Hey, the runZero docs say:
You do not need to use an interface connected to a SPAN or TAP port; a regular network interface will work.
But does this mean that there's no value in setting up a span, if you can?
#RunZero
🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!
We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!
🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!
We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏
The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management
Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.
HD Moore, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.
Key insights from our conversation:
• When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had
• The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days
• Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls
• Traditional agent-based tools can't see what attackers see
#RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.
📺 Watch the video: https://youtu.be/hkKJsKUugIU
🎧 Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story-bM0PrkAw 📖 Read the blog: https://www.itspmagazine.com/their-stories/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story
➤ Learn more about RunZero: https://itspm.ag/runzero-5733
✦ Catch more stories from RunZero: https://www.itspmagazine.com/directory/runzero
🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25
#Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity
#LetsEncrypt certificate expiration notices will stop, so I set up #RunZero to monitor for expiring TLS certtificates. 🚀 I ran into an issue with Chromecast's super short-lived certificates and got around that by using custom queries. Want to follow along? Check out my recent-ish blog post #Security #Cybersecurity"
Assets.
Thank you, @runZeroInc.
#runZero #AssetDiscovery #NetworkDiscovery #NetworkScanning #AttackSurface #CAASM #CyberAssetAttackSurfaceManagement #ExposureManagement #InformationSecurity #InfoSec #CyberSecurity
I received a notice that #letsencrypt will cease sending email notices for expiring certificates, so I'm configuring my #RunZero instance to display upcoming expirations on the dashboard.
While doing this, I discovered that my #chromecast is pulling down certificates with a 48 hour TTL. Looks like #Google is getting serious about shortening #TLS certificate lifespans.
⚡ It's a new year and we've got new exposure management features for you! See how runZero's Inside-Out Attack Surface Management capabilities uncover exposures that are impossible to find through attribution alone.
External attack surface management (EASM) tools (including runZero) are great for identifying exposures in well-known organizational resources, but they miss exposures where attribution is impossible using IP addresses and domain names alone.
To uncover these hidden threats, you need detailed knowledge of your internal assets. With runZero’s Inside-Out ASM, we bridge the gap — connecting internal data powered by advanced fingerprinting with external discoveries to pinpoint publicly exposed assets, no matter what or where they are.
💡 Learn more about this innovative approach in our latest blog: https://www.runzero.com/blog/inside-out-attack-surface-management/
🎙️ Tune into runZero Hour tomorrow to learn more: https://www.runzero.com/research/runzero-hour/
Siemens disclosed 20+ vulnerabilities in its SENTRON, SCALANCE, and RUGGEDCOM product lines. Several vulnerabilities have CVSS scores ranging from 7.0 to 10.0, and the impacts vary from remote code execution to privilege escalation to information disclosure to denial of service.
Learn more about the vulnerabilities: https://www.runzero.com/blog/siemens-devices/
Use runZero to find affected systems on your network: https://www.runzero.com/try/
Fortinet disclosed six #vulnerabilities in FortiOS, FortiProxy, and FortiClient. The vulnerabilities include buffer overflow and SQL injection, among others. With CVSS scores ranging from 7.2 to 9.3. the impacts vary from arbitrary code execution to privileged information disclosure.
Learn more about the vulnerabilities: https://www.runzero.com/blog/fortinet-assets/
Use runZero to find affected systems on your network: https://www.runzero.com/try/
Did you know that the discrepancy between ICMP and TCP syn response times can reveal if a device is the real thing or a lookalike?
Watch the entire fourth episode of runZero Hour for this and other insights: https://youtu.be/m8JE5ZtKvOI
Try runZero for free: https://www.runzero.com/try/signup/
JetBrains disclosed two serious #vulnerabilities in TeamCity On-Premises. #CVE-2024-27198 allows access to TeamCity with admin privileges without authentication. #CVE-2024-27199, is a path-traversal vulnerability allowing attackers to perform limited administrative actions without proper authentication.
Learn more about the vulnerability: https://www.runzero.com/blog/finding-teamcity-on-premises-2/
Use runZero to find TeamCity on your network: https://www.runzero.com/try/signup/
Progress Software disclosed a vulnerability in its OpenEdge Authentication Gateway and AdminServer applications. #CVE-2024-1403 allows attackers to bypass authentication and access affected systems with arbitrary privileges.
Learn more about the #vulnerability: https://www.runzero.com/blog/finding-progress-openedge/
You can use runZero for free to find potentially vulnerable installations: https://www.runzero.com/try/signup/
ConnectWise has disclosed two serious #vulnerabilities in their ScreenConnect (formerly Control) remote access product. The first vulnerability allows attackers to bypass authentication to execute arbitrary commands with full privileges. The second issue is a path-traversal vulnerability that allows attackers to access restricted resources.
Learn more about the vulnerability: https://www.runzero.com/blog/finding-connectwise-screenconnect/
Use runZero to find #connectwise ScreenConnect on your network: https://www.runzero.com/try/signup/
Microsoft has disclosed a #vulnerability (#CVE-2024-21410) in #microsoft Exchange that would allow attackers to authenticate to #microsoftexchange servers using a captured NTLM hash (a so-called “pass-the-hash” vulnerability). This would allow an attacker to authenticate to an Exchange server as any user.
Learn more about the vulnerability: https://www.runzero.com/blog/finding-microsoft-exchange/
Use runZero to find Exchange servers on your network: https://www.runzero.com/try/signup/
Fortinet disclosed a serious vulnerability in their FortiOS operating system, used by multiple #fortinet products. #CVE-2024-21762, allows attackers to execute arbitrary code on vulnerable devices. The vendor has indicated that this is a critical #vulnerability and may be actively exploited in the wild.
Learn how to find this vulnerability on your network: https://www.runzero.com/blog/finding-fortios/
Notable examples of projects that do it right are #OpenSearch #SublimeSecurity #gitlab #runzero
Chips and Cyber anyone? Join us at the runZero Cafe at RSA!
We're taking over the Buena Vida Cantina, around the corner from the Moscone Center, and turning it into a fun, relaxing, pop-up lounge.
Stop by April 25th-27th for some delicious free drinks, snacks, on-site demos, swag, and more!
Pre-register now and we'll save some EXCLUSIVE swag just for you!
Learn more here --> https://info.runzero.com/rsa-2023
The Business Ninjas podcast by WriteForMe chatted with runZero CEO & Co-Founder @chris_kirsch about scaling the business, bringing in the right talent, and a breakdown of how runZero helps businesses get better visibility to every asset connected to their network.
Check out the full episode here: https://podcast.writeforme.io/2025304/12195952
#runZero #assetinventory
@SecureOwl Along a similar theme to SnipeIT, I am truly blown away runZero, particularly because it's virtually effortless. That is its unique party trick. Free for networks with fewer than 256 endpoints, which is plenty for home labs and evaluation.
Props to @hdm and his team.
(I'm not affiliated in any way.)
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst