These are a few of my favorite blogs

In no particular order, a list of security bloggers and information sources I find useful. I also made an OPML file you can import into your favorite RSS reader. The OPML file is more recently updated and includes many sources not listed below.
  • [web] [rss] Krebs on Security (Brian Krebs)
  • [web] [rss] Verizon Security Blog
  • [web] [rss] Graham Cluley
  • [web] [rss] Hot for Security
  • [web] [rss] lcamtuf (Michal Zalewski)
  • [web] [rss] Troy Hunt
  • [web] [rss] Full Disclosure (mostly vulnerability disclosures)
  • [web] [rss] F-Secure Labs
  • [web] [rss] SANS Internet Storm Center
  • [web] [rss] SANS Curated News
  • [web] [rss] SANS Industrial Control Systems Blog
  • [web] [rss] SANS Digital Forensics and Incident Response Blog
  • [web] [rss] Exploit DB
  • [web] [rss] Microsoft Security Response Center
  • [web] [rss] Dave Shackleford
  • [web] [rss] Google Project Zero issue tracker
  • [web] [rss] Google Project Zero blog
  • [web] [rss] Google Online Security Blog
  • [web] [rss] Carnal0wnage (Chris Gates)
  • [web] [rss] OpenDNS Labs
  • [web] [rss] Dark Reading
  • [web] [rss] Help Net Security
  • [web] [rss] Errata Rob (Robert Graham)
  • [web] [rss] Wh1t3 Rabbit (Rafal Los)
  • [web] [rss] Schneier on Security (Bruce Schneier)
  • [web] [rss] Social-Engineer
  • [web] [rss] Common Exploits (Daniel Compton) 
  • [web] [rss] McAfee Labs
  • [web] [rss] CSO Online Dashboard / Security News
  • [web] [rss] Uncommon Sense Security (Jack Daniel)
  • [web] [rss] Kaspersky Labs Threatpost
  • [web] [rss] FireEye Threat Research Blog
  • [web] [rss] Enigma0x3 ("Matt N.")
  • [web] [rss] Didier Stevens
  • [web] [rss] To Shell and Back - Pentesting by Jonathan "@Icanhazshell" Renard
  • [web] [rss] Alex Ionescu - Windows internals and reverse engineering
  • (Robert Hansen, aka RSnake, final post was 2010 but a wealth of knowledge there)


...and a few not necessarily security-related:
  • nixcraft (rss) - knowledge of all things *nix
  • Command Line Kung Fu (rss) - just what it says, for Windows, *nix, and Powershell
  • iptables tutorial - great primer on the *nix iptables firewall
  • What Happens When - more than you ever wanted to know about "what happens when you type "" into your browser and hit enter. Overkill? Certainly - but a great example that there is always a deeper level of knowledge to which one can go.

Along with some useful finds:
  • CapTipper: Malicious HTTP traffic explorer tool. Point it at a PCAP or live traffic and easily pull out hosts, conversations, downloaded files, etc.
  • to track malware outbreaks: A short piece using's click analysis to view geographic distribution and infection rates.
  • Pemcrack: ErrataRob's tool to crack SSL PEM files that hold encrypted private keys (first authored to crack the Superfish cert)
  • Recommended forensic reading: a list of books
  • APTNotes: Github repository of whitepapers, docs and articles related to APT campaigns
  • Telerik Fiddler: web debugging proxy
  • Collective Intelligence Framework: aggregates threat intelligence and observables (IPs, domains, URLs) from a variety of feeds.
  • Advanced Nmap: Scanning Firewalls: this article walks through scanning a live firewall with Nmap, analyzing the results, and using that information to fine-tune (tighten) firewall rules.
  • VirusTotal Tools: two Python scripts written by Didier Stevens. The first accepts a file with a list of hashes, and returns a CSV file with details on whether if any have been submitted before; the second is for extracting malcode from a password-protected ZIP and submitting it to VirusTotal, without ever extracting the sample to disk.
  • Hacking MIPS whitepaper: great resource on building an emulation lab for researching MIPS-based *nix OSes (many wireless routers run on MIPS architecture).
  • Lenny Zeltser's Blocklists: A list of sites providing blocklists of known malicious websites - great for blocking unintended browsing to malicious sites, as well as for research and testing. If you choose to use these for anything other than blocking, be sure you know what you are doing.
  • Many ways of malware persistence - blog post at Jump ESP Jump with a concise summary of common ways malware can ensure its continued existence on a compromised host.
  • Forensics Challenges mindmap by Aman Hardikar - CTFs and other challenges, along with some tools.
  • CSO Online Daily Dashboard, put together by Steve Ragan. A handy collation of news from many sources (kinda like this :-)
  • A handful of sources for malware samples: Contagio, malwr, MalShare
  • Eric Zimmerman has done a fantastic 5-part series that goes in-depth into the structure of the Windows registry. Parts (1) (2) (3) (4) (5).
  • Malware Analysis and Incident Response Tools for the Frugal and Lazy - a solid list of free tools and descriptions, mostly of the "quick and dirty triage" sort, courtesy of "Mrs. Y."

Please drop me a line on Twitter if you have a favorite that I overlooked!

Whois David?

My photo

I have spent the better part of two decades in information technology and security, with roots in application developer support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. In particular, I strive to write about complex cyber topics in a way that can be understood by those outside the infosec industry.

Why do I do this? A common comment I get from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like me and my peers have chosen to make a profession out of hacking and defending. I've been doing this for the better part of two decades, and so have a high degree of knowledge in the field. Others have chosen different paths - paths where I would be lost. This is my effort to share my knowledge with those that are experts in something else.

When not in front of a digital screen, I spend my time raising five rambunctious teens and pre-teens - including two sets of twins. Our family enjoys archery, raising show and meat rabbits, and simply enjoying life in the Texas hill country.

For a decade I served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while I have retired from that role I continue to have a passion for children's ministry. At the moment I teach 1st through 3rd grade Sunday School. Follow FBC Dripping Springs Kids to see what is going on in our children's ministries.