HD Moore

@[email protected]
8.3K Followers
1.8K Following
1.4K Posts

Founder & CEO of runZero (@runZeroInc - https://runzero.com), previously the founder and lead developer of Metasploit, a CSO, a consultant, and the head of various security research teams.

My work is focused on #infosec, #security, #networking, #discovery, #osint, #postgresql, #aws, #engineering, #opensource, #devops, and #startup stuff. For fun I write #golang, build #IoT projects, and #run in circles.

Homehttps://hdm.io
Githubhttps://github.com/hdm
Workhttps://www.runzero.com/
Twitterhttps://twitter.com/hdmoore
Blueskyhttps://bsky.app/profile/hdm.bsky.social
Signalhdm.01
HD MooreApr 1
Tom SellersApr 1

There is a bunch of buzz along the lines of "Apple FINALLY backports DarkSword related fixes to 18.x and will release this on April 1".

Based on publicly available information this is incorrect.

What Apple has actually done broadened the device models that are eligible to upgrade to iOS/iPadOS 18.

Per Google [1] every vuln in the DarkSword kit except for CVE-2026-20700 had already been patched in iOS 18 as of 18.7.3 which was released on Dec 12, 2025.

Per Apple [2], CVE-2026-20700 is not included in 18.7.7 which was released today.

Apple has placed an easy to miss note at the top of the release notes:

"We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called Darksword. The fixes associated with the Darksword exploit first shipped in 2025."

Unfortunately I don't see an indication of which devices are newly eligible to upgrade to iOS/iPadOS 18.

References:

  • Google DarkSword writeup - https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain

  • Apple iOS/iPadOS 18.7.7 release notes:
    https://support.apple.com/en-us/126793

    • #Security #Apple #DarkSword

    The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors | Google Cloud Blog

    DarkSword is a new iOS exploit chain that leverages multiple zero-day vulnerabilities to fully compromise iOS devices.

    Google Cloud Blog
    HD MooreMar 30
    Tom Ptacek posted a great writeup titled "Vulnerability Research Is Cooked", covering the state of vulndev and its rapidly accelerating future:
    https://sockpuppet.org/blog/2026/03/30/vulnerability-research-is-cooked/
    Vulnerability Research Is Cooked — Quarrelsome

    HD MooreMar 25
    https://www.linkedin.com/posts/kylecgoode_network-asset-inventory-is-basically-frogger-activity-7442556028744994819-lpRA?utm_medium=ios_app&rcm=ACoAAAAGmUkB9m8hS0mY3OmsMriYFVH2oOQ3gpQ&utm_source=social_share_send&utm_campaign=share_via
    Running on Empty with runZero | Kyle Goode

    Network asset inventory is basically Frogger. 🐸 You're hopping between subnets, dodging unmanaged devices, weaving through cloud instances, and just when you think you've made it across — some rogue IoT device runs you over from the lane you forgot to check. It's ex-HAUST-ing. And most of us are running on empty. That's why I wrote about runZero — built by Metasploit creator HD Moore, it finds and fingerprints every device on your network without credentials or agents. Three discovery methods. One unified inventory. And a completely free Community Edition for up to 100 assets.

    LinkedIn
    HD MooreMar 23

    Joseph Menn, renowned journalist & author of "The Cult of the Dead Cow," joins us for a special book signing event at RSAC! runZero and Mallory are thrilled to co-host a private book signing with renowned investigative journalist Joseph Menn during RSA Conference 2026! This is your chance to meet the man who writes the stories the industry talks about.

    Join us to grab a signed copy:

    https://www.runzero.com/joseph-menn-book-signing/

    HD MooreMar 23

    Join author Caroline Wong for the release of "The AI Cybersecurity Handbook" at RSAC! runZero and Mallory are thrilled to co-host a private book signing with the AI cybersecurity strategist Caroline Wong during RSA Conference 2026! This is your chance to meet the woman Fortune 500 organizations are turning to for AI guidance on governance, risk, and resilience.

    Space is limited. Register to request access to this event:

    https://www.runzero.com/caroline-wong-book-signing/

    HD MooreMar 18
    runZero, IncMar 18

    AI vulnerability discovery is here. From DARPA’s AIxCC finding 54 vulnerabilities in hours to APT28 reportedly folding LLMs into malware, the exploitation gap is closing.

    During their #RSAC 2026 session, runZero’s CEO HD Moore, Google’s Heather Adkins, and Knostic’s Gadi Evron will examine the evidence of this shift and discuss how to prepare.

    Preparing for AI Vulnerability Exploitation: Preventing Cataclysm
    🗓️ Mon, Mar 23 | 10:50 AM PT | Moscone West 3011
    https://path.rsaconference.com/flow/rsac/us26/FullAgenda/page/catalog/session/1756084038274001H91n

    HD MooreMar 18
    Tod BeardsleyMar 18

    RE: https://infosec.exchange/@hdm/116251294033499013

    Well that was fun. You can catch the recording here:

    https://www.runzero.com/resources/runzero-hour-28/

    Just amigos talkin OT, pretty chill and fun. Thanks again, chat, for keeping things fun and spicy.

    HD MooreMar 18
    runZero Hour 0x1C is live NOW: https://www.youtube.com/live/EF633eUIquI
    HD MooreMar 7
    Ricard Torres 👨‍💻Feb 5

    Darknet Diaries 170: Phrack

    "Phrack is legendary. It is the oldest, and arguably the most prestigious, underground hacking magazine in the world..."

    🔗 https://darknetdiaries.com/episode/170/

    #Phrack #Hacking #CyberSecurity

    HD MooreMar 7
    DanMar 7
    Phrack has a new “main page” on their website. With a CfP as a cracktro. Love it!
    https://phrack.org/ #phrack #zine #ezine #cracktro #demoscene #hacking
    PHRACK CALL FOR PAPERS