Skip to content

Researchers#

The people and organizations listed here have made substantial public contributions to red teaming, OT/ICS security, physical security research, or adjacent fields.

Red Teaming and Adversary Simulation#

  • Joe Vest — Author of Red Team Development and Operations and co-founder of the Red Team Journal. His work on structuring and maturing red team programs is foundational reading.
  • Chris Truncer — Contributor to several open-source red team tools including Veil-Framework. Useful for understanding post-exploitation tradecraft in a research context.
  • Raphael Mudge — Creator of Cobalt Strike and author of extensive documentation on adversary simulation concepts. His archived blog posts are widely used in red team training.
  • Will Schroeder (@harmj0y) — Core contributor to BloodHound and PowerSploit. Research on Active Directory attack paths has influenced how organizations approach identity security.

OT/ICS Security#

  • Ralph Langner — Independent ICS security researcher known for the first public technical analysis of Stuxnet. His writing on ICS-specific threat modeling is still relevant.
  • Sean McBride — Part of Claroty's Team82 research group, which publishes detailed ICS and IoT vulnerability research.
  • Dale Peterson — Founder of Digital Bond and the S4 conference. Long-standing voice in ICS security with a focus on critical infrastructure risk.
  • Marina Krotofil — Researcher specializing in process control system attacks, particularly in how cyberattacks can manipulate industrial processes with physical consequences.
  • CISA ICS-CERT — Official US government source for ICS vulnerability advisories, incident response guidance, and recommended practices. Every ICS practitioner should monitor their advisories.

Physical Security Research#

  • Deviant Ollam — Physical penetration tester and speaker known for practical work on locks, access control, and physical red teaming. Regularly presents at DEF CON and other major conferences.
  • LockPickingLawyer (YouTube) — Produces detailed lock analysis videos that serve as practical references for understanding lock security ratings and vulnerabilities.
  • Han Fey — Dutch locksport researcher and TOOOL contributor with published work on bump key vulnerabilities and impressioning techniques.

Security Research Organizations and Labs#

  • Dragos — ICS-focused threat intelligence firm. Their public threat reports on adversary groups targeting industrial environments are among the most detailed available.
  • Claroty Team82 — Publishes regular vulnerability research on OT, IoT, and building management systems. Technical write-ups are well-documented and reproducible.
  • Mandiant (Google) — Incident response firm with extensive published research on threat actor TTPs, including ICS-targeting groups like SANDWORM.
  • SANS ICS — Publishes practitioner-focused ICS security content, curriculum, and posters. The SANS ICS curriculum is a respected credential path.
  • Idaho National Laboratory (INL) — National lab conducting ICS and critical infrastructure cybersecurity research. Publishes open reports on control system risk and resilience.

Notable Authors and Publishers#

  • Kim Zetter — Investigative journalist and author of Countdown to Zero Day, the definitive account of Stuxnet. Essential reading for understanding real-world ICS attacks.
  • Andy GreenbergWired journalist and author of Sandworm, which covers the most destructive cyberattacks in history. Bridges technical and policy perspectives.
  • The MITRE Corporation — Developers of the ATT&CK framework and ATT&CK for ICS. Essential reference for mapping adversary behavior to detection and defense strategies.