Security Blogs

I list here blogs that I enjoy reading from time to time. You will not find the obvious ones (e.g. Schneier on security), these you find yourself. And as you see in this collection, security is by far not an American scene:

  • Daniel Miessler, author of SecLists and podcast author writes about security, technology and humans and is one my favourite security experts, because of his thoughtful spirit. Must read are his term dissections. His podcast is also a absolute must listen (though for full benefits, you need to pay).
  • Agarri, aka Nicolas Grégoire, THE (french) expert on BurpSuite, with whom I had the pleasure to attend a training in 2018. Also advisable to follow him on twitter for the latest exploits.
  • TaoSecurity, the blog of Richard Bejtlich about network security monitoring. Richard is the “pope” of NSM and author of several books on the topic, which I’m reading of course.
  • The Daily Swig, Portswigger’s (company behind BurpSuite) very active and sneaky blog with news, techniques and vulnerabilities in information security.
  • Information security automation, blog of Alexander V. Leonov, one of the few security researchers (from Russia) that work on vulnerability management and do not just report vulnerabilities. 
  • Carnal0wnage, blog of Chris Gates with changing topic, mostly exploits and vulnerabilities about e.g. Jenkins, Kubernetes and more.

Security Tools

  • BurpSuite Pro the must-have swiss army knife from PortSwigger for penetration testing for web applications
  • Empire post-exploitation tool
  • OWASP SecurityRAT expert tool to create security concepts from security requirement catalogs
  • OWASP dependency-track asset management with BoM for vulnerability management and more