Skip to content

Obscure Resources#

The resources here are less frequently cited in mainstream security discussions. They cover niche perspectives, specialized communities, and primary sources that are harder to find but often higher quality than general-purpose aggregators.

Niche Blogs and Personal Sites#

  • Digital Bond Blog Archive — Dale Peterson's original ICS security blog from before S4 grew into a major conference. Posts from the early 2010s contain foundational thinking on ICS risk that is still relevant.
  • Automatak Blog — Adam Crain's blog on ICS protocol security, particularly DNP3. His fuzzing work revealed a class of vulnerabilities in DNP3 implementations across multiple vendors.
  • Russ McRee (HolisticInfoSec) — Long-running practitioner blog covering toolsmith posts, threat hunting, and security operations. Consistently detailed and technically grounded.
  • Lenny Zeltser's Blog — SANS Faculty Fellow and practitioner. Posts on malware analysis, security career development, and practical security tools. His cheat sheets are widely referenced.

Newsletters and Mailing Lists#

  • Risky Business — Weekly security podcast and newsletter by Patrick Gray. Interviews practitioners, covers current events, and is more analytically rigorous than most news-focused outlets. Free to subscribe.
  • tl;dr sec — Weekly newsletter curating security articles, tools, and talks. Strong coverage of cloud, appsec, and red team topics. High signal-to-noise ratio.
  • SANS NewsBites — Twice-weekly security news digest with expert commentary. Includes ICS/OT items and is free to subscribe.

Mastodon and Federated Accounts#

  • infosec.exchange — The most active Mastodon instance for security practitioners. Many researchers who have reduced their Twitter/X presence maintain active accounts here.
  • @cR0w@infosec.exchange — ICS security practitioner with regular posts on OT vulnerabilities, ICS tooling, and control system defense.

Smaller Communities and Forums#

  • Hack Forums (security subforums) — Varies widely in quality, but some technical subforums contain genuine practitioner discussion. Approach with discernment.
  • EEVblog Forums — Electronics engineering forum. Highly relevant for hardware security research, reverse engineering embedded devices, and understanding industrial electronics. Not explicitly security-focused, but a useful cross-disciplinary resource.

Archives and Primary Sources#

  • Phrack Magazine — Long-running underground technical publication. Articles from the 1980s onward document the development of offensive security techniques from first principles. Some of the most technically rigorous writing in the field.
  • Full Disclosure Mailing List Archive — Archive of the Full Disclosure vulnerability mailing list. Primary source for raw vulnerability disclosures, often before CVE assignment. Useful for understanding how the disclosure ecosystem works.
  • Packet Storm Security — Archive of exploits, advisories, tools, and whitepapers going back decades. Useful as a historical reference for vulnerability research.
  • The Exploit Database (Exploit-DB) — Maintained by Offensive Security, this is the canonical archive of public exploits. The Google Hacking Database (GHDB) section is especially relevant for OSINT research.

Standards and Specifications#

  • IEC 62443 Standard Overview — The international standard series for industrial cybersecurity. The full standard requires purchase, but overview documents and implementation guides are available. Understanding 62443 is increasingly expected in industrial security roles.
  • NERC CIP Standards — Mandatory cybersecurity standards for the North American bulk electric system. Publicly available and provide detailed requirements for OT environments in the energy sector.
  • NIST SP 800-82 — NIST guide to OT security. Free, authoritative, and comprehensive. Essential reading for anyone working on or toward ICS security.