H. D. Moore

Early Work

H. D. Moore is an American network security expert, open source programmer, and hacker. As a teenager, he developed security software utilities for the United States Department of Defense, establishing an early foundation in offensive and defensive security tooling.

Career

In the summer of 2003, Moore founded the Metasploit Project with the stated goal of creating a public resource for exploit code research and development. The Metasploit Framework, the project's flagship product, became a widely adopted development platform for creating security tools and exploits. It is written in the Ruby programming language and includes components written in C and assembly language. The framework is used by network security professionals for penetration testing, by system administrators to verify patch installations, by product vendors for regression testing, and by security researchers worldwide.

In October 2009, the Metasploit Project was acquired by Rapid7, a Boston, Massachusetts-based security firm. With the acquisition, Moore joined Rapid7 as chief security officer, later transitioning to the role of chief research officer, while continuing to serve as chief architect of the Metasploit Framework. He departed from Rapid7 in 2016.

Following his time at Rapid7, Moore served as vice president of research and development at Atredis Partners. He subsequently co-founded Rumble, Inc. in 2018, a provider of cyber asset attack surface management software and cloud solutions. The company was renamed runZero, Inc. in 2022, and Moore continues to serve as its co-founder and chief technical officer.

Notable Work

Beyond the Metasploit Framework, Moore is known for several other security tools and initiatives. WarVOX is a software suite for exploring, classifying, and auditing telephone systems; unlike conventional wardialing tools, it processes raw audio from calls using signal processing techniques rather than relying on a modem directly, enabling it to identify and classify modems, faxes, voicemail boxes, PBXs, and other line types.

AxMan is an ActiveX fuzzing engine designed to discover vulnerabilities in COM objects exposed through Internet Explorer. Because it is web-based, changes to browser security settings directly affect its fuzzing results.

The Metasploit Decloaking Engine is a system for identifying the real IP address of a web user regardless of proxy settings, using a combination of client-side technologies and custom services. The tool does not exploit vulnerabilities to achieve this.

The Rogue Network Link Detection Tools are designed to detect unauthorized outbound network links on large corporate networks by sending spoofed TCP SYN and ICMP Echo Requests with the original destination IP encoded into the packet.

In 2006, Moore launched the Month of Browser Bugs (MoBB) initiative, an experiment in fast-paced vulnerability discovery with full disclosure. The project is credited with starting the broader "Month of Bugs" meme in the security community and resulted in a number of web browser patches and improved security measures.

Reception

Moore's work has attracted both recognition and controversy within the information security industry. Companies including Microsoft have credited him with discovering vulnerabilities in their products. At the same time, Metasploit and similar dual-use tools have drawn criticism due to their potential for criminal misuse, and some of that criticism has been directed at Moore personally. He has also been warned by US law enforcement regarding his involvement in the Critical.IO scanning project.