- [web] [rss] Krebs on Security (Brian Krebs)
- [web] [rss] Verizon Security Blog
- [web] [rss] Graham Cluley
- [web] [rss] Hot for Security
- [web] [rss] lcamtuf (Michal Zalewski)
- [web] [rss] Troy Hunt
- [web] [rss] Full Disclosure (mostly vulnerability disclosures)
- [web] [rss] F-Secure Labs
- [web] [rss] SANS Internet Storm Center
- [web] [rss] SANS Curated News
- [web] [rss] SANS Industrial Control Systems Blog
- [web] [rss] SANS Digital Forensics and Incident Response Blog
- [web] [rss] Exploit DB
- [web] [rss] Microsoft Security Response Center
- [web] [rss] Dave Shackleford
- [web] [rss] Google Project Zero issue tracker
- [web] [rss] Google Project Zero blog
- [web] [rss] Google Online Security Blog
- [web] [rss] Carnal0wnage (Chris Gates)
- [web] [rss] OpenDNS Labs
- [web] [rss] Dark Reading
- [web] [rss] Help Net Security
- [web] [rss] Errata Rob (Robert Graham)
- [web] [rss] Wh1t3 Rabbit (Rafal Los)
- [web] [rss] Schneier on Security (Bruce Schneier)
- [web] [rss] Social-Engineer
- [web] [rss] Common Exploits (Daniel Compton)
- [web] [rss] McAfee Labs
- [web] [rss] CSO Online Dashboard / Security News
- [web] [rss] Uncommon Sense Security (Jack Daniel)
- [web] [rss] Kaspersky Labs Threatpost
- [web] [rss] FireEye Threat Research Blog
- [web] [rss] Enigma0x3 ("Matt N.")
- [web] [rss] Didier Stevens
- [web] [rss] To Shell and Back - Pentesting by Jonathan "@Icanhazshell" Renard
- [web] [rss] Alex Ionescu - Windows internals and reverse engineering
- Ha.cke.rs (Robert Hansen, aka RSnake, final post was 2010 but a wealth of knowledge there)
Podcasts
...and a few not necessarily security-related:
- SANS Internet Storm Center - a daily 5-7 minute brief on notable infosec events, threats, and exploits.
- Brakeing Down Security - Bryan Brake, Brian Boettcher, and Amanda Berlin often get deep into the weeds on technical topics with subject experts.
- Defensive Security - Jerry Bell and Andrew Kalat snipe one another and cover defensive topics and news.
- Down the Security Rabbithole - Rafal Los and James Jardine give an enterprise perspective on defense and risk management.
- Threatpost Podcast - a 1-2x weekly summary of notable infosec events, from Kaspersky Labs.
- Risky Business - Aussie Patrick Gray's weekly "infosec news and current affairs show"
- Chet Chat (Sophos Security)
- Southern Fried Security
- Paul's Security Weekly
- Social-Engineer
...and a few not necessarily security-related:
- nixcraft (rss) - knowledge of all things *nix
- Command Line Kung Fu (rss) - just what it says, for Windows, *nix, and Powershell
- iptables tutorial - great primer on the *nix iptables firewall
- What Happens When - more than you ever wanted to know about "what happens when you type "google.com" into your browser and hit enter. Overkill? Certainly - but a great example that there is always a deeper level of knowledge to which one can go.
Along with some useful finds:
- CapTipper: Malicious HTTP traffic explorer tool. Point it at a PCAP or live traffic and easily pull out hosts, conversations, downloaded files, etc.
- Bit.ly to track malware outbreaks: A short piece using bit.ly's click analysis to view geographic distribution and infection rates.
- Pemcrack: ErrataRob's tool to crack SSL PEM files that hold encrypted private keys (first authored to crack the Superfish cert)
- Recommended forensic reading: a list of books
- APTNotes: Github repository of whitepapers, docs and articles related to APT campaigns
- Telerik Fiddler: web debugging proxy
- Collective Intelligence Framework: aggregates threat intelligence and observables (IPs, domains, URLs) from a variety of feeds.
- Advanced Nmap: Scanning Firewalls: this article walks through scanning a live firewall with Nmap, analyzing the results, and using that information to fine-tune (tighten) firewall rules.
- VirusTotal Tools: two Python scripts written by Didier Stevens. The first accepts a file with a list of hashes, and returns a CSV file with details on whether if any have been submitted before; the second is for extracting malcode from a password-protected ZIP and submitting it to VirusTotal, without ever extracting the sample to disk.
- Hacking MIPS whitepaper: great resource on building an emulation lab for researching MIPS-based *nix OSes (many wireless routers run on MIPS architecture).
- Lenny Zeltser's Blocklists: A list of sites providing blocklists of known malicious websites - great for blocking unintended browsing to malicious sites, as well as for research and testing. If you choose to use these for anything other than blocking, be sure you know what you are doing.
- Many ways of malware persistence - blog post at Jump ESP Jump with a concise summary of common ways malware can ensure its continued existence on a compromised host.
- Forensics Challenges mindmap by Aman Hardikar - CTFs and other challenges, along with some tools.
- CSO Online Daily Dashboard, put together by Steve Ragan. A handy collation of news from many sources (kinda like this :-)
- A handful of sources for malware samples: Contagio, malwr, MalShare
- Eric Zimmerman has done a fantastic 5-part series that goes in-depth into the structure of the Windows registry. Parts (1) (2) (3) (4) (5).
- Malware Analysis and Incident Response Tools for the Frugal and Lazy - a solid list of free tools and descriptions, mostly of the "quick and dirty triage" sort, courtesy of "Mrs. Y."
Please drop me a line on Twitter if you have a favorite that I overlooked!