H. D. Moore is a network security expert,

open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...

programmer, and

hacker A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...

. He is a developer of the Metasploit Framework, a

penetration testing A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. T ...

software suite A software suite (also known as an application suite) is a collection of computer programs (application software, or programming software) of related functionality, sharing a similar user interface and the ability to easily exchange data with each ...

, and the founder of the

Metasploit Project The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7. It ...

. He served as chief research officer at

Boston Boston (), officially the City of Boston, is the state capital and most populous city of the Commonwealth of Massachusetts, as well as the cultural and financial center of the New England region of the United States. It is the 24th- mo ...

Massachusetts Massachusetts (Massachusett language, Massachusett: ''Muhsachuweesut assachusett writing systems, məhswatʃəwiːsət'' English: , ), officially the Commonwealth of Massachusetts, is the most populous U.S. state, state in the New England ...

-based security firm

Rapid7 The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7. It ...

, a provider of security data and analytics software and cloud solutions. He remained the chief architect of the Metasploit Framework until his departure from Rapid7 in 2016. Since leaving

, Moore has joined Atredis Partners as the vice president of research and development and founded Rumble, Inc., the software firm that develops Rumble Network Discovery.

Information security work

Moore developed security software utilities for the

United States Department of Defense The United States Department of Defense (DoD, USDOD or DOD) is an executive branch department of the federal government charged with coordinating and supervising all agencies and functions of the government directly related to national secu ...

as a teenager, and founded the Metasploit Project in the summer of 2003 with the goal of becoming a public resource for exploit code research and development. He is known for his work in

WarVOX WarVOX was a free, open-source VOIP-based war dialing tool for exploring, classifying, and auditing phone systems. WarVOX processed audio from each call by using signal processing techniques and without the need of modems. WarVOX used VoIP provider ...

, AxMan, the Metasploit Decloaking Engine and the Rogue Network Link Detection Tools., and started a "Month of Browser Bugs" (MoBB) initiative in 2006 as an experiment in fast-paced

vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...

discovery with

full disclosure Full disclosure or Full Disclosure may refer to: Computers * Full disclosure (computer security), in computer security the practice of publishing analysis of software vulnerabilities as early as possible * Full disclosure (mailing list), a mail ...

. This started the Month of Bugs project meme, and resulted a number of

web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on ...

patches and improved security measures. Moore has discovered, or been involved in the discovery of, a number of critical security vulnerabilities.

Metasploit Framework

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration testing, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers worldwide. The framework is written in the Ruby programming language and includes components written in C and assembly language. In October 2009, the Metasploit project was acquired by Rapid7. While the Metasploit Framework continues to be free, Rapid7 has added a commercial edition called Metasploit Express. With the acquisition of the project, HD Moore became Chief Security Officer at Rapid7 while remaining Chief Architect of Metasploit.

WarVOX

WarVOX is a software suite for exploring, classifying, and auditing telephone systems. Unlike normal

wardialing Wardialing (or war dialing) is a technique to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for modems, computers, bulletin board systems (computer servers) and fax machines. Hacker ...

tools, WarVOX processes the raw audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, dial tones, IVRs, and forwarders using signal processing techniques.

AxMan

AxMan is an

ActiveX ActiveX is a deprecated software framework created by Microsoft that adapts its earlier Component Object Model (COM) and Object Linking and Embedding (OLE) technologies for content downloaded from a network, particularly from the World Wide Web. ...

fuzzing In programming and software development, fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions ...

engine. The goal of AxMan is to discover vulnerabilities in COM objects exposed through Internet Explorer. Since AxMan is web-based, any security changes in the browser will also affect the results of the fuzzing process.

Metasploit Decloaking Engine

The Metasploit Decloaking Engine is a system for identifying the real IP address of a web user, regardless of proxy settings, using a combination of client-side technologies and custom services. No vulnerabilities are exploited by this tool. A properly configured Tor setup should not result in any identifying information being exposed.

Rogue Network Link Detection Tools

The Rogue Network Link Detection Tools are designed to detect unauthorized outbound network links on large corporate networks. These tools send spoofed TCP SYN and ICMP Echo Requests with the original destination IP encoded into the packet, which can then be read back out by an external listening host.

Reception

Moore's work has gained him both praise and antagonism in the industry. Companies such as

Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...

have credited him with discovering vulnerabilities, yet some criticism of Metasploit and similar tools, due to their capacity for criminal use (rather than just offensive security), has fallen upon Moore himself. Moore has been warned by US law enforcement about his involvement in the Critical.IO scanning project.

References

External links

The mind of HD MooreHD Moore’s personal website
{{DEFAULTSORT:Moore, H D 1981 births American computer businesspeople American computer programmers Businesspeople in software Living people Computer security specialists Computer engineers Software engineers Hackers