I was inspired by a recent tweet to compile a master-list of infosec-related blogs. Of course I knew this would turn up quite a few results but I’ve really been amazed by how much is out there! Infosec blogs of all shapes and sizes are out there in the wild and I want to find ‘em all. Will try to keep this up-to-date as I run across new sites. I’ve split it into blogs from “individuals” versus those run by larger commercial organizations. If i’m missing one you know of, or it’s your blog that is missing, please contact me!

For anyone interested, I’ve made available my exported .opml file (last exported June 3, 2021) with the sources listed below. You can import this into the RSS reader of your choice! Personally, I use Feedly and can highly recommend the service. (I will try to update this export semi-regularly).

Boutique Security Blogs

./s1gh.sh
#_shellintel
/dev/null
/dev/random
/Jenn
0DAY
0patch
0x00sec
0x240x23elu
0x41414141 in ?? ()
0xdf hacks stuff
0xhuesca
0xInfection
0xthreatintel
1 t0 Zero
A Few Thoughts on Cryptographic Engineering
Aboullaite Med
ADD / XOR / ROL
Adepts of 0xCC
Aditya Verma
affinesecurity
AFINE
AGDC Security
AidenPearce369 github.io
AK>
Akshita Gupta
aldeid
Alex Chapman
Alex Ionescu’s Blog
Alex Studer
Alexander Popov
Alexander V. Leonov
All About OSCP
All Things Time Related…
All Your Base Are Belong To Me
Almond Offensive Security Blog
Alice Goldfuss
Alpha Cyber Security
Alsid
An Analytical Approach
Andrea Fortuna
Andy Piazza
apjone
AppSec Monkey
Arch Cloud Labs
Artem Kondratenko
Artificial truth
arty-hlr
Ash King
Ashley Pearson
Astr0baby
AtomicNico
Attack Debris
Attactics
avasdream
Ax1al
Bad Sector Labs
badbit.vc
Baker Street Forensics
Bastian Bloessl
batsec
BBQSec
BEELOG
BelovedTech
<Ben>
Ben Prime
Bend Theory
better appsec
Bill’s Blog
Binary Debt
Binary’s Blog
BishopFox
The Bit Explorer
Bits of Security
Bitsadmin
Black Swan Security
Blah Cats
Blog of Osanda
BLOG_TITLE
Blue Team Blog
Bogner.sh
bohops
boku7
BreakDev
Brett Buerhaus
Brute XSS
BushidoToken
c-APT-ure
c-skills
Camille Fournier
Carnal 0wnage
Cas van Cooten
Cassie Cage
catnip
Chaah
champtar.fr
Chatter From a Charlatan
Chris Mullins
Chris Sanders
Christophe Tafani-Dereeper
Clever Title Goes Here
Code White
CodeColorist
CODEINSECURITY
Communication Breakdown
Computer Insecurities
Conor Richard
Connor McGarr
Considerations on Codecrafting
Console Cowboys
CornerPirate
covert.io
cr0
Cronop.io
Cryptohack
crysp
csandker
cube0x0
Cyber Sec Nelly
cyber.wtf
CyberKACH
Cybher Diaries
D20 Forensics
Daax Rynd
Darryn Brownfield
David Schutz
DAY0
DCG 201
Debasish Mandal’s Blog
Decoder’s Blog
Dejan Zelic
DEV
DFIR Diva
The DFIR Report
DFIR TNT
Dfreshalot
Dhole Moments
DiabloHorn
Diary of a reverse-engineer
Didier Stevens
DigiNinja
Digital Forensic Science
Digital Interruption
Digital Skill
DMFR Security
DoublePulsar
downwithup
Doyensec
doyler.net
DroneSec
Dungeon of the Domain Admins
Dynamic World
EdOverflow
Efiens CTF Team
eikendev
EliE
Emily Austin
Enitin Blog
eostrix.net
Eric Conrad
Errata Security
ethicalhacking.sh
Etienne “tek” Maynier
THEEVILBIT
Ex Android Dev
Exploit Research Blog
f33d by Prelude
Fabio Pires
Faith
Falling Forward
flawed.net.nz
Forensics | Exchange
Forrest Orr
Four Zero Three
FrizN
Futurelopment
Fuxsocy
Gamozo Labs
gccybermonks
Geek Girl
Georgia Crossland
Go350
GoggleHeadedHacker
Gokberk Yaltirakli
Good Debate
goswamiijaya
got 0day?
Haacked
hackademix.net
Hackerman’s Hacking Tutorials
Hacking & Coffee
Hacking Articles
Hacking Exposed Computer Forensics
hackndo
HackTricks
Haft of the Spear
HanseSecure
Harsh Bothra
hasherezade’s 1001 nights
hatless1der
Hausec
Hella Secure
Hexacorn
hexatomium
HighOn.Coffee
HOLDMYBEER
homjxi03
Honoki
Hop Infosec
The Human Machine Interface
Ian Barwise
Ian Carroll
Ian Duffy
iamelli0t
Iandave’s Blog
ijustwannaredteam
ikuamike.io
Ilan Kalendarov
ImperialViolet
incolumitas
independent security evaluators
InfosecMatter
InfoSecSherpa
InfosecVidya
init infosec
INPUTZERO
insec.life
Introvert Mac
Intruder
Istvan Toth
IT Security Expert Blog
itm4n
Jack
Jack Baylor
Jack Hacks
Jake Creps
Jan0ski’s Security Blog
Jeff Codes Things
JeffSoh on NetSec
Jelle van der Waa
Jemma Issroff
JerryGamblin
Joe Security Blog
Joel Cantu
joeware
Johannes Bader
Johnny Yu
John Jackson
John Woodman’s Security Blog
Joran Honig
Jordan Potti
Jordan Wright
Josh Fam
joshuamasek
Jon’s Site
JPMinty
JTNYDV
Jump ESP, jump!
k3170
kali null
Kamil Vavra
Katana Security
kewde
klrgrz
Knightsbr1dge
Krishna Sai Marella
Kyle B3nac
Lab of a Penetration Tester
Laconic Wolf
LastStandSecurity
Latacora
Laurent Gaffie
Learning by practicing
Lee Holmes
leethax0.rs
Lenny Zeltser
Lets Automate It
Level Up Info Sec
LiquidSec
Little Man In My Head
lkmidas
LockBoxx
Lost In Security
Luan Herrera
LuemmelSec
Luigi Auriemma
Luke Craig
M4t35Z’s blog
MakoSec
Malware Maloney
Malware Musings
Manas Harsh
Manchester Grey Hats
mannulinux
Marcelle Lee
Marcus Edmondson
markitzeroday.com
Mathy Vanhoef
Max Kersten
Mazin Ahmed
Menasec
Mindslaves Blog
MisterK
mjg59
modexp
MOV AX, BX
MSKB(en)
Musings of a cat torturer
Mutawakkil Abduldafe
Muzec’s Cyber Security Blog
N1ght-W0lf
Nasreddine Bencherchali
Naveen Prakaasham K S V
neodymiumphi
neonprimetime security
NetSec Focus
netsparker
Nick Frichette
NickstaDB
Niemand
Nightwatch Cybersecurity
NixIntel
N00PY BLOG
n0nuser
No Security
no-sec.net
Noob to !Noob
NotSoSecure
Null Sweep
nuxx.net
NVISO Labs
OA Labs
Obum Chidi
Offensive Defence
Offensive OSINT
Omar Minawi
Omer Levi Hevroni
On Web-Security and -Insecurity
Open Source DFIR
Open Source Security
Open Threat Research Blog
Opinionated Security
Orange
OSINT ME
OSINTCurio.us
Owlspace
oxis
PassTheHashBrowns
pat_h/to/file
Patrik Fehrenbach
Patrik Hudak
Patterns in the Void
Paulos Yibelo
Paulsec
PC’s Xcetra Support
Peew.pw
Pentest.blog
Penetration Testing Lab
Pentest Laboratories
Phillipe Harewood
pi3 blog
pwn.vg
pwning.systems
Pwntario Team Blog
QTNKSR
Raashid Bhat
Raffael Marty
Ralph’s Security Blog
Random stuff by yappare
Rasta Mouse
RE & Sec Blog
Recipe for Root
The Recurity Lablog
Red Team Adventures
Red Team Tips
Red Timmy Security
Red xor Blue
RedBlue42
RedPacket Security
RedTeam Pentesting GmbH
Redteams.net
Redteam.pl
Red Timmy Security
RET2Systems
Reverse Engineering
Reverse Engineering Malware
ReWolf’s blog
rez0
Ring 0 Labs
Risk & Cybersecurity
Robin’s Random Rants
Rolando Anton
Roman Riis
Rootkit
ropnop
Ross Marks
Rounds with the Night Watchman
Ryan Walker
S0lden’s Laboratory
s3cur3th1ssh1t
Sage Knows IT
Sam Curry
Sam’s Hacking Wonderland
Samuel Klein
Sankalp Sharma
Schneier on Security
Scott Hanselman
Script Dotsh
SCRT Information Security
Sean Heelan
secjuice
Secret Club
Sector035
Secure coding and more
Securehat
Securifera
secureITmania
Security Affairs
Security Artwork
Security for Real People
Security Jawn
Security Kiwi
Security Obscurity
Security Queens
Security Soup
SecurityXploded
Sen Security
SeniorDBA
SerHack
Shahrukh Iqbal Mirza
Shawar Khan
Sheeraz Ali
Shell is only the Beginning
shell&co
Shells.Systems
shellsharks
Shishir’s Blog
SHORTJUMP!
Signs of Triviality
Silent Signal
Silicon Exposed
SirLeeroyJenkins
Sjoerd Langkemper
Sketchymoose
SkullSecurity
SlashCrypto
Smaran Chand
Sneaky Monkey
SNORLAX Cybersecurity
Somdev Sangwan
Source Incite
spaceraccoon.dev
spotrlabs
Staaldraad
StarkeBlog
Stealing the Network
Stealthcopter
Steflan
Steve on Security
StillzTech
Stratum Security
stux
Sublime Security
Suchi Pahi
sudoutopia
svch0st
System Overlord
Ta Ethika
TaoSecurity
TASZK
Tavis Ormandy
Team Hydra
Team Rot
Team-53 InfoSec Blog
Techorganic
Teddy Katz
terminal23.net
The Binary Hick
The Desolation of Blog
THEEVILBIT
The Zero Hack
the-deniss
thefluffy007
TheInfoSecPhoenix
This Week In 4N6
Thoughts for this World
Threat Blog
Threat Hunter Girl
Tilting at windmills
Tim MalcomVetter
Tim Neilen
TISIPHONE.NET
tl;dr sec
TMZ Lair - Underground Coding
Trail of Bits
Trevor saudi
Troy Hunt
TrustedSec
Tyranid’s Lair
Ultimate Security Professional Blog
UndedInside
undev.ninja
unix ninja
vanimpe
vext.info
Vincent Van Mieghem
Vincent Yiu
Virtue Security
Voidsec
wald0
War Room
We Hack People
Web Security Geeks
WebBreacher
Weister Creek Information Security
WHEREISK0SHL
Worth Doing Badly
WhyNotSecurity
Wilbur Security
Wildfire Labs
Will Butler
Windows Deep Internals
with knowledge comes power
WP deeply
Wrongbaud
xkln.net
xohan30
xorl %eax, %eax
XPN
Youssef Sammouda
zapb.de
Zena Forensics
ZeroSec
zerosum0x0
Zeta Two
Zon8 Research

Commercial Blogs

Active Countermeasures
Ada Logics
Aleph Research
Ambionics Security
Arsenal Recon
AssetNote
Atredis
BHConsulting
BinaryNinja
BlackArrow
Black Hills Information Security
Bugcrowd
CATONetworks
Coalfire
Cobalt Strike
Cobalt.io
Codingo
Confiant
Context Accenture
CQURE Academy
CujoAI
Cyber Sophia
Cyllective
Cymptom
Cypherowl
DeepInstinct
Detectify
Ethereum Foundation
Exodus Intelligence
F-Secure Labs
FireEye
FortyNorth Security
Grey Hat Developer
Grimm
hackerone
HackTheBox
Hex-Rays
Include Security
INCOG.HOST
Intezer
JBCsec
Jumpsec
Kudelski Security Research
Leviathan Security Group
Mattermost
MDSec
Microsoft Security
Mimecast
Minded Security
Morphisec
Mozilla
Naked Security
nccgroup
NETRESEC
NetSec Focus
NETSPI
Network Intelligence
Nextron Systems
NinjaLab
Objective-See
Offensive Security
Onapsis
Optiv
Orange Cyberdefense
Outflank
Palo Alto
Payatu
PentaGrid
phishdeck
PortSwigger
praetorian
Project Zero
PT SWARM
Qualys
Quarkslab
raelize
Red Canary
RedCode
RedHunt Labs
RedSiege
Rhino Security Labs
SANS
Scorpiones
ScriptJunkie
Scythe
sdmsoftware
SecureAuth
SecureCoding
SecureLayer7
securit.ie
Security Onion
Security Sting
Securosis
Semgrep
SentinelOne
Sevagas
SEVN-X
Shielder
Sick.Codes
Slayer Labs
SpecterOps
SwordBytes
Synopsys
Syntax Bearror
Sysdig
Talos
TCM Security
Tenable
Tencent Security
The Antisocial Engineer
ThreatConnect
TrueSec
Trustwave
Uptycs
VDA Labs
Versprite
VetSec
Volatility Labs
Volexity
WhiteSource
The Zap Blog
ZecOps
ZX Security

Writeups

devcraft.io
hxp
Khaotic
Pwnistry