Machines Never Sleep, LLC

About Us

Founded in New York in 2018, we were a small cybersecurity research group. Over time, we cam to mostly work on private vulnerability disclosures. Before then, we were a gleefully unprofitable research machine that found PII & confidential information on the internet.

If you're one of the people or companies we've disclosed a security issue to, hi! We hope you're doing well. Thank you for checking out our homepage.

We followed the cowboy rules: be rootin', be tootin', and by God be shootin', but most of all, be kind.

Prior Research

All research activities have been suspended due to the changing responsibilities of our members, and the foundations that we have been building in our own careers. However, some of our more fun projects are listed below.

.git Exposure

Continuing on research from, git is increasingly popular compared to competing version management systems, and from both passive and active scanning we have found many websites which exposed sensitive source materials through this easy-to-miss issue. We refined some low-intrusion detection and triage capabilities, and while we didn't scale up to continually monitoring the internet, we did have a good time and stole a bunch of code (which we deleted and disclosed to the owners immediately).

Public ElasticSearch (In)Security

ElasticSearch is easy to set up without security - the FOSS version, as of writing, does not mandate authentication or other access controls. As we've been seeing over the past few months, exposed Elastic instances are happening in bulk. Over a few years we found a lot of publicly exposed PII - not PB scale, but close. In some cases we were able to find the owners and get them to resolve the issue, but in many we were not.

"Threatwork" - Global Domain Data Aggregation & Threat Intelligence

Visualization and enrichment for DNS nerds. Formerly a collegiate project and a conference subject, and the reason this company was founded. Our first project to exceed "billions" of data points, and all the scaling pain that comes with that. This project did not attain sufficient accuracy to continue and is memorialized here for the founding of this company - its largest contribution.