. "We found all sorts of misconfigurations and exposures," Moore says.

And he adds that runZero wants to provide tools for people testing their security systems as well for researchers, engineers, and developers who want to extend security. "This toolkit is a way to just quickly scan your network and see any of the common misconfigurations that we found exposed on your equipment or in your devices," he adds.

HD Moore is a pioneer of the cybersecurity industry who has dedicated his career to vulnerability research, network discovery, and software development since the 1990s. He is most recognized for creating Metasploit and is a passionate advocate for open-source software and vulnerability disclosure. HD serves as the CEO and co-founder of runZero, a provider of cyber asset attack surface management (CAASM) software and cloud services. Prior to founding runZero, he held leadership positions at Atredis Partners, Rapid7, and BreakingPoint. HD's professional journey began with exploring telephone networks, developing exploits for the Department of Defense, and breaking into financial institutions. When he's not working, he enjoys hacking on weird Go projects, building janky electronics, running in circles, and playing single-player RPGs.

About the Author

Terry Sweeney

Contributing Editor

Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, Network World, InformationWeek and Mobile Sports Report.

In addition to information security, Sweeney has written extensively about cloud computing, wireless technologies, storage networking, and analytics. After watching successive waves of technological advancement, he still prefers to chronicle the actual application of these breakthroughs by businesses and public sector organizations.


Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights