Royce WilliamsHey, the runZero docs say:
You do not need to use an interface connected to a SPAN or TAP port; a regular network interface will work.
But does this mean that there's no value in setting up a span, if you can?
Marco Ciappelli🎙️✨
🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!
We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!
🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!
We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏
The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management
Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.
HD Moore, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.
Key insights from our conversation:
• When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had
• The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days
• Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls
• Traditional agent-based tools can't see what attackers see
#RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.
📺 Watch the video: https://youtu.be/hkKJsKUugIU
🎧 Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story-bM0PrkAw 📖 Read the blog: https://www.itspmagazine.com/their-stories/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story
➤ Learn more about RunZero: https://itspm.ag/runzero-5733
✦ Catch more stories from RunZero: https://www.itspmagazine.com/directory/runzero
🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25
#Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity
XenoPhage 
Kevin Neely #LetsEncrypt certificate expiration notices will stop, so I set up #RunZero to monitor for expiring TLS certtificates. 🚀 I ran into an issue with Chromecast's super short-lived certificates and got around that by using custom queries. Want to follow along? Check out my recent-ish blog post #Security #Cybersecurity"
AJCxZ0Assets.
Thank you, @runZeroInc.
#runZero #AssetDiscovery #NetworkDiscovery #NetworkScanning #AttackSurface #CAASM #CyberAssetAttackSurfaceManagement #ExposureManagement #InformationSecurity #InfoSec #CyberSecurity
I received a notice that #letsencrypt will cease sending email notices for expiring certificates, so I'm configuring my #RunZero instance to display upcoming expirations on the dashboard.
While doing this, I discovered that my #chromecast is pulling down certificates with a 48 hour TTL. Looks like #Google is getting serious about shortening #TLS certificate lifespans.
runZero, Inc⚡ It's a new year and we've got new exposure management features for you! See how runZero's Inside-Out Attack Surface Management capabilities uncover exposures that are impossible to find through attribution alone.
External attack surface management (EASM) tools (including runZero) are great for identifying exposures in well-known organizational resources, but they miss exposures where attribution is impossible using IP addresses and domain names alone.
To uncover these hidden threats, you need detailed knowledge of your internal assets. With runZero’s Inside-Out ASM, we bridge the gap — connecting internal data powered by advanced fingerprinting with external discoveries to pinpoint publicly exposed assets, no matter what or where they are.
💡 Learn more about this innovative approach in our latest blog: https://www.runzero.com/blog/inside-out-attack-surface-management/
🎙️ Tune into runZero Hour tomorrow to learn more: https://www.runzero.com/research/runzero-hour/
Siemens disclosed 20+ vulnerabilities in its SENTRON, SCALANCE, and RUGGEDCOM product lines. Several vulnerabilities have CVSS scores ranging from 7.0 to 10.0, and the impacts vary from remote code execution to privilege escalation to information disclosure to denial of service.
Learn more about the vulnerabilities: https://www.runzero.com/blog/siemens-devices/
Use runZero to find affected systems on your network: https://www.runzero.com/try/
Fortinet disclosed six #vulnerabilities in FortiOS, FortiProxy, and FortiClient. The vulnerabilities include buffer overflow and SQL injection, among others. With CVSS scores ranging from 7.2 to 9.3. the impacts vary from arbitrary code execution to privileged information disclosure.
Learn more about the vulnerabilities: https://www.runzero.com/blog/fortinet-assets/
Use runZero to find affected systems on your network: https://www.runzero.com/try/
Did you know that the discrepancy between ICMP and TCP syn response times can reveal if a device is the real thing or a lookalike?
Watch the entire fourth episode of runZero Hour for this and other insights: https://youtu.be/m8JE5ZtKvOI
Try runZero for free: https://www.runzero.com/try/signup/
