LIVE
Franz // 2026
1.0.0
SEC//RESOURCES
practical · hands-on · opinionated — no fluff, no FUD
Writeups, Research & Deep Dives the real stuff
Project Zero Blog HOT
googleprojectzero.blogspot.com
Google’s elite vuln research team. Every post is a masterclass — browser exploits, kernel bugs, 0-days, full technical breakdowns. Dense but essential reading.
ZDI Blog
zerodayinitiative.com/blog
Trend Micro’s vuln acquisition program publishes detailed technical analyses of the bugs they buy. Great for patch-gap research and understanding real-world vuln classes.
PortSwigger Research HOT
portswigger.net/research
The Burp Suite folks publish groundbreaking web security research. HTTP desync, web cache poisoning, prototype pollution — techniques invented here before everyone else catches up.
ret2 Systems Blog
blog.ret2.io
Deeply technical binary exploitation write-ups from the team behind the ret2 training platform. Heap exploitation, kernel pwn, browser internals — no hand-holding.
Windows Internals Blog
windows-internals.com
Andrea Allievi and friends digging deep into Windows kernel internals — process/thread mechanics, security features, driver model. Companion to the book series.
CTFtime Writeups
ctftime.org/writeups
CTFtime aggregates writeups from every major competition. Filter by category — pwn, web, crypto, rev. One of the best ways to learn practical exploitation techniques fast.
watchTowr Labs HOT
labs.watchtowr.com
Consistently excellent offensive research — full exploit chains, SSRF to RCE, auth bypasses in enterprise products. Quality writeups with full PoC detail and clear methodology.
NCC Group Research
research.nccgroup.com
Deep technical reports from one of the best pen-test firms. Crypto audits, hardware research, web app vulns, cloud misconfigs — broad and consistently thorough.
Noteworthy Individuals follow the person, not the brand
● ACTIVE = posting in 2024–2025  |  ◌ ARCHIVE = dormant but the backlog pays dividends
James Forshaw ● ACTIVE
tiraniddo.dev + googleprojectzero.blogspot.com
Project Zero’s Windows internals specialist. Still posting deep-dives into COM/DCOM, sandbox escapes, Windows logical EoP, and tooling (OleView.NET). Wrote the Windows Security Internals book (2024). His sandbox-attacksurface-analysis-tools repo is essential for anyone auditing Windows.
Synacktiv Team ● ACTIVE HOT
synacktiv.com/publications
French offensive security firm with one of the best public research feeds going right now. Pwn2Own regulars — VMware escape, router 0-days, iOS bugs. Recent posts cover NTLM reflection revival (CVE-2025-33073), heap exploitation on Windows 11 LFH, and ICS pen-test findings. Prolific and rigorous.
STAR Labs (SG) ● ACTIVE
starlabs.sg/blog
Singapore-based vuln research team, consistent Pwn2Own competitors. Blog covers full exploit chains — Cisco RCE via pickle deserialization, Samsung image parser bugs, Windows kernel EoP. Unusually transparent about failure and process; their year-end posts are worth reading for the craft perspective alone.
Orange Tsai ● ACTIVE HOT
blog.orange.tw
Still posting — less frequently now, but every post introduces a new class-level primitive. Chains “unexploitable” issues into full RCE; invented SSRF-to-metadata attack patterns, broke GitLab/GitHub CI with creative parser inconsistencies. His DEVCORE blog (devco.re) also worth following.
hasherezade ● ACTIVE
hasherezade.github.io
Malware analyst, pe-sieve and hollows_hunter author. Continues publishing PE internals deep-dives, process injection technique breakdowns, and new tooling via GitHub. The best free reference in malware analysis and Windows binary internals — and she keeps shipping.
Gynvael Coldwind ● ACTIVE
gynvael.coldwind.pl
Google security engineer, Dragon Sector CTF. Still streams security challenges live on YouTube and posts writeups. Covers a rare range — parsing bugs, network protocol edge cases, Python internals — with a rigorous, near-academic clarity you won’t find many places.
lcamtuf — Michal Zalewski ◌ ARCHIVE
lcamtuf.coredump.cx / lcamtuf.substack.com
Created AFL, wrote The Tangled Web. Now at a16z, no longer actively posting security research — but the old writing fundamentally rewires how you think about bug classes and tooling design. His Substack occasionally covers adjacent tech thinking. Read the archives first.
thegrugq ◌ ARCHIVE
medium.com/@thegrugq
Last substantial post 2021. OPSEC and tradecraft philosopher — how threat actors actually behave, where attribution goes wrong, what defenders misunderstand conceptually. The ideas haven’t aged badly. Read as a mental model foundation, not a current feed.
Tavis Ormandy ◌ ARCHIVE
github.com/taviso + Project Zero posts
Project Zero legend — AV engine bugs, Windows subsystem 0-days, password manager research. Went quieter on public blog output in recent years but his Project Zero posts and GitHub repos remain among the best illustrations of creative audit scope. His bug reports read like essays.
Joe FitzPatrick ◌ ARCHIVE
vividmachines.com / securinghardware.com
Hardware security researcher and educator — JTAG exploitation, supply chain attacks, implant design. Blog updates are sparse now but the training material and older posts are still the best entry point into hardware offensive security. Worth the dive given any fintech/embedded surface exposure.
Blogs — Mindset, Career & Industry Perspective how people actually think about this work
Labs, Platforms & Hands-On Practice learn by breaking things
Cool Projects, Tooling & Builder Culture people who ship things
Podcasts & Video Content for the commute and the homelab hours
Newsletters, Niche Feeds & Community stay in the loop without the noise