Keeping It Open Source with Metasploit’s HD Moore
Hacker Valley Studio15 Syys 2022

Keeping It Open Source with Metasploit’s HD Moore

This season of Hacker Valley Red wraps up with another interview of an incredible offensive cybersecurity legend. Known first and foremost for his work founding Metasploit and his recent work co-founding Rumble, HD Moore joins the show this week to hear about his journey from spiteful hacker to successful founder. HD walks through the history of Metasploit, the motivation behind their coding decisions, his opinions on open source software, and the excitement of exploration and discovery.

Timecoded Guide:

[04:57] Catching up with HD’s career from his hacking exploits in the ‘90s through his founding of Metasploit to his recent activities with Rumble

[11:41] Getting personal with the feelings and takeaways from a project as successful and impactful on the cyber industry as Metasploit

[18:52] Explaining HD’s personal philosophies around accessible education and the risk of sharing vulnerable information publicly

[25:39] Diving deep into the technical stories of HD’s path of discovery and exploration during his time at Metasploit

[31:14] Giving advice for future founders and hackers looking to make a legendary impact on the cybersecurity community

Sponsor Links:

Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!

Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone

PlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!

What were some of the trials, tribulations, and successes of Metasploit?

Although Metasploit has had a lasting impact on the cyber world, HD Moore is not afraid to admit that part of Metasploit existed out of spite for critics, employers, and gatekeepers in the cybersecurity industry. In terms of trials and tribulations, HD saw a great deal of criticism come from his peers and from professionals ahead of him in the industry, often displaying rudeness towards the quality of the exploits and Metasploit’s audience of young hackers. Later, HD says that a surprising and amusing side effect of his success with the project was watching employers and peers go from criticizing to lifting up his work with Metasploit and attributing success of many hacking professionals to its creation.

“When we started the Metasploit project, we really wanted to open up to everybody. We wanted to make sure that, even if you barely knew how to program, you can still contribute something to Metasploit. So, we did our best to make it really easy for folks to get in touch with us, to submit code.”

Where does your philosophy land today on giving information freely?

HD has heard the same opinions many professionals that teach and give information freely have heard: “You’re making it easier for people to use this information the wrong way.” Instead of considering the worst possible outcomes of making hacking accessible, HD chooses to acknowledge the importance of accessible education and publicly provided information. According to HD, if someone is creating and teaching content to the next generation of red teamers, that content is theirs to use. Whether they’re a physical pen tester teaching lock picking or a hacker disclosing a vulnerability, what they choose to share with others has to be based on personal moral code and what others do with that information is up to them.

“It comes down to: You do the work, you own the result. If you're teaching people how to do stuff, great, they can do what they want. You can decide to do that, you can decide not to do that, but it's your decision to spend your time training people or not training them.”

Is it possible to be a CEO, or a co-founder, and stay technical?

The downside of success in the cybersecurity industry is often stereotyped as losing the opportunity to be a hands-on hacker. However, for HD, his success has allowed him to do the exact opposite and instead prioritize his time to be technical. HD believes strongly in the ability to make this happen through proper delegation of duties, incorporating new leaders and managers in your company or project, and acknowledging when you may need the help to bring what you’re working on to the next level. HD is proud of his success with Metasploit and Rumble, and is happy that he was able to hand off certain duties to other professionals that he knew would do better if they had a chance in the founder’s shoes.

“Don't let the growth of your company change what you enjoy about your work. That's really the big thing there, and there's lots of ways you can get there. You can hire folks to help out, you can promote your co-founder to CEO. You can bring on program managers or project managers to help with all the day to day stuff."

What advice do you have for people looking to follow a similar cyber career path?

Content is the name of the game, especially when you’re looking to get more eyes on what you do. HD is the first to admit that putting himself out there in a blog post, on a podcast, or at a stage show is not always a walk in the park, taking him out of his comfort zone and often away from the tech that he spends his time on. However, publicly displaying himself and his work has brought attention to Rumble and Metasploit, and HD knows he would not have achieved this level of success without putting his content out into the world, hearing feedback from his peers, and even receiving his fair share of criticism from industry professionals.

“Not all of it is the most fun thing to do all the time, but it is crucially important, not just for growing yourself and getting out there and getting feedback from your peers, but for learning because you learn so much from the feedback you get from that effort.”

-----------

Links:

Stay in touch with HD Moore on LinkedIn, Twitter, and his website.

Learn more about Rumble, Inc on LinkedIn and the Rumble website.

Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.

Follow Ron Eddings on Twitter and LinkedIn

Catch up with Chris Cochran on Twitter and LinkedIn

Continue the conversation by joining our Discord

Jaksot(404)

Mentorship to Mastery: AI and Community Lessons with Ron Eddings

Mentorship to Mastery: AI and Community Lessons with Ron Eddings

AI might analyze your logs in seconds, but only the community can put you in the room that changes your career. In this solo episode, Ron Eddings discusses the powerful balance between human connection and artificial intelligence in shaping the future of cybersecurity and beyond. From the sacrifices that sparked his career to the mentors who opened doors, Ron shares personal stories that show why community will always be your ultimate competitive edge, even as AI advances into the SOC. He also runs live AI experiments on ransomware response and log analysis, revealing what AI can (and can’t) do for practitioners right now.   Impactful Moments: 00:00 - Introduction 02:00 - Why community is your first advantage 03:30 - The sacrifice that launched Ron’s career 04:40 - Meeting mentor Marcus Carey 06:00 - Early opportunities in cybersecurity 07:00 - The power of hacker spaces 09:00 - How mentors open hidden doors 10:00 - RSA and Black Hat as career accelerators 13:00 - The most underrated LinkedIn feature 15:00 - The HVS mastermind community 16:00 - Reality check on GPT-5 18:00 - AI builds an IR playbook 20:00 - Critical do’s and don’ts in incident response 23:00 - Why hallucinations matter in cybersecurity AI 25:00 - AI makes sense of raw logs 28:00 - Can AI replace tier one analysts? 30:00 - Where AI still falls short 31:00 - Final challenge: Strengthen your community     Links: Connect with our Ron on LinkedIn: https://www.linkedin.com/in/ronaldeddings/ Register for our livestream with Gerry Auger: https://www.linkedin.com/events/7359290642633539586/ Check out the links to the OpenAI ChatGPT threads here: Incident Analysis Summary: https://chatgpt.com/share/689fa61f-3498-8006-9989-ff8221f97b01 Ransomware Incident Playbook: https://chatgpt.com/share/689fa63f-86ec-8006-8355-642d4d38808e Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

21 Elo 32min

From MCP Risks to AI Jailbreaks with Marco Figueroa

From MCP Risks to AI Jailbreaks with Marco Figueroa

When AI agents move faster than security teams, the game changes, and the risks multiply. Ron welcomes back Marco “Mystic Marc” Figueroa, Program Manager at Mozilla’s 0DIN Program, to continue the conversation and update on 2025’s most pressing AI and cybersecurity shifts. From the explosive rise of AI agents and OpenAI’s rumored browser to the hidden dangers of MCP implementations and prompt injection exploits like the Gemini attack, Marco shares insights that security pros can’t afford to miss. Impactful Moments 00:00 - Introduction 02:00 - Why 2025 is the year of the agent 05:45 - MCP’s rapid adoption and security risks 10:00 - The Gemini prompt injection vulnerability 15:00 - How attackers hide malicious AI prompts 18:00 - High success rates in non-technical teams 22:00 - Rise of voice-based AI scams 25:00 - Using jailbreaks to bend AI to your needs 30:00 - Predictions on OpenAI’s upcoming browser 33:00 - The profit battle between OpenAI and Microsoft 35:00 - Windsurf’s rollercoaster of acquisitions Links: Connect with our guest Marco on LinkedIn: https://www.linkedin.com/in/marco-figueroa-re/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

14 Elo 41min

Debt vs. Risk: What the SharePoint Breach Taught Us with Ron Eddings

Debt vs. Risk: What the SharePoint Breach Taught Us with Ron Eddings

The riskiest move in cybersecurity? Playing it too safe. In this solo episode, Ron Eddings redefines the way we think about technical debt, risk, and missed opportunities, in security and in life. Ron reframes the debt vs. risk paradigm through the lens of the SharePoint breach, personal milestones, and co-founding Hacker Valley. With sharp insights, personal stories, and a call to action for every listener, he shows how curiosity and calculated risk are the true drivers of innovation. Impactful Moments 00:00 - Introduction 01:10 - Why debt vs. risk matters now 02:20 - What the SharePoint breach taught us 04:15 - Risk avoidance creates deeper debt 05:10 - Clear definitions: risk vs. debt 06:30 - Hidden costs of deferring decisions 08:15 - Leaving $200k salary to build Hacker Valley 10:00 - Long-term founder debt explained 11:08 - When comfort becomes dangerous 12:00 - Curiosity as a leadership skill 13:10 - What you’re not seeing yet 14:30 - Final thought: reflect and reassess Links: Connect with our Ron on LinkedIn: ​​https://www.linkedin.com/in/ronaldeddings/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

7 Elo 16min

The Future of Cyber Talent Is African with Confidence Staveley

The Future of Cyber Talent Is African with Confidence Staveley

The world’s youngest continent is also its most untapped resource. Confidence Staveley, Founder of CyberSafe, makes a powerful case for why Africa’s youth are the answer to global cybersecurity and AI innovation… if we’re bold enough to invest. In this episode, Ron welcomes back cybersecurity leader and advocate Confidence Staveley for a discussion on purpose-driven innovation, talent development, and AI-powered awareness tools. Confidence shares updates on her nonprofit work, her bold new ventures including AI Cyber Magazine, and how she's helping shape Africa into a tech talent hub. With global budget cuts hitting nonprofits and marginalized communities, Confidence shares how Africa’s innovators, who are often excluded from the table, are building their own tables, making their impact impossible to ignore, and shaping cybersecurity’s future on their terms.   Impactful Moments 00:00 - Introduction 02:00 - Her Difference Makers Award speech 04:00 - Partnering with SANS for bigger impact 06:01 - Global DEI backlash and ripple effects 10:00 - Why Africa is the future of tech 13:01 - Innovation with limited resources 17:10 - AI Cyber Magazine and its mission 19:00 - Building AI-powered awareness tools 21:00 - The African adage on self-renewal 22:10 - How sharing knowledge builds trust   Links Connect with our guest, Confidence Staveley: https://www.linkedin.com/in/confidencestaveley/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

31 Heinä 23min

Compliance Isn’t the Enemy with Jeff Man

Compliance Isn’t the Enemy with Jeff Man

Is compliance just a checkbox, or the backbone of real security? Returning to the show with decades of hard-earned insight, Jeff Man makes the case that compliance, especially PCI-DSS, isn't just a formality; it's foundational to modern security. As one of the original architects of the NSA Red Team and a 20-year PCI veteran, Jeff explains how this often-misunderstood framework has shaped everything from pen testing to vendor accountability. Ron and Jeff unpack the six core goals of PCI, how red teams and SaaS builders are directly affected, and why many security teams resist compliance efforts, despite relying on them to get essential buy-in and funding.   Impactful Moments: 00:00 – Introduction 01:00 – Does compliance equal security? 02:09 – Jeff returns with PCI firepower 03:15 – Defining security vs. compliance 05:33 – “Show me what you’re doing” 06:45 – Six goals at PCI’s core 10:45 – Security is watching, not reacting 13:30 – Companies secure because they have to 15:00 – PCI gave red teams their jobs 16:30 – Stripe and Square absorb PCI burden 19:30 – PCI 4.0 causes confusion 21:00 – Vendors aren’t your trusted advisors 22:30 – “Hate me, but I’ll help” Links: Connect with our guest, Jeff Man: https://www.linkedin.com/in/jeffreyeman/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

24 Heinä 24min

What Makes a Great CISO? A Playbook from Gary Hayslip

What Makes a Great CISO? A Playbook from Gary Hayslip

What separates a great CISO from a great one? In this powerhouse conversation, Ron invites friend and cybersecurity leader Gary Hayslip, CISO at SoftBank Investment Advisers, back on the mic to discuss what it takes to lead in today’s high-stakes digital world. Gary shares battle-tested insights on accountability, the evolving expectations of the CISO role, and how AI is reshaping leadership without replacing it. Gary shares stories ranging from military mishaps to enterprise-scale transformation, and makes the case for visibility, trust, and embracing change. His perspective brings clarity to the fundamental responsibilities of a CISO and the mindset required to lead with impact. Impactful Moments 00:00 – Introduction 02:00 – Defining the modern CISO as a business leader 05:45 – Why CISOs should never delegate accountability 07:30 – The danger of staying invisible 10:45 – The $40K UPS explosion mistake 15:00 – How leaders build trust in new teams 19:10 – Visibility is not micromanagement 24:30 – Staying humble while leading big 30:00 – Building “Rocky the Raccoon” internal GPT 34:30 – Hiring for AI fluency in security teams Links: Connect with our guest, Gary Hayslip: https://www.linkedin.com/in/ghayslip/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

17 Heinä 37min

Confidence, Coaching, and the S-Word with Mel Reyes

Confidence, Coaching, and the S-Word with Mel Reyes

Want to stand out as a leader? According to our guest Mel Reyes, you need to dress like you mean it and speak like you’ve got nothing to prove. In this episode, Mel shares how he built billion-dollar portfolios, coached executive teams, and still shows up in a white hoodie when that feels right. With Ron, he unpacks how executive presence becomes a strategic weapon for breaking resistance, commanding attention, and making your message unforgettable. You’ll learn why generic resumes fail, how to master executive storytelling with the SPAR method, and what dropping the ego really looks like in your next leadership role.   Impactful Moments: 00:00 – Introduction 03:00 – Breaking the rules of executive delivery 07:00 – Why confidence starts in your closet 11:30 – Respecting identity in professional spaces 12:30 – Advice for breaking into cybersecurity 17:00 – Reinvention at the mid-senior level 21:00 – The SPAR framework for storytelling 30:00 – Drop the ego, find your passion   Links: Connect with our guest, Mel Reyes: https://www.linkedin.com/in/melreyes/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

10 Heinä 32min

Purple Teaming Is the New Job Security with Maril Vernon

Purple Teaming Is the New Job Security with Maril Vernon

Cybersecurity isn’t just red or blue anymore... it’s purple, white, and deeply human. Maril Vernon, award-winning ethical hacker and Senior Solutions Architect at NetSPI, returns to the Hacker Valley Studio to discuss purple teaming as the most future-proof career path in cyber. She opens up about mentorship, burnout, compensation realities, and how we’re still failing the fundamentals. Together, Ron and Maril dig into what purple teaming really is (and isn’t), why soft skills matter more than ever, and how defenders are the frontline signal source for law enforcement. From guiding her mom into IR to co-founding Mind Over Cyber, Maril embodies what it means to show up for the cyber community and demand more from the culture itself.   Impactful Moments 00:00 - Introduction 01:01 - Maril’s role at NetSPI 03:00 - Why purple skills are future-proof 05:19 - Salary truths in purple teaming 08:30 - Know your value, negotiate wisely 13:07 - How defenders enable law enforcement 16:22 - The real meaning of purple teaming 18:39 - Common misconceptions debunked 24:45 - People are always the soft spot 26:01 - The two security stack must-haves 29:00 - Mom made it to incident response 30:48 - Maril’s mentorship philosophy 34:09 - Why you need to post anyway 36:35 - What Mind Over Cyber is really about 40:00 - CISOs are burning out silently 41:31 - Closing thoughts Links: Connect with our guest, Maril Vernon: https://www.linkedin.com/in/marilvernon   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

26 Kesä 43min

Suosittua kategoriassa Koulutus

rss-murhan-anatomia
psykopodiaa-podcast
voi-hyvin-meditaatiot-2
rss-liian-kuuma-peruna
adhd-podi
aamukahvilla
jari-sarasvuo-podcast
psykologia
rss-narsisti
rss-uskonto-on-tylsaa
rss-tule-tule-hyva-ero
rss-finnish-with-eemeli-podcast
rss-luonnollinen-synnytys-podcast
rss-koira-haudattuna
rss-niinku-asia-on
ihminen-tavattavissa-tommy-hellsten-instituutti
rss-vapaudu-voimaasi
rss-keskeneraiset-aidit
salainen-paivakirja
rss-tripsteri