HD Moore

Contacting HD Moore

Federation handle:

@hdm@infosec.exchange

HD Moore's Information

Home	https://hdm.io
Github	https://github.com/hdm
Work	https://www.runzero.com/
Twitter	https://twitter.com/hdmoore
Bluesky	https://bsky.app/profile/hdm.bsky.social
Signal	hdm.01

HD Moore's Bio

Founder & CEO of runZero (@runZeroInc - https://runzero.com), previously the founder and lead developer of Metasploit, a CSO, a consultant, and the head of various security research teams.

My work is focused on #infosec, #security, #networking, #discovery, #osint, #postgresql, #aws, #engineering, #opensource, #devops, and #startup stuff. For fun I write #golang, build #IoT projects, and #run in circles.

HD Moore's Posts

HD Moore has 1 posts.

HD Moore

12 hours ago

Orange Tsai & splitline's "WorstFit" research into Windows unicode "BestFit" encoding is 🔥 🔥 🔥 (and mostly unpatched)!

https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/

This work brings back memories of IIS and ASP (classic) unicode exploit-dev. For example, the letter "h" having alternate encodings of %c4%a4, %c4%a5, %c4%a6, %c4%a7, %d1%88, %d1%a8, %d4%a4, %d4%a5, %d4%a6, %d4%a7, %e2%84%8b, %e2%84%8c, %e2%84%8d, and %e2%84%8e

Likes: 0

Replies: 0

Boosts: 1