I was inspired by a recent tweet to compile a master-list of infosec-related blogs. Of course I knew this would turn up quite a few results but I’ve really been amazed by how much is out there! Infosec blogs of all shapes and sizes are out there in the wild and I want to find ‘em all. Will try to keep this up-to-date as I run across new sites. I’ve split it into blogs from “individuals” versus those run by larger commercial organizations. If i’m missing one you know of, or it’s your blog that is missing, please contact me!

For anyone interested, I’ve made available my exported .opml file (last exported June 3, 2021) with the sources listed below. You can import this into the RSS reader of your choice! Personally, I use Feedly and can highly recommend the service. (I will try to update this export semi-regularly).

• Boutique Security Blogs
• Commercial Blogs
• Writeup Blogs
• Aggro Sites

Boutique Security Blogs

• ./s1gh.sh
• #_shellintel
• /dev/null
• /dev/random
• /Jenn
• 0DAY
• 0patch
• 0x00sec
• 0x240x23elu
• 0x41.cf
• 0x41414141 in ?? ()
• 0x90r00t
• 0xdf hacks stuff
• 0XFFFF
• 0xhuesca
• 0xInfection
• 0xinfection’s security ramblings
• 0xsp
• 0xthreatintel
• 0ut3r Space
• 1 t0 Zero
• 8051enthusiast
• A Few Thoughts on Cryptographic Engineering
• A place where all your bugs will be disclosed
• Abhiram’s Blog
• Aboullaite Med
• Active Directory Security
• Adam Svoboda
• ADD / XOR / ROL
• Adepts of 0xCC
• Aditya Verma
• aeternusmalus
• affinesecurity
• AFINE
• AGARRi
• AGDC Security
• AidenPearce369 github.io
• AK>
• Akijosberry
• Akshita Gupta
• aldeid
• Alex Chapman
• Alex Ionescu’s Blog
• Alex Studer
• Alexander Popov
• Alexander V. Leonov
• All About OSCP
• All Things Time Related…
• All Your Base Are Belong To Me
• Almond Offensive Security Blog
• Alice, Eve and Bob
• Alice Goldfuss
• Alpha Cyber Security
• Alsid
• An Analytical Approach
• Andrea Fortuna
• Andy Piazza
• Anubhav Singh
• apageinsec
• apjone
• AppSec Monkey
• APT::WTF
• Arash’s Blog
• Arch Cloud Labs
• Arkadiy Tetelman
• The Art of Machinery
• Artem Golubin
• Artem Kondratenko
• Artificial truth
• Artsploit
• arty-hlr
• Ash King
• Ashley Pearson
• Astr0baby
• AtomicNico
• Atredis
• Attack Debris
• Attactics
• attl4s.github.io
• avasdream
• Ax1al
• Azure AD Stuff
• Bad Sector Labs
• badbit.vc
• Babligan
• Baker Street Forensics
• Bastian Bloessl
• batsec
• bazad.github.io
• BBQSec
• BEELOG
• Beetles Blog
• BelovedTech
• <Ben>
• Ben Balter
• Ben Prime
• Ben’s ideas and projects
• Bend Theory
• Bernardo de Araujo
• better appsec
• Bill’s Blog
• Binary Debt
• Binary’s Blog
• Binge on Cyber
• BishopFox
• The Bit Explorer
• Bits of Security
• Bitsadmin
• Black Swan Security
• Blah Cats
• Blog of Osanda
• BLOG_TITLE
• Blue Team Blog
• Bogner.sh
• bohops
• boku
• boku7
• Boring AppSec
• Brandon Shi
• Brazil’s Blog
• BreakDev
• Breanne Boland
• Brendon
• Brett Buerhaus
• brute ratel By Dark Vortex
• Brute XSS
• BushidoToken
• c-APT-ure
• c-skills
• Camille Fournier
• Capt. Meelo
• Carnal 0wnage
• Cas van Cooten
• Casey Smith
• Cassie Cage
• catnip
• cerbersec
• Chaah
• champtar.fr
• Chatter From a Charlatan
• Cheeky4N6Monkey
• Chris Mullins
• Chris Sanders
• Christophe Tafani-Dereeper
• Chuong Dong
• cinzinga
• Clever Title Goes Here
• Cloudbrothers
• Code White
• CodeColorist
• CODEINSECURITY
• Communication Breakdown
• Computer Insecurities
• Conor Richard
• Connor McGarr
• Considerations on Codecrafting
• Console Cowboys
• CornerPirate
• Count Upon Security
• covert.io
• cr0
• Crader Security
• Cronop.io
• Curmudgeonly Ways
• Cryptohack
• crysp
• csandker
• cube0x0
• Culbert Report
• CYB3RSN0RLAX
• Cyber Geeks
• Cyber Sec Nelly
• The Cyber Union
• cyber.wtf
• CyberCrime & Doing Time
• CyberKACH
• Cyberspark
• cyberstoph
• Cybher Diaries
• D20 Forensics
• Daax Rynd
• Darren Martyn
• Darryn Brownfield
• Dave Waterson on Security
• David Okeyode
• David Schutz
• DAY0
• Dazzy Ddos
• DCG 201
• Debasish Mandal’s Blog
• decidedlygray
• Decoder’s Blog
• Dejan Zelic
• DEV
• Devansh’s Blog
• DFIR and Threat Hunting
• DFIR Diva
• The DFIR Report
• DFIR TNT
• Dfreshalot
• Dhole Moments
• DiabloHorn
• Diary of a reverse-engineer
• Didier Stevens
• DigiNinja
• Digital Forensic Science
• Digital Interruption
• Digital Skill
• Dirk-jan Mollema
• discrete blogarithm
• Distributed Compute
• DMFR Security
• DoublePulsar
• downwithup
• Doyensec
• doyler.net
• dozer.nz
• DroneSec
• Dungeon of the Domain Admins
• Dynamic World
• EdOverflow
• Efiens CTF Team
• eikendev
• EliE
• elkemental Force
• Elon Gliksberg
• Emily Austin
• Enitin Blog
• ENOSUCHBLOG
• eostrix.net
• Eric Conrad
• Eric Ooi
• Errata Security
• ethicalhacking.sh
• Etienne “tek” Maynier
• THEEVILBIT
• Ex Android Dev
• Exploit
• Exploit Research Blog
• f33d by Prelude
• Fabio Pires
• Faith
• Falling Forward
• flawed.net.nz
• Forensics | Exchange
• Forrest Orr
• Four Zero Three
• FrizN
• Fumik0_’s box
• Futurelopment
• Fuxsocy
• Fuzzing Science
• Gamozo Labs
• gccybermonks
• Geek Freak
• Geek Girl
• Georgia Crossland
• Go350
• GoggleHeadedHacker
• Gokberk Yaltirakli
• Good Debate
• goswamiijaya
• got 0day?
• Grapl
• Gravitywall Blog
• The Grey Corner
• GrimBins
• GrimmzSec
• Guillaume Quere
• gynvael.coldwind//vx.log
• Haacked
• Haboob
• hackademix.net
• HackerChai
• Hackerman’s Hacking Tutorials
• Hacking & Coffee
• Hacking Articles
• Hacking Exposed Computer Forensics
• hackndo
• hackso.me
• HackTricks
• Haft of the Spear
• Haider Mahmood
• Hanno’s blog
• HanseSecure
• harmj0y
• Harsh Bothra
• hasherezade’s 1001 nights
• Hatena Blog
• hatless1der
• Hausec
• HAXOLOT.com
• Hella Secure
• Hexacorn
• hexatomium
• HighOn.Coffee
• Himanshu Khokhar
• HOLDMYBEER
• Home of Pierre
• homjxi03
• Honoki
• Hop Infosec
• HoyaHaxa
• HTTP418 InfoSec
• The Human Machine Interface
• HuskyHacks
• Ian Barwise
• Ian Carroll
• Ian Duffy
• iamelli0t
• Iandave’s Blog
• Igor’s Blog
• ijustwannaredteam
• ikuamike.io
• Ilan Kalendarov
• Ilya Kobzar
• imp0rtp3
• ImperialViolet
• incolumitas
• independent security evaluators
• InfosecMatter
• InfoSecSherpa
• InfosecVidya
• init infosec
• initblog.com
• INPUTZERO
• insec.life
• Introvert Mac
• Intruder
• Intrusion Truth
• Isira Adithya
• Istvan Toth
• IT Security Expert Blog
• itm4n
• iwantmore.pizza
• Jack
• Jack Baylor
• Jack Hacks
• Jackson_T and this
• Jacob Kaplan-Moss
• Jake Creps
• James Coote
• Jan0ski’s Security Blog
• Jean-Christoph von Oertzen
• Jeff Codes Things
• JeffSoh on NetSec
• Jelle van der Waa
• Jemma Issroff
• JerryGamblin
• Jesse Li
• Joe Security Blog
• Joel Cantu
• joeware
• Johannes Bader
• Johnny Yu
• John Hubbard
• John Jackson
• John Woodman’s Security Blog
• joonas.fi
• Joran Honig
• Jordan Potti
• Jordan Wright
• Jorge Lajara
• Josh Fam
• joshuamasek
• Jon’s Site
• JPCERT
• JPMinty
• JTNYDV
• Jump ESP, jump!
• k3170
• kali null
• Kamil Vavra
• Kat Traxler - Taste the IAM
• Katana Security
• kewde
• Kleptocratic
• klrgrz
• Knightsbr1dge
• Krishna Sai Marella
• Krypt3ia
• Kyle B3nac
• kyleavery
• L3o
• Lab of a Penetration Tester
• Laconic Wolf
• LastStandSecurity
• Latacora
• Laurent Gaffie
• Learning by practicing
• Ledger Donjon
• Lee Holmes
• leethax0.rs
• Lenny Zeltser
• Lets Automate It
• leucosite
• Level Up Info Sec
• Life In Hex
• Light Blue Touchpaper
• LiquidSec
• Little Man In My Head
• lkmidas
• LockBoxx
• Lost In Security
• Luan Herrera
• Luatix
• LuemmelSec
• Luigi Auriemma
• Luke Craig
• M4t35Z’s blog
• Madhav Bhatt
• MakoSec
• malicious.link | boot mubix.kernel
• MalTrak
• Malware Maloney
• Malware Musings
• Malware Must Die!
• Manas Harsh
• Manchester Grey Hats
• mannharleen
• mannulinux
• Marcelle Lee
• Marcus Edmondson
• markitzeroday.com
• Mathy Vanhoef
• Max Kersten
• Maxwell Dulin
• Mazin Ahmed
• Mehmet Ergene
• Menasec
• Michael Hidalgo
• Michael Koczwara
• Mickey’s Blogs
• Microsoft 365 Security
• Mindslaves Blog
• MisterK
• mjg59
• modexp
• Monke’s Cybersecurity Blog
• MOV AX, BX
• movq %rax, %rax
• MSKB(en)
• Musings of a cat torturer
• Mutawakkil Abduldafe
• Muzec’s Cyber Security Blog
• N1ght-W0lf
• Nafiez
• napongizero
• Nasreddine Bencherchali
• Naveen Prakaasham K S V
• neodymiumphi
• neonprimetime security
• NetSec Focus
• netsparker
• Nick Frichette
• NickstaDB
• Niemand
• Nightwatch Cybersecurity
• NixIntel
• N00PY BLOG
• n0nuser
• No Security
• no-sec.net
• Noah Lab
• Noob to !Noob
• NoRed0x
• NotOnly.Owner
• NotRickyy
• NotSoSecure
• Null Sweep
• nuxx.net
• NVISO Labs
• OA Labs
• Obum Chidi
• Offensive Defence
• Offensive OSINT
• OllieJC
• Omar Minawi
• Omer Levi Hevroni
• Omespino
• On Web-Security and -Insecurity
• Open Source DFIR
• Open Source Security
• Open Threat Research Blog
• Opinionated Security
• Orange
• Orwa Atyat
• OSINT ME
• OSINTCurio.us
• Overreacted
• Owlspace
• oxis
• PassTheHashBrowns
• pat_h/to/file
• Patrik Fehrenbach
• Patrik Hudak
• Patterns in the Void
• paulch blog
• Paulos Yibelo
• Paulsec
• Pavel Yosifovich
• Pawl Rzepa
• PC’s Xcetra Support
• Peew.pw
• Pentest.blog
• Penetration Testing Lab
• Pentest Laboratories
• peter.website
• PeterJson
• pewpewthespells
• Phillipe Harewood
• pi3 blog
• Piyush Paliwal
• Podalirius
• pwn.vg
• pwning.systems
• pwnshift
• Pwntario Team Blog
• QTNKSR
• r0tbra1n
• Raashid Bhat
• Raffael Marty
• Rainbow & Unicorn
• Raj Chandel
• Ralph’s Security Blog
• Random Stuff about CyberSecurity
• Random stuff by yappare
• Randy Westergren
• Rasta Mouse
• Rayhan0x01’s Blog
• RCE Endeavors
• RE & Sec Blog
• Recipe for Root
• The Recurity Lablog
• Red Team Adventures
• Red Team Blog
• Red Team Tips
• Red Timmy Security
• Red xor Blue
• RedBlue42
• RedPacket Security
• RedTeam Pentesting GmbH
• Redteams.net
• Redteam.pl
• Red Timmy Security
• Renganathan
• Ret2Pwn
• RET2Systems
• Reverse Engineering
• Reverse Engineering Malware
• Rewanth Tammana
• ReWolf’s blog
• rez0
• Ring 0 Labs
• Ring 0x00
• Risk & Cybersecurity
• Robert Chen
• Robert Heaton
• Robin’s Random Rants
• Rolando Anton
• Romain Thomas
• Roman Riis
• RootDSE
• Rootkit
• RootSecDev
• ropnop
• Ross Marks
• Rounds with the Night Watchman
• Ryan Walker
• RyotaK’s Blog
• S0lden’s Laboratory
• S1l3ntK1ll3r
• s3cur3th1ssh1t
• Sage Knows IT
• Sam Curry
• Sam’s Hacking Wonderland
• Samuel Klein
• Sankalp Sharma
• sannemaasakkers
• Sarathkumar Rajendran
• Satoshi’s note
• Scary Beast Security
• Schneier on Security
• Scott Hanselman
• Script Dotsh
• SCRT Information Security
• Sean Heelan
• secjuice
• Secret Club
• Sector035
• Secure coding and more
• Securehat
• Secure Honey
• Securifera
• SecurityGOAT
• secureITmania
• Security Affairs
• Security Artwork
• Security for Real People
• Security Jawn
• Security Kiwi
• Security Knowledge Base
• Security Obscurity
• Security Queens
• Security Soup
• SecurityXploded
• Seguranca Informatica
• Sen Security
• SeniorDBA
• SerHack
• Shahrukh Iqbal Mirza
• Shawar Khan
• Sheeraz Ali
• Shell is only the Beginning
• shell&co
• Shells.Systems
• shellsharks
• Shenanigans Labs
• Shishir’s Blog
• SHORTJUMP!
• Shubham Shah
• Signs of Triviality
• Silent Signal
• Silicon Exposed
• Simon Willison’s Blog
• SirLeeroyJenkins
• Sjoerd Langkemper
• Sketchymoose
• SkullSecurity
• SlashCrypto
• Smaran Chand
• Sneaky Monkey
• SNORLAX Cybersecurity
• SolomonSklash.io
• Somdev Sangwan
• Source Incite
• spaceraccoon.dev
• spookysec
• spotrlabs
• Staaldraad
• StarkeBlog
• Stealing the Network
• Stealthcopter
• Steflan
• Steve on Security
• StillzTech
• Store Halfword Byte-Reverse Indexed
• Stratum Security
• stux
• Sublime Security
• Suchi Pahi
• sudoutopia
• svch0st
• swagitda
• SySS Tech Blog
• System Overlord
• Ta Ethika
• TaoSecurity
• TASZK
• Tavis Ormandy
• Team Hydra
• Team Rot
• Team-53 InfoSec Blog
• TechAnarchy
• Techorganic
• Teddy Katz
• terminal23.net
• The Binary Hick
• The Desolation of Blog
• The Security Noob.
• THEEVILBIT
• The Zero Hack
• the-deniss
• thefluffy007
• TheInfoSecPhoenix
• ThinkDFIR
• This Week In 4N6
• thomfre.dev
• Thoughts for this World
• Threat Blog
• Threat Hunter Girl
• Tilting at windmills
• Tim MalcomVetter
• Tim Neilen
• TISIPHONE.NET
• tl;dr sec
• TMZ Lair - Underground Coding
• Tobias Klein
• Trail of Bits
• Trevor saudi
• Tribal Chicken
• Troy Hunt
• TrueSec
• TrustedSec
• Tyranid’s Lair
• uf0 | Matteo Malvica
• Ultimate Security Professional Blog
• UndedInside
• undev.ninja
• unix ninja
• Valeriy Shevchenko
• Valtteri Lehtinen
• vanimpe
• Velociraptor IR
• vext.info
• Vincent Van Mieghem
• Vincent Yiu
• VinCSS Blog
• Virtue Security
• Vlad Iliescu
• Voidsec
• wald0
• War Room
• We Hack People
• Web Security Geeks
• WebBreacher
• WebSec
• Weister Creek Information Security
• What2Log
• WHEREISK0SHL
• Will’s Root
• Wojciech Reguta
• wondersmith_rae
• Worth Doing Badly
• WhyNotSecurity
• Wilbur Security
• Wildfire Labs
• Will Butler
• William Knowles
• Windows Deep Internals
• with knowledge comes power
• WP deeply
• Wrongbaud
• wumb0.in(g)
• wunderwuzzi blog
• xkln.net
• xohan30
• xorl %eax, %eax
• XPN
• Yan1x0s
• Yassir
• yoshi m lutfi
• Youssef Sammouda
• Z-r0crypt
• zapb.de
• Zemnmez
• Zena Forensics
• ZeroSec
• zerosum0x0
• Zeta Two
• zhuanlan
• Zon8 Research
• zseano

Commercial Blogs

• 0ffset
• 360 Total Security
• Abnormal Security
• AboutDFIR
• Abuse|ch
• Accenture Cyber defense blog
• Active Countermeasures
• Ada Logics
• Airbus Security Lab
• Akamai
• Aleph Research
• Altered Security
• Ambionics Security
• The Antisocial Engineer
• Anvil Secure
• AppOmni
• Appsecco
• Armis
• Arsenal Recon
• AssetNote
• AT&T Cybersecurity
• Atredis
• Avanan
• Bad Sector Labs
• BCSecurity
• BHConsulting
• Binarly
• BinaryNinja
• BlackArrow
• Black Hills Information Security
• Blueliv
• Bugcrowd
• CATONetworks
• censorship.ai
• Check Point
• Check Point Research
• The Citizen Lab
• ClearSky Cyber Security
• Coalfire
• Cobalt Strike
• Cobalt.io
• Codingo
• Compass Security Blog
• Confiant
• Context Accenture
• Contrast Security
• CoreSecurity
• Counter Craft
• CQURE Academy
• Crossroads Information Security www
• CujoAI
• Cyber Sophia
• Cyber Threat Alliance
• Cyberark
• CyberBit
• Cybereason
• Cyberint
• Cybervore
• Cyble
• Cyllective
• Cymptom
• Cymulate
• Cypherowl
• Decoded Avast.io
• DeepInstinct
• Depth Security
• Detectify
• Dolos Group
• Dr.WEB Anti-virus
• Dragos
• DreamLab Technologies
• Duo
• Eclypsium
• eForensics Magazine
• ElcomSoft
• EMSISOFT
• Ethereum Foundation
• Exodus Intelligence
• Expel.io
• Facebook Engineering
• F-Secure Labs
• Fidus Information Security
• FireEye
• Forescout
• Fortinet
• FortyNorth Security
• GoSecure
• Grey Hat Developer
• Grimm
• grsecurity
• Guardicore
• Guidepoint Security
• hackerone
• Hackers-Arise
• HACKLIDO
• HackTheBox
• Hakin9
• Hardened Vault
• Hex-Rays
• Hive Systems
• hn security
• The Honeynet Project
• Huntress
• IANS
• Immunity Services
• Include Security
• INCOG.HOST
• InQuest
• Insomnia
• IntelTechniques
• Intezer
• Intigriti
• iosiro
• JBCsec
• Jumpsec
• Kali
• Kaspersky Daily
• Kroll
• Kryptos Logic
• Kudelski Security Research
• Lares
• Leviathan Security Group
• Mattermost
• matrix
• McAfee
• MDSec
• Microsoft Security
• Mimecast
• Minded Security
• Minerva
• MITRE ATT&CK
• Morphisec
• moz://a Hacks
• Mozilla
• National Cyber Security Centre
• nccgroup
• The Netflix Tech Blog
• NETRESEC
• NetSec Focus
• NETSPI
• Network Intelligence
• Nextron Systems
• NinjaLab
• Nozomi Networks
• Objective-See
• OccamSec
• Offensive Security
• Onapsis
• Optiv
• Orange Cyberdefense
• Oso
• Outflank
• Oversecured
• Palo Alto
• Payatu
• PentaGrid
• PenTest Magazine
• Perfecto
• perimeterx
• phishdeck
• PhishLabs
• Phylum
• PixiePoint Security
• Porchetta Industries
• PortSwigger
• Positive Security
• praetorian
• Project Zero
• Proofpoint
• PT SWARM
• Qrator Labs
• Qualys
• Quarkslab
• raelize
• RandoriSec
• Recon Infosec
• Red Canary
• RedCode
• RedHunt Labs
• RedSiege
• ReversingLabs
• Rhino Security Labs
• RiskIQ
• River Security
• RSA
• Rumble.run
• S2W
• SANS
• SANS Internet Storm Center
• Scorpiones
• ScriptJunkie
• Scythe
• sdmsoftware
• Secfault Security
• Sector7
• SecureAuth
• SecureCoding
• SecureLayer7
• Securify
• securit.ie
• securitum
• Security Onion
• Security Sting
• Securosis
• Semgrep
• SentinelOne
• Sevagas
• SEVN-X
• Shielder
• ShiftLeft
• Sick.Codes
• Sidechannel
• Slayer Labs
• SOCPRIME
• Sonarsource
• Sonatype
• SORS
• SpecterOps
• Spiderfoot
• SpiderLabs
• Splunk
• Star Labs
• SwordBytes
• SYNDIS
• Synopsys
• Syntax Bearror
• Sysdig
• Talos
• TCM Security
• Team Cymru
• Teleport
• Tenable
• Tenable Techblog
• Tencent Security
• Tetrane
• Thinkst
• ThreatConnect
• ThreatSTOP
• TRENDMicro
• Trimarc
• TrueSec
• Trustwave
• Uptycs
• VDA Labs
• Versprite
• VetSec
• Volatility Labs
• Volexity
• White Oak Security
• WhiteSource
• Wiz
• The Zap Blog
• ZecOps
• Zimperium’s Mobile Security Blog
• Zolder
• ZX Security

Writeup Blogs

• Bug Hunters Reports | Google
• devcraft.io
• hxp
• Khaotic
• Mohamed Chamli
• Pwnistry

Aggro Sites

• blackmoreops
• BleepingComputer
• Blue Team News
• Cyber Security News
• Cybersecurity Insiders
• CyberSecurity Log
• CyberTalk
• CyberThreat Intelligence
• DARKReading
• Data Breach Today
• Graham Cluley
• The Hacker News
• HELPNETSECURITY
• Irongeek
• KrebsonSecurity
• Malware.news
• Naked Security
• secjuice
• Security Affairs
• Security Boulevard
• Security Intelligence
• Security Weekly
• skopenow
• Telsy
• threatpost