Black Hat 2024: How CAASM Opens Eyes to Stealth Assets on a Network

As runZero CEO and founder HD Moore observes, prevention is a big part of risk management that frequently gets overlooked. But when cyber asset attack surface management (CAASM) software gets deployed, it typically reveals plenty of stealth assets the organization didn't know were there, Moore Dark Reading's Terry Sweeney in a conversation at News Desk during Black Hat USA. "The hunting-discovery aspect of CAASM is obviously a big selling point," he says. "Customers care about preventing a breach, being able to respond quickly to a breach. We're focused on one of those two problems."

Organizations can only protect devices that have an endpoint agent and some kind of security control installed, and these discovered stealth devices typically lack any security controls, Moore adds.

But assets need more than security controls, so runZero decided to take a hard look at the secure shell ecosystem and its regression capabilities. "We found a long tail of problems that no one else had run across yet because it requires really kind of deep testing and the protocol stack and library," Moore explains. "So we built a tool that we call Shamble, which pokes and prods various parts of the protocol and stack" to gauge their security strength. Consequently, runZero's teams discovered a lot of industrial control devices that would approve a remote shell before authorizing or authenticating the device. "We found all sorts of misconfigurations and exposures," Moore says.

And he adds that runZero wants to provide tools for people testing their security systems as well for researchers, engineers, and developers who want to extend security. "This toolkit is a way to just quickly scan your network and see any of the common misconfigurations that we found exposed on your equipment or in your devices," he adds.

HD Moore is a pioneer of the cybersecurity industry who has dedicated his career to vulnerability research, network discovery, and software development since the 1990s. He is most recognized for creating Metasploit and is a passionate advocate for open-source software and vulnerability disclosure. HD serves as the CEO and co-founder of runZero, a provider of cyber asset attack surface management (CAASM) software and cloud services. Prior to founding runZero, he held leadership positions at Atredis Partners, Rapid7, and BreakingPoint. HD's professional journey began with exploring telephone networks, developing exploits for the Department of Defense, and breaking into financial institutions. When he's not working, he enjoys hacking on weird Go projects, building janky electronics, running in circles, and playing single-player RPGs.